wannacry | hxxp://download3[.]vmware[.]com

Analysis

max time kernel
456s
max time network
455s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
18-05-2024 08:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://download3.vmware.com

Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Drops startup file 2 IoCs

Processes:

[email protected]

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD3A39.tmp	[email protected]
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD3A40.tmp	[email protected]

Executes dropped EXE 17 IoCs

Processes:

[email protected]taskdl.exe@[email protected]@[email protected]taskhsvc.exetaskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exe

pid	process
7048	[email protected]
2356	taskdl.exe
1428	@[email protected]
4952	@[email protected]
7156	taskhsvc.exe
6704	taskdl.exe
7044	taskse.exe
4440	@[email protected]
7120	taskdl.exe
6996	taskse.exe
6376	@[email protected]
2244	taskse.exe
6548	@[email protected]
3772	taskdl.exe
2176	taskse.exe
2860	@[email protected]
6852	taskdl.exe

Loads dropped DLL 6 IoCs

Processes:

taskhsvc.exe

pid process

7156 taskhsvc.exe
7156 taskhsvc.exe
7156 taskhsvc.exe
7156 taskhsvc.exe
7156 taskhsvc.exe
7156 taskhsvc.exe
Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

1804 icacls.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
7156	taskhsvc.exe
7156	taskhsvc.exe
7156	taskhsvc.exe
7156	taskhsvc.exe
7156	taskhsvc.exe
7156	taskhsvc.exe

pid	process
1804	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sypsbogrtxzf045 = "\"C:\\Users\\Admin\\Downloads\\MalwareDatabase-master\\ransomwares\\WannaCrypt0r\\tasksche.exe\""	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

Processes:

flow	ioc
125	camo.githubusercontent.com
129	camo.githubusercontent.com
158	raw.githubusercontent.com
157	raw.githubusercontent.com
126	camo.githubusercontent.com
127	camo.githubusercontent.com
128	camo.githubusercontent.com
155	raw.githubusercontent.com
156	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

[email protected]@[email protected]

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings firefox.exe
Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

6624 reg.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings	firefox.exe

pid	process
6624	reg.exe

NTFS ADS 2 IoCs

Processes:

firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\Krotten.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\MalwareDatabase-master.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exetaskmgr.exetaskhsvc.exe

pid	process
6596	msedge.exe
6596	msedge.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
7156	taskhsvc.exe
7156	taskhsvc.exe
7156	taskhsvc.exe
7156	taskhsvc.exe
6844	taskmgr.exe
6844	taskmgr.exe
7156	taskhsvc.exe
7156	taskhsvc.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

6844 taskmgr.exe

pid	process
6844	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

firefox.exe7zG.exe7zG.exe7zG.exetaskmgr.exeWMIC.exe

description	pid	process
Token: SeDebugPrivilege	936	firefox.exe
Token: SeDebugPrivilege	936	firefox.exe
Token: SeDebugPrivilege	936	firefox.exe
Token: SeDebugPrivilege	936	firefox.exe
Token: SeDebugPrivilege	936	firefox.exe
Token: SeDebugPrivilege	936	firefox.exe
Token: SeDebugPrivilege	936	firefox.exe
Token: SeRestorePrivilege	7020	7zG.exe
Token: 35	7020	7zG.exe
Token: SeSecurityPrivilege	7020	7zG.exe
Token: SeSecurityPrivilege	7020	7zG.exe
Token: SeRestorePrivilege	4816	7zG.exe
Token: 35	4816	7zG.exe
Token: SeSecurityPrivilege	4816	7zG.exe
Token: SeSecurityPrivilege	4816	7zG.exe
Token: SeDebugPrivilege	936	firefox.exe
Token: SeRestorePrivilege	5360	7zG.exe
Token: 35	5360	7zG.exe
Token: SeSecurityPrivilege	5360	7zG.exe
Token: SeSecurityPrivilege	5360	7zG.exe
Token: SeDebugPrivilege	6844	taskmgr.exe
Token: SeSystemProfilePrivilege	6844	taskmgr.exe
Token: SeCreateGlobalPrivilege	6844	taskmgr.exe
Token: SeIncreaseQuotaPrivilege	5192	WMIC.exe
Token: SeSecurityPrivilege	5192	WMIC.exe
Token: SeTakeOwnershipPrivilege	5192	WMIC.exe
Token: SeLoadDriverPrivilege	5192	WMIC.exe
Token: SeSystemProfilePrivilege	5192	WMIC.exe
Token: SeSystemtimePrivilege	5192	WMIC.exe
Token: SeProfSingleProcessPrivilege	5192	WMIC.exe
Token: SeIncBasePriorityPrivilege	5192	WMIC.exe
Token: SeCreatePagefilePrivilege	5192	WMIC.exe
Token: SeBackupPrivilege	5192	WMIC.exe
Token: SeRestorePrivilege	5192	WMIC.exe
Token: SeShutdownPrivilege	5192	WMIC.exe
Token: SeDebugPrivilege	5192	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5192	WMIC.exe
Token: SeRemoteShutdownPrivilege	5192	WMIC.exe
Token: SeUndockPrivilege	5192	WMIC.exe
Token: SeManageVolumePrivilege	5192	WMIC.exe
Token: 33	5192	WMIC.exe
Token: 34	5192	WMIC.exe
Token: 35	5192	WMIC.exe
Token: 36	5192	WMIC.exe
Token: SeIncreaseQuotaPrivilege	5192	WMIC.exe
Token: SeSecurityPrivilege	5192	WMIC.exe
Token: SeTakeOwnershipPrivilege	5192	WMIC.exe
Token: SeLoadDriverPrivilege	5192	WMIC.exe
Token: SeSystemProfilePrivilege	5192	WMIC.exe
Token: SeSystemtimePrivilege	5192	WMIC.exe
Token: SeProfSingleProcessPrivilege	5192	WMIC.exe
Token: SeIncBasePriorityPrivilege	5192	WMIC.exe
Token: SeCreatePagefilePrivilege	5192	WMIC.exe
Token: SeBackupPrivilege	5192	WMIC.exe
Token: SeRestorePrivilege	5192	WMIC.exe
Token: SeShutdownPrivilege	5192	WMIC.exe
Token: SeDebugPrivilege	5192	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5192	WMIC.exe
Token: SeRemoteShutdownPrivilege	5192	WMIC.exe
Token: SeUndockPrivilege	5192	WMIC.exe
Token: SeManageVolumePrivilege	5192	WMIC.exe
Token: 33	5192	WMIC.exe
Token: 34	5192	WMIC.exe
Token: 35	5192	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exe7zG.exe7zG.exe7zG.exetaskmgr.exe

pid	process
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
7020	7zG.exe
4816	7zG.exe
936	firefox.exe
936	firefox.exe
5360	7zG.exe
936	firefox.exe
936	firefox.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exetaskmgr.exe

pid	process
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe
6844	taskmgr.exe

Suspicious use of SetWindowsHookEx 25 IoCs

Processes:

firefox.exe@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]

pid	process
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
936	firefox.exe
4952	@[email protected]
1428	@[email protected]
4952	@[email protected]
1428	@[email protected]
4440	@[email protected]
4440	@[email protected]
6376	@[email protected]
6548	@[email protected]
2860	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 380 wrote to memory of 936	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 936	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 936	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 936	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 936	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 936	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 936	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 936	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 936	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 936	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 936	380	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 3588	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 2104	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 2104	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 2104	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 2104	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 2104	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 2104	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 2104	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 2104	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 2104	936	firefox.exe	firefox.exe
PID 936 wrote to memory of 2104	936	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Views/modifies file attributes 1 TTPs 2 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exeattrib.exe

pid process

3784 attrib.exe
6756 attrib.exe

pid	process
3784	attrib.exe
6756	attrib.exe

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://download3.vmware.com"
1⤵
- Suspicious use of WriteProcessMemory
PID:380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://download3.vmware.com
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:936

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="936.0.1403771665\1576646987" -parentBuildID 20230214051806 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72d4bf80-52de-4fdb-9ecb-09940c7e40bb} 936 "\\.\pipe\gecko-crash-server-pipe.936" 1848 1acd4f0c558 gpu
3⤵
PID:3588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="936.1.349204373\800099088" -parentBuildID 20230214051806 -prefsHandle 2428 -prefMapHandle 2416 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fa440e9-f854-4186-acf2-e42d1d580be7} 936 "\\.\pipe\gecko-crash-server-pipe.936" 2456 1acc0c8a558 socket
3⤵
PID:2104

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="936.2.937956776\99704159" -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 3032 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef1f6821-c63c-4534-9c73-459721b87b21} 936 "\\.\pipe\gecko-crash-server-pipe.936" 3000 1acd8033c58 tab
3⤵
PID:828

