Analysis Overview
Threat Level: Known bad
The file https://dropmeafile.com/#4da74a3119 was found to be: Known bad.
Malicious Activity Summary
Wannacry
Suspicious use of NtCreateProcessExOtherParentProcess
Deletes shadow copies
Drops startup file
Executes dropped EXE
Reads user/profile data of web browsers
Adds Run key to start application
Sets desktop wallpaper using registry
Enumerates physical storage devices
Uses Volume Shadow Copy service COM API
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Modifies data under HKEY_USERS
Modifies registry class
Kills process with taskkill
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-18 07:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-18 07:25
Reported
2024-05-18 07:55
Platform
win7-20240221-en
Max time kernel
554s
Max time network
1719s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dropmeafile.com/#4da74a3119
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefba49758,0x7fefba49768,0x7fefba49778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=148 --field-trial-handle=1364,i,9700890312373781325,210683123211863258,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1364,i,9700890312373781325,210683123211863258,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1364,i,9700890312373781325,210683123211863258,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1364,i,9700890312373781325,210683123211863258,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1364,i,9700890312373781325,210683123211863258,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1080 --field-trial-handle=1364,i,9700890312373781325,210683123211863258,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 --field-trial-handle=1364,i,9700890312373781325,210683123211863258,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dropmeafile.com | udp |
| GB | 18.245.218.89:443 | dropmeafile.com | tcp |
| GB | 18.245.218.89:443 | dropmeafile.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | assets.lsdsoftware.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | tcp |
| GB | 99.84.9.77:443 | assets.lsdsoftware.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 18.245.218.89:443 | dropmeafile.com | tcp |
| US | 8.8.8.8:53 | support2.lsdsoftware.com | udp |
| US | 23.19.69.193:443 | support2.lsdsoftware.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 23.19.69.193:443 | support2.lsdsoftware.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 142.250.71.163:443 | beacons2.gvt2.com | tcp |
| US | 142.250.71.163:443 | beacons2.gvt2.com | tcp |
| US | 142.250.71.163:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_2236_LFVYNFAKWKWEIYSV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar6984.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 681e01bd0f3eaa8515b5a3960f8facf2 |
| SHA1 | e7b448626193892b56642ce5769baac83daecd0d |
| SHA256 | 943577c0908e966ca258409f63a9f48790ac247f08bc6171bd077b6f0e877dee |
| SHA512 | be7e06d031cde945ef4d3bb9a4865eff5f34c4f5427f72489e681f0eba33e55ca47f739ec8d7ca685b0689ff9bd74361171c5ebad21d16c1a6890a8b2efa0bfd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e30be239285dd31483128e3eb38f6754 |
| SHA1 | 5bde520920ce98764d4e069f53f965e00a4d4dd0 |
| SHA256 | 0699b710a48c3605e4c0f8c2cbd94e015567520f5f9fe4642ff4ab2e799e26f9 |
| SHA512 | bb0a18a5d53b394d1176d58921b0a134a809caa22663918dbb40e7406f3e7dd47bbd8159d300e53019b99590e7c68ae8440143cac27867f49b998ff1c55413d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e2e8b665b78d4021bb9f5533ba366704 |
