wannacry | 8ff60deb10197c560baa30ec28d4542623c283b1af4a967a5e4594e604c89492

Analysis

max time kernel
1050s
max time network
1036s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2024 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22Soul_Top_1_Yurrghurter.pdf
Size

280KB
MD5

efca9cfbb35696516d8fc48c0774158f
SHA1

4c42a8d4f669982cada85e273820c9b1e500217a
SHA256

8ff60deb10197c560baa30ec28d4542623c283b1af4a967a5e4594e604c89492
SHA512

7e78c415e9ce2b209960cd03825480f206d0c3a3901cf89dc573e706686022465ac4ff340d10e90d87639dc01261b51c71ac07da3578786f480f84e9845d1af0
SSDEEP

6144:FUxybPwOY+w6vcmYLXBraFnQ9M1mhRohiyIQqFFHJe1we7IEIJ1vp:F0HOrDvcmYLlaFnTFTmZJmwFJ1vp

Score

10^/10

wannacry discovery persistence ransomware worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry

Drops startup file 2 IoCs

Processes:

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD9A4F.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD9A56.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Executes dropped EXE 64 IoCs

Processes:

taskdl.exe@[email protected]@[email protected]@[email protected]taskdl.exe@[email protected]taskse.exetaskdl.exetaskse.exe@[email protected]taskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exe

pid	process
4716	taskdl.exe
1944	@[email protected]
6416	@[email protected]
5492	@[email protected]
6948	taskdl.exe
6844	@[email protected]
5984	taskse.exe
208	taskdl.exe
4828	taskse.exe
6688	@[email protected]
7124	taskse.exe
7072	@[email protected]
6748	taskdl.exe
6160	taskse.exe
7060	@[email protected]
3428	taskdl.exe
1464	taskse.exe
6552	@[email protected]
6296	taskdl.exe
2740	taskse.exe
4776	@[email protected]
3356	taskdl.exe
5976	taskse.exe
2204	@[email protected]
5192	taskdl.exe
6652	taskse.exe
6668	@[email protected]
5492	taskdl.exe
5356	taskse.exe
4432	@[email protected]
5380	taskdl.exe
5600	taskse.exe
4176	@[email protected]
6760	taskdl.exe
6620	taskse.exe
6068	@[email protected]
5104	taskdl.exe
6032	taskse.exe
6448	@[email protected]
3676	taskdl.exe
6788	taskse.exe
6812	@[email protected]
4212	taskdl.exe
6508	taskse.exe
6536	@[email protected]
1968	taskdl.exe
5348	taskse.exe
6340	@[email protected]
3164	taskdl.exe
7052	taskse.exe
4196	@[email protected]
7048	taskdl.exe
6780	taskse.exe
7160	@[email protected]
6216	taskdl.exe
7120	taskse.exe
7132	@[email protected]
6560	taskdl.exe
6828	taskse.exe
6704	@[email protected]
6400	taskdl.exe
4088	taskse.exe
4304	@[email protected]
6548	taskdl.exe

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

6448 icacls.exe

pid	process
6448	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bbnbuexzwbcz676 = "\"C:\\Users\\Admin\\Downloads\\RANSOMWARE-WANNACRY-2.0-master\\RANSOMWARE-WANNACRY-2.0-master\\Ransomware.WannaCry\\tasksche.exe\""	reg.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe@[email protected]

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617433867687405"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{04A179BC-094A-4242-BA9E-1AECBB3CD907}	chrome.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

2404 reg.exe

pid	process
2404	reg.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

Processes:

AcroRd32.exechrome.exechrome.exe

pid	process
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
6764	chrome.exe
6764	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