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="936.3.119429824\1912709228" -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 3664 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcded591-e616-442e-8ab6-ba9810498df4} 936 "\\.\pipe\gecko-crash-server-pipe.936" 3680 1acd9c21758 tab
3⤵
PID:4996

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="936.4.1431493827\1587835645" -childID 3 -isForBrowser -prefsHandle 5064 -prefMapHandle 4528 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09527574-ed0a-49bc-9ca1-8b22150e4df0} 936 "\\.\pipe\gecko-crash-server-pipe.936" 5084 1acdaef8e58 tab
3⤵
PID:5028

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="936.5.464382378\2083137592" -childID 4 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27651f4f-7cb7-481b-b12b-89fbe95702cb} 936 "\\.\pipe\gecko-crash-server-pipe.936" 5220 1acd8034e58 tab
3⤵
PID:4120

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="936.6.1696778617\1829951842" -childID 5 -isForBrowser -prefsHandle 5528 -prefMapHandle 5524 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {412692ca-b6bb-4837-a4a9-b424ef7281c9} 936 "\\.\pipe\gecko-crash-server-pipe.936" 5536 1acd80cd558 tab
3⤵
PID:3580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="936.7.934636326\1093081401" -childID 6 -isForBrowser -prefsHandle 5672 -prefMapHandle 5676 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45b2dbd1-6222-4d31-b10f-2e3da4ea9b86} 936 "\\.\pipe\gecko-crash-server-pipe.936" 5664 1acd80cea58 tab
3⤵
PID:2380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="936.8.1494002722\1709182547" -childID 7 -isForBrowser -prefsHandle 5956 -prefMapHandle 5948 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5de7f64-9d7b-4bd3-857b-947b8284aae1} 936 "\\.\pipe\gecko-crash-server-pipe.936" 5868 1acc0c81058 tab
3⤵
PID:2828

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="936.9.77921750\1355419364" -childID 8 -isForBrowser -prefsHandle 6184 -prefMapHandle 6200 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef59e320-8931-4bbb-8cff-aaf72f5db1e5} 936 "\\.\pipe\gecko-crash-server-pipe.936" 3820 1acdb80a258 tab
3⤵
PID:5212

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="936.10.1791359156\94307981" -parentBuildID 20230214051806 -prefsHandle 6464 -prefMapHandle 6400 -prefsLen 27776 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b01155e-9db7-4ea9-a242-14554b71205b} 936 "\\.\pipe\gecko-crash-server-pipe.936" 6460 1acd41a5558 rdd
3⤵
PID:5484

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="936.11.1992064016\1651133155" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 6396 -prefMapHandle 6404 -prefsLen 27776 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0aee54e-14d2-4af6-95c2-4ab4c96ea499} 936 "\\.\pipe\gecko-crash-server-pipe.936" 6476 1acd41a4658 utility
3⤵
PID:5492

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="936.12.711184694\1055998471" -childID 9 -isForBrowser -prefsHandle 6728 -prefMapHandle 6732 -prefsLen 27776 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0686e66-624f-4526-8309-6287dc099962} 936 "\\.\pipe\gecko-crash-server-pipe.936" 6716 1acd979be58 tab
3⤵
PID:5820

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="936.13.82844200\682144234" -childID 10 -isForBrowser -prefsHandle 4816 -prefMapHandle 7132 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {338bb9d6-17d8-4f77-898e-167a264509f5} 936 "\\.\pipe\gecko-crash-server-pipe.936" 6880 1acd979ac58 tab
3⤵
PID:1048

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="936.14.231562980\2091071727" -childID 11 -isForBrowser -prefsHandle 7212 -prefMapHandle 7216 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9290acd9-ad02-4b2a-a328-f302d99e0607} 936 "\\.\pipe\gecko-crash-server-pipe.936" 7196 1acd979b258 tab
3⤵
PID:4036

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="936.15.1394353208\1108824001" -childID 12 -isForBrowser -prefsHandle 11388 -prefMapHandle 11368 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03210664-4cb2-41dd-a900-f4cf7db8684f} 936 "\\.\pipe\gecko-crash-server-pipe.936" 11360 1acdae68258 tab
3⤵
PID:5184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="936.16.212219987\2022253681" -childID 13 -isForBrowser -prefsHandle 10944 -prefMapHandle 5244 -prefsLen 28235 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26f5bfb8-51c4-4f62-a25d-a08a6425f587} 936 "\\.\pipe\gecko-crash-server-pipe.936" 4808 1acd9891258 tab
3⤵
PID:6876

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault99f08560h1395h48b6ha813hcd8d0888c4a1
1⤵
PID:6172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb125246f8,0x7ffb12524708,0x7ffb12524718
2⤵
PID:6316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10514870243249118378,17498244956850844945,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
2⤵
PID:6584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10514870243249118378,17498244956850844945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,10514870243249118378,17498244956850844945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
2⤵
PID:6668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6888

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MalwareDatabase-master\" -spe -an -ai#7zMap31432:106:7zEvent29404
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:7020

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\" -spe -an -ai#7zMap22329:156:7zEvent10823
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4816

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\" -spe -an -ai#7zMap13727:156:7zEvent19118
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5360

C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\[email protected]
"C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\[email protected]"
1⤵
- Drops startup file
- Executes dropped EXE
- Sets desktop wallpaper using registry
PID:7048

C:\Windows\SysWOW64\attrib.exe
attrib +h .
2⤵
- Views/modifies file attributes
PID:3784

C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:1804

C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:2356

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 210121716022148.bat
2⤵
PID:5836

C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
3⤵
PID:5460

C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
2⤵
- Views/modifies file attributes
PID:6756

C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\@[email protected]
@[email protected] co
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1428

C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:7156

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
2⤵
PID:4948

C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\@[email protected]
@[email protected] vs
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4952

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
4⤵
PID:788

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
5⤵
- Suspicious use of AdjustPrivilegeToken
PID:5192

C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:6704

C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\@[email protected]
2⤵
- Executes dropped EXE
PID:7044

C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of SetWindowsHookEx
PID:4440

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "sypsbogrtxzf045" /t REG_SZ /d "\"C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\tasksche.exe\"" /f
2⤵
PID:3984

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "sypsbogrtxzf045" /t REG_SZ /d "\"C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\tasksche.exe\"" /f
3⤵
- Adds Run key to start application
- Modifies registry key
PID:6624

C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:7120

C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\@[email protected]
2⤵
- Executes dropped EXE
PID:6996

C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6376

C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\@[email protected]
2⤵
- Executes dropped EXE
PID:2244

C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6548

C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:3772

C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\@[email protected]
2⤵
- Executes dropped EXE
PID:2176

C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:6852

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6844

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:3724

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:5396

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Inhibit System Recovery

T1490

Defacement

T1491

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
4ad5336dffbe221838f9287ee9432a98

SHA1
e1a1d1d0e2cd9dc496c22b8c4ed0653442c5a965

SHA256
aaf14caf197ed8a5e85131d1a3d8e7d7a353a7b828f40829c96ac3f1de0be103

SHA512
136c7a42ca832f7e2a3dbd7b5d83d2fd776c300fe796683f965cc36de896f66129417aa41330d3be0a78b25248abcc016733e9cd6fdf516178f3a01115477a33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
754352c3976759985cb901227b028f53

SHA1
c05d54cfb516452b27cb3fd309764f7b701e8022

SHA256
314566d20f7a7676ba42fa88347d78c6afe0a5f108af208468c7998983e21f98

SHA512
2e219cf61fffd48591d00fa450cf93c8d061c6b4985099853884756971d89e88c291fdca6853ce28d66b35dfaa21f11b10202df9b8bb86a026676e88474de7d3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\activity-stream.discovery_stream.json.tmp
Filesize
26KB

MD5
8c13ffd148334edc23eb048108682f1f

SHA1
7508d5b009c4f066ce085827f1c847b259f64ef4

SHA256
6601362babab9b522f6e323794908dac3c02a3aea0ced020e858a0a45fde76cc

SHA512
6ebebe9edc627adf756dbdf17cc77ba9891bc16f0de6b527160c1d277f592f05234125806ac33733255edbcd0add8a1604eeed2e5a1a1ca969aa291e98cbb141

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\16421
Filesize
13KB

MD5
f51a4a20fcbc40559508b87c9b53ec07

SHA1
46c1d95116b34a5b2d33a1c2f498d30eaed325b2

SHA256
91a82f0df00d727a92b47ad550e87a4d06319cc8bb67123486e41ae37723cf0a

SHA512
f18b2d3144eb883f1aeee12f2efef18d82e252dda9636c3e407db67f753155ae258a3d639798fe5d61cbdb32703b6c127652f1fa3e92ce0aab813fb08287c924