| SHA1 | 9be1e0b01f075162b665478cd9289a79ea1a03f4 |
| SHA256 | 9f7be3cfd2663874538f689a8e70e23aef91d87f78e70a6dd20c3a000b6214f5 |
| SHA512 | 4fba0cdbf4671c493d67c40c991a783bc1b11bf3e2ebc8938581f9da08bcce671c21369a070afa6311db4c7cdf5286727b5352479a86fa6892c9a4bbc8a07217 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1cc9aca73b93446983640bf50951e85f |
| SHA1 | f5c5e097804298332d044f3a61781a9550654434 |
| SHA256 | d5cf3d853efad3132fd41d6354ae9b9f06b4c104a581fc366e1e65e394bcd9e0 |
| SHA512 | 2f3bff132099801d4fb9a30e595495792be892955fad3491cf9c21d153bce5eeadf62adfc6d03f582cae0c5e6adbce0e6a513eca9c292eb8004ac40f8391ea0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1fb5b6601c318769459327081e3fa6c7 |
| SHA1 | 7e3e58f33db7807ca52fc227d3b1f35938abbe4b |
| SHA256 | 0a09ffaae49ffa18e447901a6d2491459c132b657697bbfe493bf94b2f7e2c14 |
| SHA512 | 1059080b5c7031c4e59780fc1d1bdcf850a78fbf6a849b7c2bebfe5d0a1ea42f3d8888386966b1267159732ccd60d6acad1132f5ad85222d46b8d70635d18297 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 94992c17c14c2386edd9196add0e89d0 |
| SHA1 | 6f27cfa1409b18db1d4fe9dccea7fd7b17e236f4 |
| SHA256 | 33536fdc57d0804d61050e8ef604da1fe5867833b62394d7779a94092cfe6d11 |
| SHA512 | 773e716fabb6a290969752ed198999dd9f2533870c6ba107e8251919cf9837b9738f679946227f35a7b3c0f5645a5c0d161c1cd23d74e19734c7d731e52c31e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e5adbed8975d093572e2b8c2293ca974 |
| SHA1 | 723f56b386135686088ac94cd55ee89a0bbd1b1e |
| SHA256 | f6fe48e68a199ec30b13e7f58b979341afc90d3a41cd047447be2bad167ff36a |
| SHA512 | 95db45093589fada8ec532907310a7cc638b029a29367fafc0ef5fb396a4000c90540e66b10f41bebbd3a92a8f8237bab03daf90a49ee96dfc8599ac36c254d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 17de053e106e17e1ecd5197974122a47 |
| SHA1 | 85e3b32cf686c86ca903756df460c029b34b3c42 |
| SHA256 | a85dc5460454ebb5f3ef60021933957d61bad3d4076c68b6c5c49842e1f6d0d9 |
| SHA512 | af67de7fe989e5c21c07049cccdfb695d0e003cb354263742b55e268e443b033115d0a0522809bb484bb8e9dfcbfd0d4412d9ec1b52e0a0296f8ee888dee8365 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-18 07:25
Reported
2024-05-18 07:33
Platform
win10v2004-20240226-en
Max time kernel
443s
Max time network
432s
Command Line
Signatures
Suspicious use of NtCreateProcessExOtherParentProcess
| Description | Indicator | Process | Target |
| PID 4556 created 4424 | N/A | C:\Windows\system32\taskmgr.exe | C:\Users\Admin\Desktop\!WannaDecryptor!.exe |
| PID 4556 created 4424 | N/A | C:\Windows\system32\taskmgr.exe | C:\Users\Admin\Desktop\!WannaDecryptor!.exe |
Wannacry
Deletes shadow copies
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDC65C.tmp | C:\Users\Admin\Desktop\be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDC672.tmp | C:\Users\Admin\Desktop\be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844.exe | N/A |
Executes dropped EXE
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Desktop\\be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844.exe\" /r" | C:\Users\Admin\Desktop\be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp" | C:\Users\Admin\Desktop\!WannaDecryptor!.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133604907536259354" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dropmeafile.com/#4da74a3119