@[email protected]

pid process

1944 @[email protected]

pid	process
1944	@[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs

Processes:

chrome.exe

pid	process
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

AcroRd32.exechrome.exe

pid	process
3972	AcroRd32.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe

Suspicious use of SetWindowsHookEx 33 IoCs

pid	process
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
3972	AcroRd32.exe
1944	@[email protected]
1944	@[email protected]
6416	@[email protected]
5492	@[email protected]
6844	@[email protected]
6688	@[email protected]
7072	@[email protected]
7060	@[email protected]
6552	@[email protected]
4776	@[email protected]
2204	@[email protected]
6668	@[email protected]
4432	@[email protected]
4176	@[email protected]
6068	@[email protected]
6448	@[email protected]
6812	@[email protected]
6536	@[email protected]
6340	@[email protected]
4196	@[email protected]
7160	@[email protected]
7132	@[email protected]
6704	@[email protected]
4304	@[email protected]
4728	@[email protected]
6184	@[email protected]
5128	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 3972 wrote to memory of 1008	3972	AcroRd32.exe	RdrCEF.exe
PID 3972 wrote to memory of 1008	3972	AcroRd32.exe	RdrCEF.exe
PID 3972 wrote to memory of 1008	3972	AcroRd32.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 2244	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe
PID 1008 wrote to memory of 1172	1008	RdrCEF.exe	RdrCEF.exe

Views/modifies file attributes 1 TTPs 2 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exeattrib.exe

pid process

6440 attrib.exe
744 attrib.exe

pid	process
6440	attrib.exe
744	attrib.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\22Soul_Top_1_Yurrghurter.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3972

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:1008

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=712E9D6558D3D91E3BEA44140D979F5D --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2244

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=318C478AC17F6D63E675EF3F52AF3DA6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=318C478AC17F6D63E675EF3F52AF3DA6 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1172

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FAC787F0E7AED652DF8F0C398988AFD6 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4884

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B07EFD7C48403E15624C762E79FB96CA --mojo-platform-channel-handle=2436 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4880

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8C68024E31175F0E6207B0C190F8B63C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8C68024E31175F0E6207B0C190F8B63C --renderer-client-id=6 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4304

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=24EA7D9111771F886E9669F346E639E7 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2832

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulte720d6b6h66ddh4a59h996bh6c2d9c9aeba9
1⤵
PID:2156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe584246f8,0x7ffe58424708,0x7ffe58424718
2⤵
PID:1308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,13358960307445090012,11952759285632399165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2
2⤵
PID:4932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,13358960307445090012,11952759285632399165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
2⤵
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,13358960307445090012,11952759285632399165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
2⤵
PID:2368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe5b7fab58,0x7ffe5b7fab68,0x7ffe5b7fab78
2⤵
PID:1108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:2
2⤵
PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:1556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2284 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:1104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:1252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4388 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:3468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4332 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:5100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:1904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:3184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:1064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:3964

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:2012

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff79719ae48,0x7ff79719ae58,0x7ff79719ae68
3⤵
PID:1036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:3184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4680 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:2008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4692 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:1164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3436 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4188 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2632 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:1324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5388 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:2720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5448 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:4760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5440 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5756 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:1192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5884 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6096 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:2688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4676 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5132 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:4452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5192 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5964 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:3100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5784 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:1216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6204 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:4044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6180 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:4352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6444 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:2172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6452 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:4228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6740 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:2976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7156 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:5304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7184 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:5332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7372 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:5408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7208 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:5484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7236 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:5492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7848 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:5644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7980 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:5744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8128 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:5848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8096 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:5896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7264 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:5988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=7252 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:6124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=7080 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:4560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=7648 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:3400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8188 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:5364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7684 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:1632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=7616 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:5620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7716 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:4544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=8576 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:2028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=8784 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=7532 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:6308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=9120 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:6576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=9212 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:6584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=9232 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1
2⤵
PID:6592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7820 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7652 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
PID:5756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7484 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8
2⤵
- Modifies registry class
PID:5524

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3020

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
PID:6576

C:\Windows\SysWOW64\attrib.exe
attrib +h .
2⤵
- Views/modifies file attributes
PID:6440

C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:6448

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:4716

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 37371717269974.bat
2⤵
PID:6792

C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
3⤵
PID:7028

C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
2⤵
- Views/modifies file attributes
PID:744

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected] co
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6416

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
2⤵
PID:6668

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected] vs
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5492