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\206
Filesize
13KB

MD5
624e972023d7a2e5ef8cfb0d94d046e2

SHA1
7391f6bf92a7089abca5426ab16a9e553e4fcf68

SHA256
54dcea0c04d383683855a0289b68cc2a341e3061d177bbcfe42bea75655add17

SHA512
a79cfe5968d204f5968064c962fa37c5a9657f2bf0805323bcd79dd15ab8edd6631f6ec917f3ca42247b328eb6b26bdd3f7b03c1bae7d0a286fb27e5f644a65a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\21344
Filesize
64KB

MD5
9240bf43346cbb41785f9795e41d1a64

SHA1
d68dc5c3d385e5594cdc180da96dafc67ffc4de0

SHA256
70b21c48cafb0e83a70032820b781de04992dfee157656f6cc9c533c522f81c0

SHA512
f15b798c2832f041bc7d1e1b3954262a7a1b3812e35424504fa296fc863f76705158cccfeea02d7ae19b88d701ded8330503c338c67a28f324234f4014014aa0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\21989
Filesize
12KB

MD5
dd21be67092fa3a369c6d980509b027a

SHA1
dd75a9910458df28116e34cdf5121c073e853f7b

SHA256
95d88342d218ae8cff9fa14543ceb98a71a055371379c3106fa90882d05078d3

SHA512
e4b05e95c8361b1c6283d8de6e8e684f265f068471f7e13e8e87ddb48c6603b7c46c5c2cb0f65db8e8e29b124ee6405e100d49bff2f30ddc37d8de77e7a0acc9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\22938
Filesize
12KB

MD5
686ec7a0f3c439f70abb755bcf67c15a

SHA1
002ff3baace7c9e0c2a919b31ad2b44fd64cbd80

SHA256
3013abb934a533558a39b73b11f4832a0fd0476cc0123fb0dc55e3e6cb8921e1

SHA512
14cf5a4dc259a6e88aceb9046d8e21bbb4540c7e03dc0e40f43fac179c0506ed6dd0c01ed0ed30d207afeb07dc264ba23f6324f0f02cb87a607e0d4b0f825ba9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\23121
Filesize
57KB

MD5
704289fe7d7d7576715b96ce7832b525

SHA1
fa32283e5aaf652c19d6ee7d6705cfe44b4fdd8d

SHA256
23f95d3da9b996a3a35ed6f3f96f9c0428970b250e05ee8d57ac879351fee2bc

SHA512
27a265de894cc41c156ebf86e556893c535e48d3184444f3f0873ea5bdc951673429fc698ee56de3c090e7b760fdb7a17b95af016b961f5da71d26fdf44f5dc4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\26540
Filesize
12KB

MD5
2b4a9ab36d44df0df91c7338646d285c

SHA1
e4f00731db309e2c11744e370aac4526c68f2ed9

SHA256
3445ceb776c9d7b62ca7842e4357cd3112593b290682bb51e5ae538e1b469dd8

SHA512
834a1d13b7db3dd5767ecb702380cb9bf73030585decdb7737c4efffde9caf2e22f206cf2060f32b48c191507497c32563dd355a0934f29141b0926af795ae13

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\26826
Filesize
14KB

MD5
70767a733198ecefef90d0fe347687eb

SHA1
8f92e3cb6aacaf92d5e507556728eb0c32ae6779

SHA256
b041af8e32e11ca07a46f481302df063db8f04dba2d155d8f43283e20b063ae7

SHA512
ca2ddedd14f3ed0786b7e5b3e546b501966fce8f97d77e2e3c3f9537ddd9a02e9d16be9d310a4549620afe1b4276ac1b221662ddb85c5bb51c45780a10ee3f8a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\27847
Filesize
12KB

MD5
86b9cfc13f21be7b59a0b29e50358f85

SHA1
90de898acdc71e2cd2cb9c980a1ab27ac392af35

SHA256
e1f8db34f32a41ffc425a2930b2d9ae3f849569e70360421abf084e977271d8b

SHA512
817ee64eb57a9e3d7324ffb9aeb64b75c2922acc82b5adfedfe5634fd9a2e4585f5bbc16750589fac9ca2ea1edb2f22c4d835651aaa7605521bdc1e22d5340d4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\2932
Filesize
39KB

MD5
4ff36618aaaa1380ae948ff9f370e572

SHA1
4d0db91e15dca6c414aba6612fb24d8b0e4053e3

SHA256
1e18f282d48b13dd6694c9f9139dcb38e989204d938a03e12d532d7cc78e113d

SHA512
46e7d182902f9ba269e9cae9cf95c4d264e070936de1a8c718bbbd5e9c88c8a1ea44bd4951581a66525f7423057ecc498e0ce1c9f8deb494028c6a7cfe7b3302

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\29791
Filesize
51KB

MD5
ab3eb47d5aad17f8638243c258f5cb92

SHA1
e1d36850120e75a1504abc2641940cf49492213d

SHA256
35e02cd589ba13eddf9965bd0b8939101cd85b7b2e0e8e0c9b262b77f5fdc285

SHA512
a2c00f61004c21ff612fa7b68223e4c64d9d08ad766457336198f734f1ef9ac1ac4b261d17f5960fbb66a1eeca178923edb64c2b13ce00b053268c06b1c18a44

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\3235
Filesize
14KB

MD5
18cdb20c7a3ac4a48191abbf2265c955

SHA1
dc165d4b6c88fc103f400fe8709f055a50241709

SHA256
9922e8c9acb8e939bf703ba6bfdac194ade4d07b37b45c7e92ab7d4525b75a31

SHA512
c3f33f92e82a1eb70b4901f4c824f9b9bbf618af9378d449137b118712c22556aefc3ef335346c80c19673b833e48b96397219a8950a42c986c519eb0ebabdbe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\doomed\6421
Filesize
56KB

MD5
f5fec8999120c81d25df672460978413

SHA1
2e795d6c1d814be6eafc0839f1e7138154e342ba

SHA256
bdde3557e56fb9d27bdc9dd62a5b4db358c11cf95c7feb7cf566516b6992cd53

SHA512
c47ac9d8c53d8e1366a7a99f37f4c8ee29f8f13459fd04ed4979201cfd815df2781822dc5cae97f84cef9dc9baa9dab3a85c960fc9b58852dea94e347c459c53

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\05E2754797FA51C0D8F623EA38915D71E69B1921
Filesize
82KB

MD5
0128cae9edd6830998cfecfd0982bed4

SHA1
9aac9937739f1a815286f37c2bc680e20a7644b3

SHA256
c4db8873064716d1294ec8de2610abb56f0dc7a20375287e3c7c460995dcf123

SHA512
1040ac095f06845e528a1853a837712b24487960d60c2f459684dee7dbbc1c5a8d711c627a92d4cd02455402c057a9b23efe58167e6088d4ff135ab96974c6f3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\175FC1F27DF5030D57F8D0FF3A5E0CD7039CB332
Filesize
35KB

MD5
dd25b28368be333ad32af3ef33ee32ca

SHA1
4ae5c8467f524ffb6886909d7c55fbcac0da2c40

SHA256
167f1840703f40d16fa13e0a813fcf469a970910284160add62a0d5657e2d88e

SHA512
5d86dd8d61ae37dbc49e2fb2a20d5acc934bad90a33ead0f271318fcc61d4802fab177ba3be73d5c760268eb260bf7f05d09a1090781e44fa50cbd08cba3616e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\1B8EC99648104CAB66FDD36087B20FB20668FE82
Filesize
32KB

MD5
1d84c59c0d105ba57fd587b99175fb02

SHA1
0a033b1a5d552c8d9bb6bcafd210216e0b702191

SHA256
58c1fe8f1f7cf968fa76e5f4387108fa3a1d805eb0bf3a8459f45d741c27762f

SHA512
f1b035457d2e06736c588622e2e16048148b11b8b4ffda62d441422761be8e0e68a58db1b394bc5eba8aa1177537e9c5c917c3da9083fa49fb175df717eef267

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\330E57AD0B8206512407062DA6041E18125D8074
Filesize
24KB

MD5
8e62eea4221c224757651833a85b707c

SHA1
f96d40755a1c69c53e03157717092e23427aeed7

SHA256
85550d0ee0b445d131c92f7a225839b80c3d46b768963470ed151e59d02fb640

SHA512
9b7a72833e918905c29ccc26b40aafc4ed07b9aae1980c8d91e5b48154e043c4e6869eca8116bf88445de2bec3e1230422ae4dcb1d619d2b99386a0ee86278bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\370692646C383B1CC22EDCBA9F8DB753461D620A
Filesize
41KB

MD5
22c10f07407cd8788a88be866514bd7d

SHA1
1e874b7ee307358824e389cc915169f0b7ad0d77

SHA256
03ea1dee05b4c120659e4eec43a0b150ac02bb9442ff25bea6d0036c86b5e7d1

SHA512
5b8655a716380daa3e804a26ecef909c1cce09411ce723d6ed7fdb8dba905655d6f55183bc7c3dfeeab2a2af85ad6627e7133cd5f4ea949da901f90c13351725