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee7ce9758,0x7ffee7ce9768,0x7ffee7ce9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2620 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5536 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5524 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4728 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3176 --field-trial-handle=1876,i,14122952394060607244,16219684635470627815,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4120 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844.exe
"C:\Users\Admin\Desktop\be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 277271716017239.bat
C:\Windows\SysWOW64\cscript.exe
cscript //nologo c.vbs
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe f
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im MSExchange*
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Microsoft.Exchange.*
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlserver.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlwriter.exe
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\!Please Read Me!.txt
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe c
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b !WannaDecryptor!.exe v
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe v
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\00ba1acc5588432eb5f91255f3d5d8f3 /t 3892 /p 4424
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Windows\system32\taskkill.exe
taskkill /f be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844.exe
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Desktop\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Windows\system32\taskkill.exe
taskkill /IM be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844.exe /F
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dropmeafile.com | udp |
| GB | 18.245.218.26:443 | dropmeafile.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | assets.lsdsoftware.com | udp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| GB | 99.84.9.70:443 | assets.lsdsoftware.com | tcp |
| US | 8.8.8.8:53 | 26.218.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.9.84.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| GB | 18.245.218.26:443 | dropmeafile.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | support2.lsdsoftware.com | udp |
| US | 23.19.69.193:443 | support2.lsdsoftware.com | tcp |
| US | 8.8.8.8:53 | 193.69.19.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 23.19.69.193:443 | support2.lsdsoftware.com | tcp |
| US | 23.19.69.193:443 | support2.lsdsoftware.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | 193.98.74.40.in-addr.arpa | udp |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | 92.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.179.234:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
Files
\??\pipe\crashpad_1900_YOKEIVZXOPRNGLIK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6a26d08ef255693260b6f46022976471 |
| SHA1 | 4fcf4e48df0609f7eb60693a98cb15f80ea9b39d |
| SHA256 | 4b4b53944fb121a8fb2319dbfd51b87282a4171b076c45c6a404093cc422450b |
| SHA512 | dd07e7c048c7fcd9f1236e88176e77009203c047cae6fa8befcb58224f1babf60f30dd9400044780faa9267607cc03853ebe927ebe956c1d5392a57e282c86cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 03540582246df1f97dbca0ad891bc03f |
| SHA1 | 3f0bba1175ffbd00ac357313e17ea33b10d2ad1c |
| SHA256 | 27af1df2a1f3423eddc99f9bb83d9e88ceb1ea18b9c23ca0e323bdc6ba8dafcb |
| SHA512 | 97d066f82d1d8c6ba6e3f50c5593fd8aa1b146bcea6d48888b016b15299b5f7905e8157fd4f2508ac511846435794ad8f93706e79ec551a2e6d1d613bbbd7f70 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3210a113f188445a0ec71a1cdf9a7fe1 |