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:6948

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:5984

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6844

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "bbnbuexzwbcz676" /t REG_SZ /d "\"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\tasksche.exe\"" /f
2⤵
PID:3316

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "bbnbuexzwbcz676" /t REG_SZ /d "\"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\tasksche.exe\"" /f
3⤵
- Adds Run key to start application
- Modifies registry key
PID:2404

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:208

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:4828

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6688

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:7124

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:7072

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:6748

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:6160

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:7060

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:3428

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:1464

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6552

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:6296

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:2740

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4776

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:3356

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:5976

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:5192

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:6652

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6668

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:5492

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:5356

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4432

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:5380

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:5600

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4176

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:6760

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:6620

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6068

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:5104

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:6032

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6448

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:3676

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:6788

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6812

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:4212

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:6508

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6536

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:1968

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:5348

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6340

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:3164

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:7052

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4196

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:7048

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:6780

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:7160

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:6216

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:7120

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:7132

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:6560

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:6828

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6704

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:6400

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
- Executes dropped EXE
PID:4088

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4304

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:6548

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
PID:3848

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:4728

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:2740

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
PID:5752

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:6184

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:6092

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
2⤵
PID:4412

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
@[email protected]
2⤵
- Suspicious use of SetWindowsHookEx
PID:5128

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
taskdl.exe
2⤵
PID:4372

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]"
1⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1944

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

T1491

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240601192307.pma
Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
64KB

MD5
7805d8961dfa160a3970c1d8be004609

SHA1
22ffda4e708431c994d173cff8f2114ab8952e3e

SHA256
7d99ad050301f46b0216dd3c176ad07e5ff0f4f21b73fe19ee8c8414ea276979

SHA512
27050505738224dbfa57f267211cb978112b9162a255a05d6191d0c1ba11885623481c53975f1a104f19bf9118d9220186d8485972ce8240227cc8281e7a3aa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
69KB

MD5
c356a0c771a0209d3482777edfc10768

SHA1
1ff2d992af8a6f19c30ecbe8f3591f26fe1cab08

SHA256
32381f4549d36fa4583e599adc04056a4da80a6067c6805b7081c3f3f54a27ad

SHA512
561084baf8d65579ead79e79c2c3920ef987384d52ecc11a2689aff95c54a6b823a0c4a8e5b910e60e569450e36563f53adb5796f261f13bbeea59130b81fe3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
327KB

MD5
af3899196275dae45500fc7671ba1a97

SHA1
8baed8b4951ae14677fa093e56d5540f6d989372

SHA256
7413bc9ead0d8ece381038166e278e2554908209d8a084e961fc18eab8ee6c7e

SHA512
32a8c08b55013ebdc62eb9b1cfcaf54a8ce7ef7ab3dd208a30a3cd1f6281cafc7d667e0c19ffe6dfbea8be5cf53df9509ed0c34337d8bfbad0723aa620542d3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
Filesize
133KB

MD5
3b119bc0b1f8f4b3a8d126cd1f153a87

SHA1
e9a65c737466e5624c75b3cc72fb60877f7898f7

SHA256
0edbc4b05210c7c811e3943ab0e6e891da2933f809a817ab1cb0c3cc388380e1

SHA512
7eefefb3dffe25caf225b2c1f39fa4a204a253725b3844d3d840181408291bc469ac3acc6415453f27cadc228aed4262fdc3c9c0747e173e2a1874211db98e46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a
Filesize
65KB

MD5
f3dc36eb8d102c5b65b1a457ea739ef0

SHA1
b18742e75723d4379811ec5cd6a714d5841878e1

SHA256
7b8db0f76ae02660aeb9294c337153d4365ea193c2e9c0ddd4ca2a54fe7457c2

SHA512
db56010e8d7b5f831d64c4daa8ccdeb21deba6ce5b4594f065eb942d551c56c6174a306ee17b3359cb7260f512dfdd645ce0b62bff992bf0d2a96e9771bdbce0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
1ad53efa11111e1f4de4bc14ea476797