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\44836238049E96471D6554497813EF38374771D5
Filesize
333KB

MD5
0571968cef3be50a093d51b05784d9bb

SHA1
844a97fa0a9b5dc79d0333cbfa3a1627ab267c95

SHA256
c473903c8f6706d216ba55cf47d3d0b7f797e074c7f04dd1e092834122e3dd0f

SHA512
ab37f71745dc1b581fd9185655971941fb4fc075f4827435543ac7192b58066c9f676b80f7606400752734e69f33b377b5dd91a7ca50ea6688ae0672b9a63543

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\47375858E82A2DCAD31131A75BF7CA6150133B59
Filesize
58KB

MD5
9d2904dd09e4767524931905708d1aed

SHA1
4d77275dede11b9026de78d49c5db14b71c7d19f

SHA256
7f27a4cdbbd30edc5c8adbfaf66e69d2283038773d2595a02b73b0ebd9a2e8f9

SHA512
ed136dbc064d8d4cffe72c0a7e6b16e3c337d79231d778dc044b3eeda329b147e959cca717e690d8e9717663b440d34c3da97fa53eb145a2f703b090b40d1583

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\6A02DCD5F756DE8DF6A4CBB7CAA8037FC817B107
Filesize
65KB

MD5
bc02a892fe0f507312c45215d08ab4e8

SHA1
c1e1da809ccb351a99c6a100adf1d0743c3f84c8

SHA256
7d9e1b7a6bad1a3bbd2c75994631ad181613d705bd18044b368e943a73187576

SHA512
40183a3f81e9ab3596550fdc97e8b0e528ffa9eaf3ca3c17f685e3d52153f0f6ebd8c4478601da091cdcc1ab7da3261cb63865ba27ba4fc44b491e9ac3fa0904

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\6D298E98B21ABD32AF71E40D60A916427900348A
Filesize
60KB

MD5
29eacfa960a4f23cb6a1251f520c256c

SHA1
38a3ca7d3be1a2f77774aaad54fb074d23a3dd49

SHA256
2bc6f40923c22272b524f5021c9d872de45f5ef14388909020f0bd2d0f19803d

SHA512
6984d4e1530ab1477d7cf393dafc6a71be88f7e4f7ebbcfcea703021095d361acdfeb2cae7bc1e103a158953d29097d6ebaabe20ca94392d507c16ff176fd7d7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\7672C49DACDA27C85B31956D670A430E3D5497E5
Filesize
949KB

MD5
61dac0af0eb5eeb054f0583cabd63503

SHA1
c0601970675cde6f0fe9a08cb2e8f54c822b2747

SHA256
f204f81b0d61b3bd2dc6dc5c4c6d67b117f82eea6586056995daf1fbe6f5ffaf

SHA512
961a2f3378d3beea541a1f1ccb37b66d64a813530eb4b223f41d457a008d2121b425901b69f9bd2faa61a931d42df205173700a88bf3d06b1967bbc6b1d5be25

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\8835B189820E8AD0379E4A49B1968AEF8D7C1F60
Filesize
33KB

MD5
8d67753c63535842cce5b0b409f1cb31

SHA1
9c5a58657b883165b987e71b138bdd78f7fb682f

SHA256
65581b6ffb1a1a2254b9479b40a940e6d60867d631b48f03c1372e9d064fd199

SHA512
aad1a3eb11733906a8dd2315f4ee1b25ad5f528363b303d67385690982fd832e4b8634e725100101f5b58baa6e3223d21e9ec0e43aed0ce0829d1517f07189c4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\96C3E502F86DD32B257160FD7E37883A44B7E522
Filesize
127KB

MD5
e0cb5a2a69eb3e5a8c00f20e307992c2

SHA1
3dabc5f85da007600d82f035e1b94102365c191c

SHA256
ce797c4daa0f8e1c9ffee8693ca3374109ff5c53de75c6083fd58a9fa77ee9ba

SHA512
90e1c82e490875d0f36a08ab432e73d181f728f909bdf0e94f8b3ef243c3457e38e1f0f7ea504cbdeb192aeaf87fb538af1f0496b931972ee2237c3a07fa7b83

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\9B85EC67973732269C5D1A6EEA2C58CAB8237701
Filesize
39KB

MD5
89d6d0b6031883fa9e1d2c24da8b5ca4

SHA1
dbeb7fc825fd96c35a7b0c86150a2fee2201eddb

SHA256
b581874f19474bd88082e2610e90d92d98f0f6218a2e803cde731d1db46f7a84

SHA512
db74abff84cab97290087103e3e0136edfae68ca776e8a3ecfb01904a201975098fd2f021554e61c784a7a0ea7ad2535236998510ea79fd695c2e6e9eec42737

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\A0D91930D3248D88263AC1A5FE6FAC60DE487747
Filesize
33KB

MD5
30c8eacf1d3e10a8da0cae43ef108453

SHA1
397dc6c78d0a241c64a499a99894c70ca0614c24

SHA256
ab27cf90a7e6ff639698c06f0e54e5835e594f01b14e735ae2cd6a2f1c945d9f

SHA512
065fa9a2fea845f50c5f00a206f5c1c5a2df80a3f726cc83e4a1f684d22ba0567a5a10836aafee781e110390c22514e61682bb2ad9d8117ee2f9d5111d44af85

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\D35C09500437DD22D7C72D16F29F6C78D8E3C45D
Filesize
40KB

MD5
da02ae6dce56657c1962887c0566bc03

SHA1
21f3cc994986e1ca3cb451f9dd4be443840ad786

SHA256
5330942636e87a1ae1cb128f3afa239318e0b08ca35a29f3c1dd9397974dc7e1

SHA512
78db20d8fcffa98471dee17ac0028d6302e3e1c391fe9ebe734d93fb7ccbcadca2879cb561fee4872af44c9a229d57baa7ec42d18f809d8d74f60c3c64719f16

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\D964636302D374DC68C4DCA2362B6B75D9DB1ADD
Filesize
46KB

MD5
f947d9288f892c6938196341400b649c

SHA1
d0acda52d4216f244913315428748cb6e46d8251

SHA256
e84c804be7fb27decf55435ad3d5c2a001cffa8a8d5781d095e1746e570cf0fa

SHA512
ade73ba7934c58b61a275eea592286e66b5c34f6abcd519fd20acf57eb5b284e85953c9366d6972868143187fde4776e649eb529dba3b59d3d8c3fa09ddfe0da

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\EB0AFAC9F00037F566875BA403ACDBBCE74EA4BB
Filesize
214KB

MD5
5ce0ef57ebdc0a21f889e48a808d0d0d

SHA1
acff21aa72f689fd0ab313799aaa68ff99fbad9d

SHA256
1ca9b69c3cc90f04062c615913842435743ad01c1a3067a125c548204c59cabc

SHA512
633f94d42f7985fa6eb1b73687914c21f710770b434645b64a46af9f3c705a6220cd1dff2362da96e58fda063ed4996c2b1933cd6532d073ea30247e9e89f807

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649
Filesize
13KB

MD5
316dfb919298c4b721e0becbfa342b7d

SHA1
7550fe00ea315c51862ddc8a6ccb668ec76330e3

SHA256
652b29ea87d4597af3f00de81b21a8a354e181eae4e22b1eb7e870a6ab5a1a39

SHA512
1a78fced79e9d0601a0f429622a674a251cf566723ad8264e6b3285aa4a72a7a7654a671a8a6280d3b459b0a593d9b17dfdb3a9187591b5066f4b98beac54f49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cache2\entries\F63C822E7AAFC0ED25190A22B0F0D8103B08D6BD
Filesize
38KB

MD5
9c4a55bd399b4f632dcb834714b25b65

SHA1
f1d7e73da836350ef05948d5ad1b418f32689a7f

SHA256
62f4983277047135843d7449c95e83ea717ed01a194d51d4d884799e7da9ce00

SHA512
383e11b178483aba61a33e94ebb510e3eddfd2a02e5f4c390fb9f3b0e76ff053e4594b9a2e57dfdd7951831cd2977bfadd05696b368b525b2d0dc1d41d3f281b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\jumpListCache\iHmgKWRpU7EsfWDx_nLg1w==.ico
Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
19KB

MD5
3f0c240061e556ea3ad82aec16c76a54

SHA1
e46d948db085779bb4a888df37adbd4f68884ec7

SHA256
c1d63eb0b2ae391aea68f5f9be9dea65c462a5ca08f247f70792b8f561b64a35

SHA512
2cf00d97e177aa36d9d4de609725c06ae1b931f7af08174dd32be715d03321bca128d619d3e79bafa47abe2f39ef037cfb09f073bd366aeda694fd407ebcc445