| SHA1 | c12abb56c0bc7b77fd7914d8c0d351abad82cd3c |
| SHA256 | c75a3b598b1372b2fc47d3ce1859fef163b8483729875f6fb501d824572060b7 |
| SHA512 | fc87166ea079598451ce40c461fb40a2fad72f04aa7d777fb08f01bde7f099b4cfe7e7a815a1c19f7bf3079b2cb7a1590587e9f945c2a494bc42c2500fd02963 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bdd768e4e71ecc776c3ca9142cfe8a96 |
| SHA1 | a22522804bc87169fe66499d09b7fd0a9baca3b8 |
| SHA256 | 0577ebb876f637e752b35c98552fd3a5e695c02eed866ae3dd08bfbc7dd8303b |
| SHA512 | 6d487834ac70ffa130f3dc083f47be328af3405c53d10cb38e275a98f3d8185ac1686713d80b8012d9f56567dd3bdd43d360811e0ee2292126c0cf2e25f64a5f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 044f964e447589507396b6d051700a01 |
| SHA1 | fff91c26e4602a1da446a4acd2dfcdb24d22c435 |
| SHA256 | be64bdc41ecc3006c01c0e8778c83418919a41d75f8e7ad616b1dcd9fd96d4d8 |
| SHA512 | ba54b17b997fe483fa5a87b3e55699eab1d9f0d61ce4c69b47e3fe5639edc822d0fb4387af6a0918ddd763c72aa8e5f0cb6f37fee4bb991327ef5a9928768f10 |
C:\Users\Admin\Downloads\Unconfirmed 321285.crdownload
| MD5 | 5c7fb0927db37372da25f270708103a2 |
| SHA1 | 120ed9279d85cbfa56e5b7779ffa7162074f7a29 |
| SHA256 | be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844 |
| SHA512 | a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 763aba1855c007f0e23457ad2d476247 |
| SHA1 | b81eb574a3d333bc1ba46f056189af8a6892d864 |
| SHA256 | 748067a4fdb8f1ad0e8f956ae4e986063abe1b186d7e1c3717e8b319b5d430dd |
| SHA512 | 9051ccdbd26ead8238591f63829e0c94bf42847cc125a2c9ec3114fc0adf065595d5fbffb6bfde72f7dc82adf7a0082cb6900ff6958a1bd53091b5110dbec475 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c9c97aa87c071f3d5881de862873a7af |
| SHA1 | 1cf37578f0f49eb92017a35cfdceec246e8dd97e |
| SHA256 | 9eab53d71733ab8a4a6fb2af4f60d0238a47ff3edf0aad369c29af231820dd3a |
| SHA512 | 6dbabf23eb9ea6c57c0878dbe7c84e8febd96fe5f361d9d4d84fd349008fa4db8fc124d8f0b3e63b9db6e5d22acaab8ae3f98202efaa744605c6b15a85ba4e0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9b17ee5b82c75ea274f36eab829eb137 |
| SHA1 | 320af61debfbfc7c968e55b832121756cb7c9914 |
| SHA256 | e10cd56c1146e3210b745a522b7136176b50f7fd0dac980faf08df4d81e0d62e |
| SHA512 | eb2f34ccac29bc02565504092e7d6c9bf4c26f125e967b5fa7911bccc4cff599200504667f37fe0eb1955437f508977f392c6681b4e4cfdb990b6f87a1a899ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d99f705b8b1fc26f960361c3007cce54 |
| SHA1 | 8d38e702941e00d32a352f0e86da002e2591d790 |
| SHA256 | 5af1235a35804321783b611838333da2e6158ebf2d7d498f76a97e429948bbf1 |
| SHA512 | 73944aa8ee06d8df26473f632dbfa94432d20a2a96f75cdfdbd2abf0fd11b22d66978e2c9182be00529a051ad0c3d0384023fd35aead11d89677c1f13d6b3e09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d55fe63a1706f2b4747e08111ea64a4b |
| SHA1 | 09b23fd0c36bd16621603ad39e9359fc07463f7e |
| SHA256 | 9dcb7cffd6197b4b9d8c172065fd45e23a094b2306aefee9459dde1bb6b4e638 |
| SHA512 | bb822cee519cbfe3e10fc237b4a638411424ba41fc7024982cb875291d1ca3ec03a363dc9738fad51835962ab771893cd3cc0d1426d82422d1320e4b3314e2a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 1a18c6516286196cf050a0446033a656 |
| SHA1 | c364027fa9114c65e54358cc3fae74a94e7bf4b9 |
| SHA256 | 23eab7531cc8d808055db1751b0f91f8bf3c105776d47bbd4fd29483725c3e0d |
| SHA512 | 53153865b6b2ec59c819bf7b5bc31f6b9b5e6cef6ca9262e8605c8553269aee7f7e84f6c0996fd07d3630663852326b06f9ba2fc778901b63e55b46f15f7b8e5 |
memory/700-239-0x0000000010000000-0x0000000010012000-memory.dmp
C:\Users\Admin\Desktop\u.wry
| MD5 | cf1416074cd7791ab80a18f9e7e219d9 |