SHA1
3e66fe8dd244fd3bff02a9f8fc5747dc3c3993bd

SHA256
6351006b9bdc25b94580f178db38b8599c7a7e56ca59f4792cc3761dc8ba1952

SHA512
8d7678ea3d4bb99bf75dd3a2d2a8ce8793bff4ed726c946606cf8a5f9ed361464676841b4333c9e289e5ac2fd8e685a1ee72fb922ed54a76456f4fe8da9418b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
8c60b41c9937b06e3adca14ddb2a8b1e

SHA1
f7378d98abb10a70c0a5e072336445bc574a7452

SHA256
63d22b2fd97f5e6ccc85663c2681cab2e5c7958ce4f6923af97148c37d148d96

SHA512
5672ea00398fe0fb8092668cfe816ec25319813bfbd21f9df00706850bad4b81d6974968361e4746f297778701f61932da787522f02ee291e2a3ef0daa96f7b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
fc09c3d53428ae98cc1c6dd1c12534de

SHA1
2c95bb82a2f7a2bc7a06788ceba95fcf34c10a25

SHA256
d019aefac0d63c85aaf43377ecc980e2f0c284aee454c1a33dde94ef5b201f01

SHA512
de1a38521ce24fb83c3336afb3da58c2958bd6b0b6fe50b11b1af8f28bdcd774a8dbfa8d15aae29832d21834d51e587bacfd444302fda473380a8665bda2762d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
15KB

MD5
cddf691c8379f8195e05e875c7971332

SHA1
69649b7e5eaff49097de7e850e5ac2ebddc7e675

SHA256
e29e895ec3ca7eba2c8509b181369668fedf19757c0f1a05c5fddc444b349d84

SHA512
288543782562446de4484f7d723b00f9b97a429fdc7e0a93937108bae8635de6c66309e11062dd24d18434ec2ece4ed3da10ab491da76d340564b722406e07da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
ad74848d7817b208db3291ba2c161f5c

SHA1
36608ec0af841b7a0e6a8b7bd73b7aafcf5366bc

SHA256
7caa0514031393103a058cefe16b2749994a5734df78903f33ca0ce79b094cdb

SHA512
863a08a7d5804b5ce0f32e903368194609abdbf54ca32081954db441bbc51a60256588e6caacbef1b2a4c3bf47edaaf579057e882f6332f7b2b2a0b26a4eb593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
15KB

MD5
d1bf435f6b2fda2827707365bddc8e67

SHA1
ffeae1ac23c90f0c7cd3a9dc2e9925bba8215f7d

SHA256
558f447579ba8e0a9ed6cb10a7718cccffd4b043354f5725f55e0e3de6329b03

SHA512
7ac17df740e055fe793eb34a153cad907af026aa618e7724ae1ec73c9021a2d60bead9f6f7ed2a6e8b5a67baaa60295b5b18f42861c06248caf27b2619780a55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
13KB

MD5
5716aa2a9d0713bf84036fec2c29d267

SHA1
616e6ae81a7bfb755541f80360b82f0df4a48d23

SHA256
6ba8902f2c182fcbd30e63b4c23b19014fb6ee3f8215203e9fc94990e3430d7e

SHA512
dfdb44b206f8ddb63a136a268a84cf7119e9b93ca74083898db715b14bf1e3be54623ca287a54bc7ab2f986570eb689b1e1cf4e099f26199d4e153959d889de1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
16KB

MD5
802d98e33bb87b820dd855732b381ea6

SHA1
13e77afe0c0a1c90eaa8f2580f42f0c5b4fc505c

SHA256
8c0916c8fd33e9308c6514cd96d7fc80e41dbe5b888118e6d2d48f4a92b054a1

SHA512
101474d610bb6e07f95b164ee80e8529f2bb371d9af323b98e1281b60d7b56dfa259602de82619ad8d309b789950a26e77c390f2bab9b53e817243030a4f6e1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
372e5ce19c238193eca5894b4d9e5526