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
20KB

MD5
3988e9a10ff85a402e1936cab3a0db25

SHA1
9c46bbb77f803505c82c8090a308ba64d60dffcc

SHA256
3127ce705528ab7dd0d8bad74ef14a398144a56cb56085a437147a4d53c48c24

SHA512
81060949d722671a10d97e129386085a9961121d982407e86482d1bc77bd39a9496d95c3051cfb8af017a4dc2ba8e4558cd58cfa9e827b218843533e2c24243a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\AlternateServices.txt
Filesize
2KB

MD5
519784b9917f2df16bb7ab1859e35b01

SHA1
f6612ebb13a90e80df9123349c787cd2a1f13392

SHA256
9fe58a7dd4ea92a6225fa7223f9163a185d29d313157698efaf10b80da2b02d4

SHA512
49b00c200274dd55b87f236b1863e52beabb1a3ad1ab95d7690b9c13e902252c797d4eca5f40082df70aea53639ce1fa612aac2799fb1005f4bb98f7694960a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\cert9.db
Filesize
224KB

MD5
0fd0b97242cf64112ec802c7c8d01a68

SHA1
477446f30910cb8fb40cdae88aac07a579161166

SHA256
49c6bd04015bc5f68597a30fd066b645813b71a270812c8a1b6555e3ea479f22

SHA512
f0b1446722c1226caaa28c804831dbfac333b346bca4edbb50856f38a134ab143f62745e43a85c8714351496dd63c6bc1ef6ade91128de02e88017da1a18d731

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs-1.js
Filesize
6KB

MD5
70b42257ec92b31574c9dc5b51f3a03f

SHA1
7f19a647f70ccba03459b37f880cbee3a645acce

SHA256
cee18f9c462cefa52c29e5bf89e24182227f8267283070098b4d6612094047ae

SHA512
e42eb9d92305557773643567e47f89852791365f6f1a92de48b4f87596c70d2a184ff2ee25ebd5b00b0f4cb08b7c2b2cc0c636e003180596468ed64d21d2af21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs.js
Filesize
6KB

MD5
1dcf5ccc74053d16fb0b6a40be0516c6

SHA1
5d8fbfb9f986dadbe625a5bcf2b882c81598892c

SHA256
1e38bff9b342228555321c927b7994848f2e58a7c0cf03718a88116e024ce660

SHA512
fd89962af9298087099befbdb8af9a0658ed751a30ce235336d992bba06cc704d4bdbc356075921adeb719e3ad4d46b2babb94e69adbb37a095142ff4b24117d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs.js
Filesize
7KB

MD5
9dc2f3a4aac0445ee17c81c9e6c79b04

SHA1
b31b49db4a1f923e9125be17f1d04defbc80d954

SHA256
a7b056e001ba0733932780ff07d1f1873baf5a5422fcb6d407529abe3d0ce988

SHA512
e84d27903d7697d608ca0c32234f9b9375ef9491ae9f43223d62c3f8de1a8eced95c73d23f83ace34cdcb7c14d0b7137de3c2a078e97cf704a6643adbdc3a8d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs.js
Filesize
7KB

MD5
b388ca8cfd3db8698e4bce875242ec4d

SHA1
4f31cfe703eddad7a5d46a4c36b9c7c0f9d45db1

SHA256
19559355159d1d00a4b4dec7db1e271aee74a47dc263bb99dd83e1e4038487c3

SHA512
8cbe805fb1cd95f987d8d1bae063fdab7ee19a27b7b26a2627f9cc7e314500752c16c27cbe6b127d0b7f4417c30fac129f877818d42e299e92642829d35f56f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs.js
Filesize
9KB

MD5
97b69bb49063671f963b62efec28daab

SHA1
c8a5c950f266ed1f38c6993934eb93552014bb4b

SHA256
4f40a00b8a6bfe6d24897e01e0fb3dad9109ddbe07d709869821c8cdfbeb0e58

SHA512
5b1c86d9712f57509ba2f1690834b3f6bdf1ac54e673485d1eb255a67fd0270c568220a572314c4d51a76dbbbafa2db093e958b9f58dca5ef400f5003ccb640e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
10KB

MD5
e6a86485e32903771cb8e0cb6cf921df

SHA1
46c693645ad35fd2de2e166812363c954546d5e3

SHA256
b190f57a6d7ed9c61f2118c44d24ef0880c79a04fb89345afff9a7fd56af9370

SHA512
db3b91ae78c8fa51cde5c8c9da9fefe4cc211a3e5e806208db44da650d0c3166c532c9be12a8a7b90c9102737e2b0dd7d401b8d157d3543a1d37ce95edb731b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
10KB

MD5
9fa58256b5d4b6bc37485301241724e7

SHA1
acb2661ea9d9907e1e3f12709f13ded9108d1c1e

SHA256
ac8e977753712a0bdd928a1c140e63aeaa99c1ef03e4cdb512636716fdea4ffc

SHA512
f91389799aa6681c6a09f10444b01b7fa9386dcf2615b92457c42f75893c56e250c92b7aeee9a8fc9f9aa2bdda5e12fad4ad97cb420186c8b84c63f990fc1512

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
9KB

MD5
9f230e504ccab48bae3448e458b75fb2

SHA1
c53fb30fe99406e8cff194895e1edf6cb5ffe7a2

SHA256
0e14cabd007f2ac65ddd1d002367e4aa403d6475ca501e2c7632585fed496054

SHA512
96fc62e804e9df735194784ed94e5c9357ee3669391c6a9e03d9c999b0f056d77003921d89b4e75e3254573ed98a786329a2491327e20ea65ea6a2d4adfa71ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
8KB

MD5
a4ffa69dcde820cbac4116944a60501f

SHA1
c81a7d5e6f9be0a4c0713689b5afa2e675db6859

SHA256
f2e4306376e84ac23aa188eccdf5dc429d81964ff6587b7294eb500244370c16

SHA512
30d961b98380d02498b7c9d41a346c1a54f2b7a9aeee2e67a8e96a4bda52092556420be1ae21bab41340532179d7ea56ed1b3c0679d355c8b41102cc314b4df8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
10KB

MD5
f7634e86c50a6c6f96867d420ef51207

SHA1
892b997ae8fe49ad70d55ca99493df77df81e4ce

SHA256
43eb3bd782c0996653cf6d256498268ab501b9a562f37b5081219f886bf71b7a

SHA512
1a6256840de618c62f2240547b712aa4467b5af53436acb4aef91371ca8758b15275a8670ebe3c8193ce26052be59e93f5b22f5c7b3d16b48cf906734557dcdf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
9KB

MD5
6a4f52a8281b0354f3061c1f2be485b0

SHA1
67bf23df63f5e7841da4a5c586c5b0fbb4908846

SHA256
2dff28822e8898f2636678249fb7bc7165d895a62235bc8f74478f926e40c5ec

SHA512
3d18b7cf344fc1170dade4cb5b0ab5b16d25bd4325e05837a559262aba0bef5c1378192a1aa5f9ae8224d265747d563385ed1579d3556f6fa864aa6021e76cf9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
10KB

MD5
ae7df411b908c8f183e2ef5feaf20ca2

SHA1
f5b0a5f61bcb88f12c17a3b3cb0b47cfb4a224ba

SHA256
5833fac66483da9a78f5b7b9f49e6e449d9ac4c92aea2f33e22e35b57ca94ef8

SHA512
1fbb6cf5b8c32e75b1bac1901bc3cf4188128c64c21df058e986fe855b3fd66ffc03ea2e7b46877a1eb5174b57fde85a9957f4366039c4b709eef27fd8ecca9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
10KB

MD5
4b8ff5ccf7dc089199b202c0139b923b

SHA1
89915534f33b0f99a7dc252ea0303bcf7b79f678

SHA256
1d1be5743b0cf5bc26e856c041b79e7c5523bc9625c9fcf5a6c7d7b14ffb37d3

SHA512
e3723d4ce85f656e6f892b546a0aa0d469d5de9c13977e886f8bb62dc4ea42efe08165f866553b1388c7329f2ee43f5d937c31f2cfb5d00afced273c2d37192f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
43f67bdf80f58487b44ff3065ba51729

SHA1
3ef3f8a1bbeb6f6dfb29635eb830eae9a7fd46f9

SHA256
faf6406eec428895f22c4d95a94be5a69b001c6b13c378d734fec9db8ef5e4b6

SHA512
756f871d5be86c04a8dbb49e133c9ae602a1582ab87d14607852cfb8862c49ffab89afcfb72af879f727bbf581b2430ac07770110cbabc82c6a4ea72a706a290

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
54c3c47e7561f2a1083b7fb4f147afaf

SHA1
1cb78c5315cf5fece97fa90e6f924100b9add85d

SHA256
d7a4a40c6a30f8262b6b86ffd5540e5d4c053cd81564e7e985982910326f93e6

SHA512
bd5653f65b6ffdb9ebf1ceae513b693c7309cccbe5e876e14a715fdbfba94473c024e0b95c7c65a95410056c2c674fa42dd1de4e165b295661dcb54b73473119