| SHA1 | 276d2ec82c518d887a8a3608e51c56fa28716ded |
| SHA256 | 78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df |
| SHA512 | 0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5 |
C:\Users\Admin\Desktop\277271716017239.bat
| MD5 | a112cca9dc4d4389853960a4090375ee |
| SHA1 | a41ef3b4ca3e316d1bc4095aedf80b07ccc2d045 |
| SHA256 | 16cc3752392a4575db02c89c72f0808bd7e6b37ed5c69490a248b9309907c7b3 |
| SHA512 | 470af17cc72848693327b30794a6f6d00ae77693780645259b5ed02256e3b1a9dd895489eca7e6a0dd558ce40e6e18ee3c3666fe0119935e6a1ca1bcb7e0ccd0 |
C:\Users\Admin\Desktop\c.vbs
| MD5 | 67ac56e98bdb0c90862e8472916f11ab |
| SHA1 | f961a11be9a04743f3e053a2bf46c12b9471fd28 |
| SHA256 | 6e20336f20c42fc21f30dc362dfea245333b195597a42bb7c87143283be8ea10 |
| SHA512 | 24267afc873e725d2c07bf51ce5b7e40026966a94919624baeb0d605770b9e64164948f9330b7e1910a913651b58132bffc76ceb4f0f8a5cecb9a56349bbc1da |
C:\Users\Admin\Desktop\!WannaDecryptor!.exe.lnk
| MD5 | 1aa901ad6a69456fae0b48130472f749 |
| SHA1 | 8fa232b17e1c1b8aeb1acfa8e36b79b4aac21899 |
| SHA256 | b3b89c00ab6b3adba1c3c01586cb5806ba46613f1fe7f913ca9f40cc2944de56 |
| SHA512 | 668ab147b1b36c6067931823b978e59e6d3715f5b42c46677804af01eda4618dc6cefb00bd0c8af34d50939612fce52001f2ab53c6e4a4e44c70f329ad8dc7d7 |
C:\Users\Admin\Desktop\!Please Read Me!.txt
| MD5 | afa18cf4aa2660392111763fb93a8c3d |
| SHA1 | c219a3654a5f41ce535a09f2a188a464c3f5baf5 |
| SHA256 | 227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0 |
| SHA512 | 4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b |
C:\Users\Admin\Desktop\00000000.res
| MD5 | cfd185663a2ade86982975dd2bb7b2c3 |
| SHA1 | 6473b2c8ba090f3360261c785b6e72b978394d1b |
| SHA256 | 101c147b9feb4b2e1cef0a5e01d4e24cbf45a8344ac0dcae546f1fcdd469945a |
| SHA512 | c13b8aa235ab03171c2afaadd62073113323dc212a3f9ab007d877634c38d261e7c753abef03657b4a48440748dd41ca8fcdedd51e81806242d4a8a49d595744 |
C:\Users\Admin\Desktop\c.wry
| MD5 | aa4575a1cd4c84ab72d60eff429bda90 |
| SHA1 | 7362da1fb9238f01e056c66552ab480b4acc6d0c |
| SHA256 | 73786004072d90fa45d81e23d7ddff9d8f7d5426d490741032a3106f5ebaecd7 |
| SHA512 | bbf2b58a5856f9440f9852290972b8ae4784c4212b86f1eee6f7f3f4cb0b3e5ce34279b737cec649bad8fa0d5e2862a0dddb282f26df74bfb9a64b47cf64d3e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
| MD5 | 84b1c5ff6f1b1da82df3ed3a20ff9211 |
| SHA1 | 1c13a7bf24213cc6919c9a419c792b963457a32d |
| SHA256 | 40060faf469d2cf91572b5db3ff8d5b5070bacad30c8fbdc13193901be5bd1a5 |
| SHA512 | 4ffc3f2ebb4a401f02fc17d4e420e0b87acc3f3f6562282a7eb5fda3fd44b4971586683cc67eedc993f246b97f72b1e503cd92694636e05bd8e3bbed2e6d0dba |
C:\Users\Admin\Desktop\00000000.res
| MD5 | a14808a85d19d10034dad9c96678dc2d |
| SHA1 | 92062322d726503943d29494c2358362dd75719c |
| SHA256 | a74ec0734c269c66d8b52ab32e34238b0a70180fbe10790efe805a2b960cd188 |
| SHA512 | c84f6c3a23f521d5b51048c8ed302ea2a484ebcb729c5df574948f60694ce2d1f6b2bdbd81fa1350af6a28ea78e94ae2f12c8f2d2329197d3dee816a9d6f4953 |
C:\Users\Admin\Desktop\00000000.res
| MD5 | 7371dcb9784da7a6b94b966a3501e0f8 |
| SHA1 | 0ed30a74893e5f98a47de274e35e6355cddb1675 |
| SHA256 | df758a687d13f1f033164bbd4e97aec03f7cf61d0e61cc97719cc51c6263fba8 |
| SHA512 | 8ac05c3a2faaef4e1f48ebe7d03f06cfe12ce8a5f9b83f5dc7fbc48b9fbc2e6a6e649f436fad620a48cf1dab8b7e7370fcaea987bd369ea03d03f88d73230021 |
C:\Users\Admin\Desktop\m.wry
| MD5 | 980b08bac152aff3f9b0136b616affa5 |
| SHA1 | 2a9c9601ea038f790cc29379c79407356a3d25a3 |
| SHA256 | 402046ada270528c9ac38bbfa0152836fe30fb8e12192354e53b8397421430d9 |