SHA1
cddac7f34aaf96c54b023f9c6cde45c957ca3ddf

SHA256
cbdda7369fb2db018423f2e3d5e788123546048e0ca3d31a7566409afba50f1a

SHA512
6b26d8a58acd53dd9f518e155e8e9d5dc5f284c8e17dafbefb459dbe4dd1840ec398f0ddf89305849d99e624ed03092a4cc2484f6c52fd6de73f0a74222c6d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
87effe992e71fa758df630a8061c0dbc

SHA1
cd171b86adc09cfb86e47b01ec7823f125ec08f2

SHA256
5afcb90c36a30ae77f8450e022306258b8029566128f1d5e2819c41bc66439d7

SHA512
2f39b449e3efaefae2d94479d34b602f3c15485cc8ac72f1a58e7542f6698a6591e4722bf8c470f74f8c52faab561006c8c90aa7c6bd2d85e12472401815380b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
a11bf8b196cd02ec2b68ba29bd9ff5cc

SHA1
9f29f876c7f00f74475a32557f8848ff3b0e4619

SHA256
eb4ac6fb75a74dd88e6e8571489223e98be8fb0538e1944ddef479a55144122d

SHA512
bd3c520fca51b34fa4f0a276d2c239be6859bc0dba79a7e29486393f66b392a666f5ca6e1bf1085253930b35b6dcf43fb70b7017805a80d43f5a0a50dc2c74a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
3f55c2ea7be108ff0802db9ab0e07b10

SHA1
a6ff94200794f920a0657cd2090f3842c2c20b19

SHA256
2722b2ac474b4d13f0348106777778b3c30582f2db941d466ddb8e1f06b34352

SHA512
044cd0c76f7e971860c9efdd489a9201dc70751ea1953226ce2bb501e6c3b2d022a90c41b19a12e2726bc7779b8102159ef69f934e73847e30ec9bbf50038157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
151a02370f26509d3c823d2161da6b2f

SHA1
a0585e2623eaca0d820af3f2e75d61d111a6ddcf

SHA256
ae33b10e6256f2f91b661d37028b08547f267645dd8b22d819244cb8f4ffcb9c

SHA512
61b6426163859b814bed3f7869b8e5917799e24ba5713d7ff9ed9345a88155efc28384d666665493edeaafe7543eeca06d3efd848ed57680ed13919ef4bdf608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
5064873ba1150a484acd4e84a11e7f7f

SHA1
8a5bc2d9def67423d679260707863f49b2417457

SHA256
a3903cd86b5cf47e2e322ea019de5d62e024eccd728fe94a37f7903d9f35a12d

SHA512
12995b5d9c9567a0c4d553e137e80a515db8b620a86f8c44b85b9de6e7209c124c89a4d40f0908c2b34b139a1e61a733907e7b78032c9bb740ff35cf250ef1b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
969f8a97e006855c2cb78fb9a8290d78

SHA1
bff5eefd6b64b4699d6a99d10f4fab61f1d958d5

SHA256
1bf45b120c884a78a3612c6179ab74b326037b7fd354c822c96750fe37e2a429

SHA512
08eaf7f67f0aec1e8d0288f72abfec436e0a76ff47d3de828010dcb3044cbaa1ada98c6c72c226ea35cb563e5bdbd118ed840fe17d98837507391f597f58ee8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
4215dcf853f6ec4637f15e72718546d5

SHA1
6a88a4e9b969bc806b57e220ad0a8cd2f24d7546

SHA256
8845aea067088de6abba2ebf25b19730ae1f542352507cf786561ad0a73f5daa

SHA512
56da33fdecfb157fc99622a9fbf2e254abb4d2faeb667d61c2ba99e0cd4e003cf6f53ad2475f176b49661fa08d64e971b52b173b199bddccbf4abe5ffa8bed81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
b74d260e48386699e6b094b6868e286d