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
10KB

MD5
6b1111e88068c7ccff3965ec59291826

SHA1
0aab16d4f192c19fb3f76e22fa9711c4b2368d6a

SHA256
6cba9a3d0e5983008b7bc4b184a1e4cd51b7554d3cc539b520b83d182b8199d1

SHA512
831614cff8362bd8bd75f0fbd0f29b5e409c2659d03d1e8ea9b84347aaf4bb5856b88ca4a51a5a3c64d0bc23db2af2ccf3a11af8d986639bf15103ec757aaa3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
9433d7511a231693f37d0a4400cab5b7

SHA1
0946463ddd9c322b097a53bd854cbe0a09e8bcd9

SHA256
425a6dfab8457fc18b79a94800fa959bf26c1e2368b257ee04bcdc848f3f28dc

SHA512
d195b363ffe61f1a30100b941ea6b0b140928c1fa313d0816c932248c0ef144ed68f517731704434aa16bf5597dc58fc2291d3788264e9a2ecadb6a8f58f6f87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
10KB

MD5
f00af9e110d11792701bc11472e60b0a

SHA1
8acf69e2817f54d24355afbb54eaa0fd3bade654

SHA256
3ee70a36f009e49b07afd447580211d37c08863c86985bda0dfe82462e03e20d

SHA512
04ada7b2dadd5fbf71dbe02fe2985bf1eec1923fd061a8767ee3905804cb8081950f65e20c60a9d09ac6888b3ed27d7030fb1c7ef7d62dff7c83ded9fce1e861

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
8KB

MD5
ecd29bbff748b5a45906541e464ec293

SHA1
0127d8108c8c23302b57256115d489927db517a4

SHA256
0682ad1af88c7c0c849307e239f82309b5efad1edd03016b9a19e66529658b26

SHA512
e9ed9eb90fc57c29cd62387f4fbb0328cbd048231a9c2f40a5b0e544d94a091fd4706ce49d5d0b5b6a310db40b503e52e1863f7d310a698156444c1a196d24cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
10KB

MD5
08b0d15f03043297ac795871b3ce58ec

SHA1
d700c190fa504cf161621f9853d50f4c6d44e8df

SHA256
72da66fed0f662b0a371f81856a495251cc695c8fe0a04db35990bf8a225e8b5

SHA512
b94936da7c1af8411a29082f98a04f6ded8e11a7e63756e9d11f46782245ea98175a384a70bab99e1150bf5d87c3e4ac083030f87de384cc3bb0580ca3da101d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
9KB

MD5
3433e06a63dc1b59efcdc11506d4aa17

SHA1
b9535a2df8b3bb7c63f9b2a06c9ceb458d605c4c

SHA256
13823dab0fd4b4f6d001483eabf9a6032e9edf0a46531ec6347eb1f15a141aa8

SHA512
84d9ae7377a1e11338c8fc39afbba7e7f59599d89e1ca450c8ee7d58284454a37f9e20234164b8b233233db327e69fce8ddd184eacc2d1c75fe2d406230888ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
10KB

MD5
62ed22c8d9fc83a473b378e244e39254

SHA1
abe03f16dfc01e1d6f4dca3b3ea01b8c2c894ee9

SHA256
3771868bdcdd6dcad1b39350248f97f8e272595c5881d255e195f70d85b06d25

SHA512
59a53a1c065cc25da4987d2f681489b549cc93c14999f81650173b2e150fd4b73eb3478194eda57df6c2296f7996f63497dfefe535c80ab7fa1e1a4d67680ddf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
10KB

MD5
7dff34887d5b78d2a6d18d4b2580be31

SHA1
218114e55ec577568cbaf8e02961be93612db932

SHA256
7c3db06de74fdcaf318e8d773e5900f8e945d38f0f25e718ea255bfe642d6581

SHA512
a1e346e64c906221d1757dfa12275915ae734a4dd86f53d54f708fb4aa75c2c72a9fcb386f042c1b15546ae30f45adae4dc497c60d585cd696bbd668bd9623a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
10KB

MD5
46f2618e0a37904a6dca97000ce6bead

SHA1
acf72e4d9d5c076bca690789452e08d9ea42aa1e

SHA256
f85af789fe002ff03402e5c738b2c7d7aa3b0b690486649be215bf7de59f346b

SHA512
612ca4fddb135b8e3b5d7a71d022617b24f022e2107052d4ba4251d24c7cf37b955f1b2f1c36e9ce741d4b34848acf173b4e4393adf8f8e961f7bb06d78ed95a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
10KB

MD5
ab9492d2ae0e9ab56c4bfe475e445c5d

SHA1
3c440ae511443a0c4ca558520bd54505949bc72e

SHA256
012d39d98cde956b11827532692d7e182f936c5f1d51d0150805e062b0fdf207

SHA512
fd0c4a60512ea04878f62dfd4b8255fca0240ab72d748c14694ddb8f536329507325dec9e2db87d8226818ff4cef714df0ff755b4cc900fe864a170408560f07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
10KB

MD5
a736f2cd3aa4e3879801cda0ac2fa9af

SHA1
5bce06f2910c0eac30953bbd21f5739c6f3b2b4b

SHA256
8fd38fa972ad2e7e447bd100d8dc2696be8a463f93c07d8d163eb3bd73c0ee79

SHA512
2f8976f7f54da06173092cebdd1e30e7e49fcfe02de92861aa22e0fa6aacc5cca431432ff919aa32961937461ea504b855f6e76eeda3b13a3ed66d653854fa13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
10KB

MD5
a6bec3bfb32fa5c163f1081d5aaef2f4

SHA1
22e12173fa0ed9e1a84acfb05bc3b15de451dbfb

SHA256
bf549c81e2ec0bb1e67acad3df38c4971b377e2b41bee1de9a5265dc175ce012

SHA512
bf355e7d5296e6cc33a1edbaef97f67c854e0b1e949abf49a207141cc5508f782bbd7dfbe844fb48c653abdcd6f8100987394fbc65fe6fabc74882ed4b53c582

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
10KB

MD5
0b959fe2076bc9bfe2c265b61e17eb75

SHA1
aab8ec9ee3a83f89a19e7975eac7b70de4b7c9db

SHA256
f84764c0ba0da51c600139172a3e3741a2cbf7f1ec6686182584431c4075bf22

SHA512
60719c72a73cb45a2478106ae39b2e28739e9dd467ef2f64e17444288259449b9f16dd598436ad272ab1f4349a856e1344fa2653781ef161e7625490cb9cb868

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\default\https+++www.virustotal.com\cache\morgue\189\{0f324c99-520a-4c5c-ade6-5fb054d05fbd}.final
Filesize
47KB

MD5
54c3178d5f34066c836808cde13554e4

SHA1
736a5721e01b5731cc8f97973b29ba53fc02aec9

SHA256
93f00a9bbacc3e757a9b2d8e6bbf46649f5aa68b489eef1987222069d9fd6949

SHA512
27486cf2c9ae87fb3e0fc2e91a07d8edba407b8c338e6ec5617008f1faa9fbb852c54457c2a5bbe309d2db0d0a3412e65b6e13f23e1fb651872b170f8d7ea02b

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
Filesize
18.1MB

MD5
707fdb44e60def7bf6883dce668da1f0

SHA1
2775ed3164350606e57b36d5f3e965b633296c19

SHA256
7bcd6157832630f06b8621c3d67a62535fe054b8aa6516d3160db19d912df416

SHA512
86102854ab9966fe995153b8cd3f75d93df53cb18a4fb5f127fb608d06a8c3739161da788d9417e505fa7e4525a0c8335d1e20de89a9c2b29a91f76784fe0e70

Download Submit
C:\Users\Admin\Downloads\KsYmvD0D.zip.part
Filesize
25KB

MD5
1aea5ad85df3b14e216cc0200c708673

SHA1
e3ee16e93ba7c3d7286dc9ebbaf940f0bcb6cad3

SHA256
8dfa496c93680adc10e77c0946c7927d3e58d79900013c95dfca3411d766bd16

SHA512
06faa190350e4558c6d4f1f201dc0698587495897593aaeac16f3ea3d8c1c7f81d65beea6bc7e730ca1df9bdfdf3cd2bcc84bf50f64787e0b1dbd21492796f36

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\Ana.zip
Filesize
1.8MB

MD5
cb6e4f6660706c29035189f8aacfe3f8

SHA1
7dd1e37a50d4bd7488a3966b8c7c2b99bba2c037

SHA256
3341abf6dbefb8aec171f3766a4a23f323ff207e1b031946ee4dbe6dbb2d45a4

SHA512
66c3351ce069a85c9a1b648d64883176983acd34c0d5ca78b5138b7edc2890b34408e8e6fa235258d98c105113d1978a68a15262d6523a82abb004f78b06de38