| SHA512 | 100cda1f795781042b012498afd783fd6ff03b0068dbd07b2c2e163cd95e6c6e00755ce16b02b017693c9febc149ed02df9df9b607e2b9cca4b07e5bd420f496 |
C:\Users\Admin\Desktop\00000000.res
| MD5 | 4172c5d71c5e23883a4c8bb4452f7e5a |
| SHA1 | 6d08f2327f38903e7a6b855f6374a557f6ed3afa |
| SHA256 | b72d12e2bca26f87bc35795cfb16ec0bb420fe34f437d66b00bdcaa28ba9a85a |
| SHA512 | 7c211f0d05b7c3cfb5ef3b0494df651a305b29e6c26a2beba8d80cf73d19df8af696fb1184ee51f166be4c335074172a7df8a41544126a3b4efbfa0bcd371afc |
C:\Users\Admin\Desktop\r.wry
| MD5 | 880e6a619106b3def7e1255f67cb8099 |
| SHA1 | 8b3a90b2103a92d9facbfb1f64cb0841d97b4de7 |
| SHA256 | c9e9dc06f500ae39bfeb4671233cc97bb6dab58d97bb94aba4a2e0e509418d35 |
| SHA512 | c35ca30e0131ae4ee3429610ce4914a36b681d2c406f67816f725aa336969c2996347268cb3d19c22abaa4e2740ae86f4210b872610a38b4fa09ee80fcf36243 |
C:\Users\Admin\Desktop\t.wry
| MD5 | 5557ee73699322602d9ae8294e64ce10 |
| SHA1 | 1759643cf8bfd0fb8447fd31c5b616397c27be96 |
| SHA256 | a7dd727b4e0707026186fcab24ff922da50368e1a4825350bd9c4828c739a825 |
| SHA512 | 77740de21603fe5dbb0d9971e18ec438a9df7aaa5cea6bd6ef5410e0ab38a06ce77fbaeb8fc68e0177323e6f21d0cee9410e21b7e77e8d60cc17f7d93fdb3d5e |
C:\Users\Admin\Desktop\00000000.pky
| MD5 | ed63d946db84060a48d779749d5f2d95 |
| SHA1 | 6889d4adad06bf1383335f1a25a82bd152d4b855 |
| SHA256 | 4b0034ea9c354826f6432a415f6dcc376940661051fb5a06b9445eb061b98310 |
| SHA512 | beb81351f1fd56baa9bd09095512da0ed41862449d5d1e81f8c9eeedd33bf52ea5567f33f7b874544b77f7b96b78c6a3bf796395fb0310a72fd82ffaa23aadc3 |
C:\Users\Admin\Desktop\DenyBackup.vbs.WCRY
| MD5 | aaee51e61d322426de330fd4407cc595 |
| SHA1 | 010ea6644266ab1e89f681e4c169143fc200cf76 |
| SHA256 | dcbd6dfaf2fefb2e46f4bc984866581fceb3db062b62302819d43a5358199010 |
| SHA512 | 90a9eff33a6eb5f0e555461768a1e6e8bbcc81ba302f716ebfc5a734965a4e35de835155291757c3d0ff953416c3551511a1d432747b3b5787b37cbc252a729d |
C:\Users\Admin\Desktop\ExitWatch.xls.WCRY
| MD5 | f6f13a7998be64489c819e97f9c3f201 |
| SHA1 | 55c0e1a76d4c491c3e064f03019a808d4b30e950 |
| SHA256 | f8b4c358c61c4f8543b38f46d04c0663e4d6faa67022d8631785e898aceeedd3 |
| SHA512 | 5d0f5fc1605783095b56fe9a70047e8e6c621e0bf644acba260e122425dcc9eba5f4de06c4e3e269068f1533872f9df58b47816d92697bd2d591a35d65aebfad |
C:\Users\Admin\Desktop\CloseUnprotect.exe
| MD5 | 7db52c773aa4cced07e0e764a525f35a |
| SHA1 | f13f80df32828d69e0c1b48d6015a672d095a795 |
| SHA256 | 67b8afc36c3a5c452d2d452eacc7d68ee1f4d1f711bba00210f4fbe5e4be2ee1 |
| SHA512 | 2a60a85cb81607cd961a0e76351b100ba0c74fe899024166f40bd1fad190e87082109fdd0b7f5c8f807b1a0c8c74347ca719ec8686e705d0051d2de612a0164a |
C:\Users\Admin\Desktop\LimitConfirm.potm.WCRY
| MD5 | 8475c968a14500a694536378a9a2aa13 |
| SHA1 | 3c900646b1309a238fe82b51af22b3d36eff69c2 |
| SHA256 | 5f412070e47609b5e2c9cff0b3f8fa499403c035b82294d362311d556eff16e4 |
| SHA512 | 564dfda78a11e53f014b1162e15c9ac4136101c767874c41a265d2bcdb08fd380f34d228d0bf6744d83daedb08549111e114ac4724e7c7a55a9f244d11063f70 |
C:\Users\Admin\Desktop\CopyEnter.3g2.WCRY
| MD5 | 4c0190cdd212673cdebb8fb0c3c74ae9 |
| SHA1 | cb19418e4566f1e173ff197bb4354ef5eca9de4d |
| SHA256 | 0a3e92eb50af535a977621edb7225bb292137c00b7a0c62ee703c46602184f18 |
| SHA512 | b66ee78d75fa34147f180eb5d3b4209bdd9a1dcfce0fc92d11784d89de0404eff1691e6926ef03e0008ab1d4e3ce3f6ad5db4252b4146f8499c07f4ce1f9516b |
C:\Users\Admin\Desktop\OpenDisable.mov.WCRY
| MD5 | 480edd8581310724f1cbc0942420e4f0 |
| SHA1 | df0ed462f5ca52b7c5873ba65a620b0497c4601c |