SHA1
e88948495489eff0c5fd780ed948d59738e9ebf9

SHA256
dc9fd1aa430ae783492ed6bb9ea58c5dfd3e567366056158fdab9f46cbfac59b

SHA512
bbde1a03594a666a433c97a5a753e78dabdebe4fc9160247da6f7bda1d46a6d23ee688c2ba51df9138886058a9270ceda1cf308a86d18a8b075120f0c8a6eff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
2e0e1ad1bc59b9642d4c697633a6bfe5

SHA1
a191fa135136def02d966564e66fbc8213942a5e

SHA256
6b1bf3c635d323845eb7146dd75970125c1f9bf4a82ef3334f5e0ec3c7ee8e95

SHA512
7d88eacc412f2d85cf00ef1fc33aaa46c168ed46d3fd5f49aaeb5d45dea44bb992a31ba10509db98fdfaf56c5db25274dfacd06cfa3e1e512dde9486ec343a73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
0332f49a79b179b5b69e3255ca5ab48a

SHA1
23afdd3fa7ccbfcbfd1dd81db956778ac7cb7569

SHA256
99a6bf8c8d7a9981769e0eee325e7731ba2013837e8ea960debdaae44dbb9dfa

SHA512
fc6d13165039f4792385e50f2d38c304f73d179a3ddec3b518870ac67bf984d87328d61e9a3dd1520ca9900b9b273984828fcaca60adab41a5c2074cadbaafe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
0c953e8d8b896721611fa851e60ffaa6

SHA1
ee6af822aa35b84ab693b8e88b442e8a689a3541

SHA256
df3b0edcf050586d6fd2ecb88d67ed08d97f6e87436fb761e5f77039dd40676f

SHA512
10322d423e8fa5b8055b1a089f1f3156787c51ce401aec7c485cf5b128fbf5e2db4bd312a6219c1391000d4546ba50010c43e831b33d826b2125f3073c0e4b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
5853df9a9af5d307d125bd2f17bfc77d

SHA1
3755ce761853f51b55cd17aedd3779a9f1fbe8b4

SHA256
384bc12af6e540b942eee151c1c6d5626109784a7d6d0224a1e02afdbaf04afd

SHA512
9cca2950c78897ad7aa384a65bc8bfefe837c36dd1262418de5f3d00e88eb0913ccefc7e94305223442bdde52d8dc89fcd7698a4ceb135a9b72710727080e443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
244606039af7df2eb9b827928f42ddbd

SHA1
5e245b8dd05820d2c0ebfebce6621bf817e9d7b0

SHA256
bfc87c821c3a2a79827f08be82545f419536ac4226239f6ae4dc95482da334a0

SHA512
0435ea35383235b4b763ae3071a899908efcca2c47157a1ad1fcf369ed9ad6b02ebc09867464d55de355e8685eea86ae4b3abb1590707ea5c52fc659dc33e065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
36cfbadc314be3dc9a6817b5a6937f43

SHA1
555e899cf5b0521b60ac9b25eb5dbcc5365165bd

SHA256
5b504cdc07f074da7ebbe97537a0cf84533ffddf655400025a704546eb940005

SHA512
c7f150577140b53218c2832f69ce735426b90f0b5a5b6caee135a6e47204b55e06bc23a89481c1e428765c626c4c52260795466b54ab23a454346479e83e9da9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
1175434e0bcaafb07779366d39db2824

SHA1
2b7abaddd6fba42940e584337f0dc583dff25beb

SHA256
a4db75dabb9168340fadbfef2dd5f01566a3ec9394d9486620d5afc6231b8ccf

SHA512
bb786df556b52375cb35c46946dd81c1e08d6286706865ca17ee31ff98be830edb7eb337c0b843cb846396e61622f645e99ac7d2c585932d0519e904b312388c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
263KB

MD5
a596d040c80ba47f260a43d61cc8fd92

SHA1
d2127236589efd85dafd5fc4e0492267de1ea4c9

SHA256
3295d5ef498a9681312534e47b75791a08417a20d74493cf185a83733bf4d45b

SHA512
6cd68b116dae473f594a2da0054082b7d26a43268ad7df2c0aa86a3e07ea8b44f4bb06f221f937f4097f7abec671cbff5333c467ddec6ebbd01b26aa2cf3d95d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
262KB