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\NoEscape.zip
Filesize
616KB

MD5
ef4fdf65fc90bfda8d1d2ae6d20aff60

SHA1
9431227836440c78f12bfb2cb3247d59f4d4640b

SHA256
47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8

SHA512
6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\enderware\Deskbottom.zip
Filesize
236KB

MD5
0575625e5ced1be9f4018c5afa456406

SHA1
70f86daa07564d318c2825e08e2f70e8bcbd7967

SHA256
37e612d9c4d2fdc46c132a1ebac107c720e45135f5c79956140f8d38a951332f

SHA512
992f17fe1348d9f4d5f3870302a268998194e8d59c1087b3474568434e8dd90aeefe57aff7d0caa91fcfe7239cf9e9f38094b3767ae9d9bb592c41942282088f

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\enderware\Evascape.zip
Filesize
352KB

MD5
dc6e7760131e079e65bf8f2077813133

SHA1
9ac5dfb227ce624e82956de1c245616972794548

SHA256
3d84d2a869371e2196840f8382bf23691857303c82d7b5c1cace8a2c4e1d960e

SHA512
15c76977fa3532f0ec54751fb9377639daeab5ba430f5f3f098615ab868af45fa7a59a8f76c4583230fee0bf231ff75df68022b835be3deb1dc773d80929a8cb

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\enderware\Koteyka2.zip
Filesize
721KB

MD5
0b6957df7b5112415195636db7c6b69f

SHA1
1d539b1533b5e5f56723a1e3f256325f095e3ab3

SHA256
b5d89cd72f3ded5ee31a61775738c3881eb8984f37a265056055755847817785

SHA512
aa6378c8a76df76a8a0bfa90fc5bc7b3d00762af720f85016119b11cca9882c4c9e7eb2e9af2210fc8129c18e16b34ba65b8e0718b17d928dbcbec698ad6434e

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\enderware\ProgramOverflow.zip
Filesize
560KB

MD5
44481efd4f9a861444aa0aa05421a52e

SHA1
22e9b061f8fc3147dd0ec8a088a38272b0d30bcf

SHA256
7b8632db07cb8693963402624e6ad884187b23f81ec7968fba2631909d5919b2

SHA512
819cf783345751f6fb000142b59ebac5b72c8878adfaec1c9472bf242d7a469cdf21a2d89c6e292599606f19782c1951752f763bd89efed35e1b0f2d2fd52827

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\enderware\UserOverflow.zip
Filesize
564KB

MD5
e63eb8701abeafc17e18807f996a2c4b

SHA1
e11387f6c188416f43e1a72f4ffdd759f4e43e54

SHA256
7eafd43c18f9613d762567cb5e00d58df71208d6b94c23d634daec42170e0d6c

SHA512
d996ea9566a588bb30fbaeb38435026804b80770a22a1438589e86e47f13ef07187538a105613bfc907bf9a6a377805f69d9e9de071e7ae57aeb11d4ac98a136

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\fakescanners\Activation Security Warning.zip
Filesize
437KB

MD5
22c615e3ede5c9ce4b0e6b157d3cb5a8

SHA1
4ade6563786d60e20d7d9e004cbb669db2f61f96

SHA256
36652fe4c6d926fe6398d49a448b138fc4eca926341bc7feece230dcd540dca5

SHA512
0dfcf308be70663966625a23c5acd8763a0e2644da7d5965aef168764a44c4200d5116af8f27dee0b8da12783f50d3ece95ec29b53e690673d0a1b859e2b8328

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\fakescanners\AdAvenger.zip
Filesize
5.4MB

MD5
dd0cd5436709146f9ded29cdab6f9847

SHA1
3edf49f80bb9c4a46ca9379e25c8366d94be7d0d

SHA256
d0607369ec47f863c1b6bf52527c54a5bbabb97736c22f46eb01c45864a68fdf

SHA512
253766a39558d4fe1c61274dbbc6e04631aecf2f1247bd9d3dce75b970e2628d0b0530dbb321ce8475a0e30e2aa2b970aa821a7f38920fc19d55c4765a129cbb

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\fakescanners\Apple Alert.zip
Filesize
216KB

MD5
0c06e4411f6c6f472789f5ab64a439d7

SHA1
7b29eb40616a8731b0eb6e045957f12443086a07

SHA256
f8b40acfa83436933d9991c0a0e8647665ac99d0678584f539bc3f715262410a

SHA512
d4034aead48fbb37c0d5b219db2f97c19975fa6ac30340c1cf034bc4acd84fb53759b6b35422efc3c12a1b41a3c4a89a022b4da3919c45a3fce644fef62482f6

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\fakescanners\Apple System Security-1.zip
Filesize
256KB

MD5
cc6495fe7f6868297e683e5271116602

SHA1
3132994353e420d37b588dd77b509d3bf26b4768

SHA256
4240a39fcfaf2709837562e940c4b2340fd272c0435a9f84f37ff72fac59852d

SHA512
724b69f141bbc0816cba5fa421b49ae98d85c8971e0d1da9db5fa4c69270136f7dd2d6b562509f7c4537bbe9c8f2b14ec4361806e7b3087fcaa9d49f43f50c00

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\fakescanners\Apple System Security.zip
Filesize
784KB

MD5
5cfa93722a1867c120b2cb030ea446dd

SHA1
fe32cce6de6b1ada3d07cf2241170cf58512dea5

SHA256
01d74dc1c1766e4c2d7dcb12f8174ed00c3d07acface8d582d498e6581bff412

SHA512
7324482f0960e83beeab509ba7343bc7132f6aaed25007f2a72b544b8a4c63cfabbe12bddeef409a7f6ecfff13f9ba04c2cb349e9fb979ec378c7df11cbe5bdf

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r.zip
Filesize
3.3MB

MD5
e58fdd8b0ce47bcb8ffd89f4499d186d

SHA1
b7e2334ac6e1ad75e3744661bb590a2d1da98b03

SHA256
283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a

SHA512
95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\210121716022148.bat
Filesize
418B

MD5
f2c770874d6150dc5f8e4715167b0b29

SHA1
8eaa322da389ee5adbf86db942f4a99173d1c586

SHA256
d4ef8137d72390c3e00953dcdbe582cae79f9f77ddff4aedb5db65b49371d0e3

SHA512
24bf52504473728fd130d21842e82dfbbf64013384220163d9ce38c6451496f2c9a65e3463057d5c85cc7f99d266fc5fa129bce55cbdf6b1f84c3089b2ac888d

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\@[email protected]
Filesize
933B

MD5
7e6b6da7c61fcb66f3f30166871def5b

SHA1
00f699cf9bbc0308f6e101283eca15a7c566d4f9

SHA256
4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e

SHA512
e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\@[email protected]
Filesize
945B

MD5
a95829ac6ff38512458a101ad682cfe9

SHA1
cd8ef7362c170a592a0fd98171a5c5d127ef2062

SHA256
752b16108b6f2b16dceef00f47632a3747f4e74f5099229387fa4618c30020e0

SHA512
7251f56f2c1cacf83f1ab1494fa3f3bef3da8b5596dc22274f052c3c44fbff63d0d10beba532e9d0d4e7a133f3e8248e074eb3d6336c2cbe5d215f8450607a06

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\[email protected]
Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\TaskData\Tor\tor.exe
Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\b.wnry
Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\c.wnry
Filesize
780B

MD5
93f33b83f1f263e2419006d6026e7bc1

SHA1
1a4b36c56430a56af2e0ecabd754bf00067ce488

SHA256
ef0ed0b717d1b956eb6c42ba1f4fd2283cf7c8416bed0afd1e8805ee0502f2b4

SHA512
45bdd1a9a3118ee4d3469ee65a7a8fdb0f9315ca417821db058028ffb0ed145209f975232a9e64aba1c02b9664c854232221eb041d09231c330ae510f638afac

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\m.vbs
Filesize
297B

MD5
039bcc5a3d95aa8598d901f69a58dc1a

SHA1
812e6de5bbefcde620e02cb48b18894e72f69ffd

SHA256
5c8ae152744ce852c9c4e26c9ea9ce52c621b917d54912a15cadb96f46d62df1

SHA512
46408e8adcd5a3b6b36b927f4b697ff8c31f9e8f1ae669470106bc4b388ab9839aebaf828fc8ba92b238395af318251f57c98dc3131add19f1382f5b2a562124

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_bulgarian.wnry
Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_chinese (simplified).wnry
Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_chinese (traditional).wnry
Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_croatian.wnry
Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_czech.wnry
Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_danish.wnry
Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_dutch.wnry
Filesize
36KB

MD5
7a8d499407c6a647c03c4471a67eaad7

SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_english.wnry
Filesize
36KB

MD5
fe68c2dc0d2419b38f44d83f2fcf232e

SHA1
6c6e49949957215aa2f3dfb72207d249adf36283

SHA256
26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

SHA512
941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_filipino.wnry
Filesize
36KB