| SHA256 | 527d1cfb9fa713bb96b31efc4b0de0d77f8f72ede1c8d46d767fe530f2c295b1 |
| SHA512 | a72778bfe1aadbc6e67ac179fbc5906f1c08ac0749bb583ea8081b375604ef67bec25d4cc27bd5e02c5cb849d489d3e629310baac5720e5ef1ec357ffb960ee7 |
C:\Users\Admin\Desktop\InitializeReceive.cfg
| MD5 | 49bc0ae7f7e30447d41e15b0bd765cd6 |
| SHA1 | e8e09d2077f9c828422e3572228382b5d6a8aaad |
| SHA256 | 99aace32f6285a7ab0d4ef784a774f8c231d105b89da6a492a168c40e281d9ef |
| SHA512 | 07b3ed56ba4f03893f40bdeb479e4fe18e8e7bdf4fb2b05f49c044b045447e865b49b703e305586054b3634637b80837cb11020128fc1a801beac30eab3057c1 |
C:\Users\Admin\Desktop\ResumeClear.sys
| MD5 | eb46354b0906a7887de4b132912d62be |
| SHA1 | 37d63d75a8fd91b691ba69dce107d61dd2d9a802 |
| SHA256 | 0d0e7e2d528515ac94619d0d8d44adabdac88d534a91063dd363f08bc48707a7 |
| SHA512 | b63d921955fd4a3111967829ae4e9b35f456ef2e6eee6a01280decc521b81c99268d950ddb81638754f075b86f365b5e3f2814fd0399436a1b80e344dc8e35e9 |
C:\Users\Admin\Desktop\TraceMount.wmx
| MD5 | 6e1199455e442fd9bd0dcf997c0faa87 |
| SHA1 | 89f6dad3bea9aee7f2c9f6306d576d49894cd37c |
| SHA256 | 5df1ab6155381ac0d2e7427addccefc6d4451a3815874611be4d5e6ef97dc3ba |
| SHA512 | 79fb7daed72b7fe372c45a618b8befc19ee63080d659611209cefa1472775d6f0c77a57c43b95953699c0ad59461116281d275c93b8201602985c55141340b92 |
C:\Users\Admin\Desktop\UnblockCompare.vbe
| MD5 | 67fce6684d8a241cbf9f44570f4c0247 |
| SHA1 | f3e79d9ba322f0a1715da9f694b0efebfbe74d66 |
| SHA256 | 9ace8ef0573059dcc7cd69e6e6b58afbbe295e9134d0b04aa0b1d48810f350c7 |
| SHA512 | db92e14165e46f598eb0a7b0e8a62a838243c14206d0dc2ad3669d64c74caed0f7bd0b72d09a85ab4cbfb3c2d478c264eda7d2696afdfe7bbb012db3101180ed |
C:\Users\Admin\Desktop\WatchUninstall.nfo
| MD5 | 44f28bafcc41981ff8154ec14271e06c |
| SHA1 | 94b785f8998d2cb90a7947f4ef5f994192617516 |
| SHA256 | 634412833386740deff1b9275bfa186712522c62b1b2d644923e2032abc41a1f |
| SHA512 | c86eec2f91fd60cb5d844babaea38dc4fc06e2a51d23f882eb15104aa5a83c371991aaafed7ea4f95f005fcbda9c2de267112a225ad4380d823ec784e35a2002 |
C:\Users\Admin\Desktop\WaitResume.contact
| MD5 | f7ff424bf42a7ff0324636b977ef6ed9 |
| SHA1 | b74f6b8dcb3451a727c32a24a2a28e1096b2c505 |
| SHA256 | 1c46fa427a9254721eade2361905d67c7774cbb3fda332adb9677cf60334c7d5 |
| SHA512 | 012c61ed053f81bde8a8627ccd694fafe16fb223d4944c2b80e589fd95e75ebcedd71c237212bd45bf8b6a14ff91c3493e613a5e561f06435b0fd2dc98f0d36a |
C:\Users\Admin\Desktop\RenameExit.avi.WCRY
| MD5 | d3cf7a7619038f7455ca73c1400072c5 |
| SHA1 | 3161b58437044796c79215802dc9f6d0d8b3c4a5 |
| SHA256 | 0751e15074712502e989009a00730908f3f5344361c1115a7ae8acede6cdf45b |
| SHA512 | 6cd355521f081453b8dc5e329d4e2b5af05864847e66a1799b7fecc63e33209ce0d3766b3fcaa4ac66fea57a4934178502d4f5d4347c249477bec8b6d384d5df |
C:\Users\Admin\Desktop\EnableInvoke.dib
| MD5 | b9e4996c4d5c637960236c93d7184410 |
| SHA1 | 405a85d6143da74f0ce96f9497e4db9eb5c5c193 |
| SHA256 | 4df48ed1dad854a2275fe2150cf270e7aa4774be47a812cd51c1671b1a62769f |
| SHA512 | a5bb16c612151845526614d61434f657408dd8be3af87397d6b3f487ff7b1d153c46a36154ed695c4a4328fb1dd849a21b59695e3b200694c9964e55ed883375 |
C:\Users\Admin\Desktop\FindOut.vdx
| MD5 | 38146d5fdee41c1509300360811f69ec |
| SHA1 | 46efabd4d6b4e64e6d19fe6dd5f217879d7a7e95 |
| SHA256 | 7254e1507c2664ddfe8c64d6dbed56d440f56fc1d7fdcced8ad17b269122ea2c |
| SHA512 | 78de66d5f366607913c9b38661bd7d4ecb9b0cefe5880ea86630a28a921031e81924936c4c15ce700db24f29abd39b5718f870600b54160adb34986f56174363 |
C:\Users\Admin\Desktop\f.wry
| MD5 | 4b35a56a11f9955cd2a2714770a3164e |
| SHA1 | 8bfd92fc0c0e690fa2bd005611a63bc29543b8fb |
| SHA256 | 31e2f5742018a512938319fde1820127815f57a493aad4eb0a8272dc4bf54713 |
| SHA512 | 2c941da857b51870c9d5cbdca875eff6f0c9befa2b28806c2ee94e74b2664238e8b05717359436eeaef703d6e5f7ba3f75882b3223c78fab24959f4803b607fb |
C:\Users\Admin\Desktop\RedoRename.mht
| MD5 | f97aaf7cf5ac486573a17b1da5690c86 |
| SHA1 | cf2914e5815fec4c47669008cdfcd2477fa0b965 |
| SHA256 | d35ca796415ab64b1f824749ffa2bdfadbc7b1d6ec3b13e4d46bb8c84114b051 |
| SHA512 | f0dfa6beb05ecdd48463811a79b284b5552263b1d4f37444afba33d3a4e2673f076c818e53ea216b04425669446b0abd10c61db6954af4f6fe91f925648e422a |
C:\Users\Admin\Desktop\RegisterTest.m1v
| MD5 | 9e6f3c5b4fe606248b973962b137d175 |
| SHA1 | bd60fac173582137ee29ffe95abe36c44d49bc8b |
| SHA256 | 4bca27c0bdbf9895edaa84492115226e11a30ea3d22bf9b578bb3853666a3b17 |
| SHA512 | 8d770307ca7ce52aacc437a74d4ca869be26bbec3729f8ac0fabeb8e67b22c0f9d2e3a4d9d5a720731029d0f0da047529c729555c60940c4a7224627d7edb0a8 |
C:\Users\Admin\Desktop\ResetLimit.html
| MD5 | 8c60f6f755830c85356a24cb29d6c204 |
| SHA1 | a48725171f982f7d7415e7d02b46025a46c4baed |
| SHA256 | 848c4a637557643e5f795381752b194d161c0db9bdad61763664897efd3c5da0 |
| SHA512 | e54e1c89724538b18187c09afc2c179f559afb676251b7217fada7b36067276fd81aa36d804bb2edf2f574dc6a5095dcbd77f5dcd7c42016934b325abd7edce8 |
C:\Users\Admin\Desktop\ResizeComplete.mht
| MD5 | 88c94831c7d0e785c38228604630d64b |
| SHA1 | 6f8953bb1bca6a2df214eb27add865b7a67684ee |
| SHA256 | 29ed4daa91535dbcb7d793199f494931ba2090548ca42a192e730770062d9140 |
| SHA512 | 83385bd9818433a82935e59fd2b7984333f1f4fb094ba41333f6f314b99d9d1410edc3910a70b78b82d6d077256ff88d496087ee9d3dafdf49c9da587af24f5d |
C:\Users\Admin\Desktop\SendInstall.wvx
| MD5 | faba6fc5af53edd6133a82f2264bfb8d |
| SHA1 | c568216552370cc2c0db4d1de445624c5ca1a03f |
| SHA256 | cfdd4be31efeadc78b7c79a78abc992806eee0d55dbf50ccd47c310ad3b47ca7 |
| SHA512 | 1240f9df217f0e241402c893790876484e04dd9bf8e57d90e15a1417df2b4069e870be08f9274cfd87930f9222c4c15f42d225f9e803a85b1fe1723ca95a851a |
C:\Users\Admin\Desktop\SplitExport.wmf
| MD5 | e3eea12b51db25db2e71aa9ba0d32026 |
| SHA1 | 669565c0704c8b7e1799b6efd756357552c7f065 |
| SHA256 | 864fa6b5b72101706c9697ab9d8d7d1917039945a6a9ab0dd8035c6e114f2162 |
| SHA512 | d2b42dad8a68a3e0623a12ae5ca00fa7ae1568c0abf77a2d13c7e6c4ea37be09fff5d8912307078c42fa88340a901902a97d0a7f1ed420305388d91b2aaf47d0 |
memory/4556-1633-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp
memory/4556-1635-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp
memory/4556-1634-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp
memory/4556-1642-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp
memory/4556-1645-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp
memory/4556-1644-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp
memory/4556-1643-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp
memory/4556-1641-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp
memory/4556-1640-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp
memory/4556-1639-0x000001EF3BA80000-0x000001EF3BA81000-memory.dmp
memory/1828-1660-0x0000015990A00000-0x0000015990B00000-memory.dmp
memory/1828-1665-0x00000161929C0000-0x00000161929E0000-memory.dmp
memory/1828-1662-0x0000015990A00000-0x0000015990B00000-memory.dmp
memory/1828-1661-0x0000015990A00000-0x0000015990B00000-memory.dmp
memory/1828-1691-0x0000016193040000-0x0000016193060000-memory.dmp
memory/1828-1678-0x0000016192980000-0x00000161929A0000-memory.dmp