MD5
08b9e69b57e4c9b966664f8e1c27ab09

SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa

SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_finnish.wnry
Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_french.wnry
Filesize
37KB

MD5
4e57113a6bf6b88fdd32782a4a381274

SHA1
0fccbc91f0f94453d91670c6794f71348711061d

SHA256
9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

SHA512
4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_german.wnry
Filesize
36KB

MD5
3d59bbb5553fe03a89f817819540f469

SHA1
26781d4b06ff704800b463d0f1fca3afd923a9fe

SHA256
2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

SHA512
95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_greek.wnry
Filesize
47KB

MD5
fb4e8718fea95bb7479727fde80cb424

SHA1
1088c7653cba385fe994e9ae34a6595898f20aeb

SHA256
e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

SHA512
24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_indonesian.wnry
Filesize
36KB

MD5
3788f91c694dfc48e12417ce93356b0f

SHA1
eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

SHA256
23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

SHA512
b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_italian.wnry
Filesize
36KB

MD5
30a200f78498990095b36f574b6e8690

SHA1
c4b1b3c087bd12b063e98bca464cd05f3f7b7882

SHA256
49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07

SHA512
c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_japanese.wnry
Filesize
79KB

MD5
b77e1221f7ecd0b5d696cb66cda1609e

SHA1
51eb7a254a33d05edf188ded653005dc82de8a46

SHA256
7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

SHA512
f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_korean.wnry
Filesize
89KB

MD5
6735cb43fe44832b061eeb3f5956b099

SHA1
d636daf64d524f81367ea92fdafa3726c909bee1

SHA256
552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0

SHA512
60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_latvian.wnry
Filesize
40KB

MD5
c33afb4ecc04ee1bcc6975bea49abe40

SHA1
fbea4f170507cde02b839527ef50b7ec74b4821f

SHA256
a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536

SHA512
0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_norwegian.wnry
Filesize
36KB

MD5
ff70cc7c00951084175d12128ce02399

SHA1
75ad3b1ad4fb14813882d88e952208c648f1fd18

SHA256
cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a

SHA512
f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_polish.wnry
Filesize
38KB

MD5
e79d7f2833a9c2e2553c7fe04a1b63f4

SHA1
3d9f56d2381b8fe16042aa7c4feb1b33f2baebff

SHA256
519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e

SHA512
e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_portuguese.wnry
Filesize
37KB

MD5
fa948f7d8dfb21ceddd6794f2d56b44f

SHA1
ca915fbe020caa88dd776d89632d7866f660fc7a

SHA256
bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66

SHA512
0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_romanian.wnry
Filesize
50KB

MD5
313e0ececd24f4fa1504118a11bc7986

SHA1
e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d

SHA256
70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1

SHA512
c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_russian.wnry
Filesize
46KB

MD5
452615db2336d60af7e2057481e4cab5

SHA1
442e31f6556b3d7de6eb85fbac3d2957b7f5eac6

SHA256
02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078

SHA512
7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_slovak.wnry
Filesize
40KB

MD5
c911aba4ab1da6c28cf86338ab2ab6cc

SHA1
fee0fd58b8efe76077620d8abc7500dbfef7c5b0

SHA256
e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729

SHA512
3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_spanish.wnry
Filesize
36KB

MD5
8d61648d34cba8ae9d1e2a219019add1

SHA1
2091e42fc17a0cc2f235650f7aad87abf8ba22c2

SHA256
72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1

SHA512
68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_swedish.wnry
Filesize
37KB

MD5
c7a19984eb9f37198652eaf2fd1ee25c

SHA1
06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae

SHA256
146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4

SHA512
43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_turkish.wnry
Filesize
41KB

MD5
531ba6b1a5460fc9446946f91cc8c94b

SHA1
cc56978681bd546fd82d87926b5d9905c92a5803

SHA256
6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415

SHA512
ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\msg\m_vietnamese.wnry
Filesize
91KB

MD5
8419be28a0dcec3f55823620922b00fa

SHA1
2e4791f9cdfca8abf345d606f313d22b36c46b92

SHA256
1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8

SHA512
8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\r.wnry
Filesize
864B

MD5
3e0020fc529b1c2a061016dd2469ba96

SHA1
c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade

SHA256
402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c

SHA512
5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\s.wnry
Filesize
2.9MB

MD5
ad4c9de7c8c40813f200ba1c2fa33083

SHA1
d1af27518d455d432b62d73c6a1497d032f6120e

SHA256
e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b

SHA512
115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\t.wnry
Filesize
64KB

MD5
5dcaac857e695a65f5c3ef1441a73a8f

SHA1
7b10aaeee05e7a1efb43d9f837e9356ad55c07dd

SHA256
97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6

SHA512
06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\taskdl.exe
Filesize
20KB

MD5
4fef5e34143e646dbf9907c4374276f5

SHA1
47a9ad4125b6bd7c55e4e7da251e23f089407b8f

SHA256
4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79

SHA512
4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\taskse.exe
Filesize
20KB

MD5
8495400f199ac77853c53b5a3f278f3e

SHA1
be5d6279874da315e3080b06083757aad9b32c23

SHA256
2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d

SHA512
0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\ransomwares\WannaCrypt0r\u.wnry
Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
\??\pipe\LOCAL\crashpad_6172_YEQWNWOSQWUSDWOX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/6844-3065-0x000001C6F32C0000-0x000001C6F32C1000-memory.dmp

Filesize
4KB

Download
memory/6844-3063-0x000001C6F32C0000-0x000001C6F32C1000-memory.dmp

Filesize
4KB

Download
memory/6844-3044-0x000001C6F32C0000-0x000001C6F32C1000-memory.dmp

Filesize
4KB

Download
memory/6844-3043-0x000001C6F32C0000-0x000001C6F32C1000-memory.dmp

Filesize
4KB

Download
memory/6844-3042-0x000001C6F32C0000-0x000001C6F32C1000-memory.dmp

Filesize
4KB

Download
memory/6844-3064-0x000001C6F32C0000-0x000001C6F32C1000-memory.dmp

Filesize
4KB

Download
memory/6844-3069-0x000001C6F32C0000-0x000001C6F32C1000-memory.dmp

Filesize
4KB

Download
memory/6844-3068-0x000001C6F32C0000-0x000001C6F32C1000-memory.dmp

Filesize
4KB

Download
memory/6844-3067-0x000001C6F32C0000-0x000001C6F32C1000-memory.dmp

Filesize
4KB

Download
memory/6844-3066-0x000001C6F32C0000-0x000001C6F32C1000-memory.dmp

Filesize
4KB

Download
memory/7048-1588-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/7156-3575-0x0000000000160000-0x000000000045E000-memory.dmp

Filesize
3.0MB

Download
memory/7156-3535-0x0000000073C90000-0x0000000073D12000-memory.dmp

Filesize
520KB

Download
memory/7156-3644-0x0000000000160000-0x000000000045E000-memory.dmp

Filesize
3.0MB

Download
memory/7156-3537-0x0000000073BB0000-0x0000000073C32000-memory.dmp

Filesize
520KB

Download
memory/7156-3662-0x0000000000160000-0x000000000045E000-memory.dmp

Filesize
3.0MB

Download
memory/7156-3539-0x0000000000160000-0x000000000045E000-memory.dmp

Filesize
3.0MB

Download
memory/7156-3538-0x0000000073C40000-0x0000000073C62000-memory.dmp

Filesize
136KB

Download
memory/7156-3536-0x0000000073910000-0x0000000073B2C000-memory.dmp

Filesize
2.1MB

Download
memory/7156-3608-0x0000000000160000-0x000000000045E000-memory.dmp

Filesize
3.0MB

Download
memory/7156-3613-0x0000000073910000-0x0000000073B2C000-memory.dmp

Filesize
2.1MB

Download
memory/7156-3582-0x0000000000160000-0x000000000045E000-memory.dmp

Filesize
3.0MB

Download
memory/7156-3572-0x0000000073BB0000-0x0000000073C32000-memory.dmp

Filesize
520KB

Download
memory/7156-3567-0x0000000073C70000-0x0000000073C8C000-memory.dmp

Filesize
112KB

Download
memory/7156-3568-0x0000000073C90000-0x0000000073D12000-memory.dmp

Filesize
520KB

Download
memory/7156-3569-0x0000000073C40000-0x0000000073C62000-memory.dmp

Filesize
136KB

Download
memory/7156-3570-0x0000000073B30000-0x0000000073BA7000-memory.dmp

Filesize
476KB

Download
memory/7156-3566-0x0000000000160000-0x000000000045E000-memory.dmp

Filesize
3.0MB

Download
memory/7156-3571-0x0000000073910000-0x0000000073B2C000-memory.dmp

Filesize
2.1MB

Download