MD5
6c239253cf6b4afac32bca0d824c6072

SHA1
b8567e53ed2130c499e715f93a98061317ce679d

SHA256
a9bbaab8c96445690ebde297179de5d2379cd1186e259efb44ccf5dfbde10257

SHA512
9d208f1a779515fc4141027b1ccc308e2b55747c6f7e7345c6085d396e9a7e93b10907f465e00a2b06bbe779267f1b0da18c67878922b6ee23196814e0f93f87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
d951e9cf80435c275cc740e2b2fc0e3e

SHA1
a1cb89346de8f6ed42253e029657c3829bfcdf78

SHA256
bb3ec3a787f284a9d4514a3f7ce7ccd8363230534cd371dfced4194c61c17917

SHA512
1a531c20cdc8529a5bb5aa0ac8abac45473fa7ff05c64d03793b2a55ff9587d9d8cb295a49806685a885bf668f7d88130c272524a87cdeedb94504c178c6ab9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
264KB

MD5
932cedf1020b340d4cf0e43ab9c0edd6

SHA1
44c373e7303d50bdd5ace70d002891afcb6f4149

SHA256
2772d9d36d94a7f139311d592aaeed19a5ec0242e115419c36eb86f515569350

SHA512
6f3e0f154ad20c4a62d639f735447ed1feb5c47a130a3b20148791cd20cb86f42709284e89a7cf887dd7e259732f9d17d667495222d5badf5416daf7c66891ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
100KB

MD5
8ffcd2fbde09a0b5aa7178c11de27b12

SHA1
34b19e525fa062b4dff10f7284cffc9ebb66660b

SHA256
28f211c2ee1e9090306c9f8df3c8cba35b31dd4df4ffa16fe09d870bea109cc1

SHA512
1abd60b6f05e70c3506eb488ff9b6178bb7cfb1410ec132c9b84f7b0a237466d09ecf501dbdc21a52dd16e0c25bc32f9b93a42de0e5909f9dccf07eb6079d5c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
97KB

MD5
a90e0f73e6ceab0080bec4a053590eda

SHA1
5b6e8086458bb61ebf64e9ad6ff8b979686b7f53

SHA256
550fb067558227e69eec732baf5c44b78bbf56e72651f79344992f93254b83c7

SHA512
cf56032d22bbcf5dd39207e7938c54e2dea0e6d9b2dfbe6e56ce24a07efe08070ec7cd9f3feb04f36bc920070cbc5abf8e6458752d759dadde0d4cc423ca32f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a3eb0.TMP
Filesize
88KB

MD5
9c738f316905179c2438de0dcb6249ed

SHA1
b230f084808f0ac6e2ed2695c88c8109a0c9c00d

SHA256
ebcadd42d339607cfdff51b9373f653eac4c763b4bb8a6acefa1c69e33610cb9

SHA512
d44b0b1a81dfffff6813eead42942c01d2419ee52e4eb4b69efc681afbf7d3a0b12199e3c79724d8899dc7192a54afa2a364a659e1b211f0c82e412808aaf122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b32c502a-c81c-4124-897a-49d8a3ea4125.tmp
Filesize
91KB

MD5
37f1de60a7ff8c61fed26dd3df24cb5b

SHA1
1a677b6170fd300019af95bf956d4007eac9a9ee

SHA256
add687ca5ae7e7d4e22410d9064b04f8e2de4f485a969ec6c10f602119f442fd

SHA512
257b810d042d7d1b80608ddf1cc305ab44c7ef12ffb3a8aacdf0f47534ad6918d62d15a1ed6f7296719094c8ca43cca4332b565f0d25b22663b74add7bc209da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
17b1339746f942e0d1135ffdf942e3b2

SHA1
850b96eafef501da7e7a033c22e8c3172b9ae922

SHA256
e3fce935806e73c09e3fe90131da3b96d853f8ef3677746e9c5fb58331d94f2c

SHA512
b6673a2cf93230c6a2353445aeba5ebf535e37fa246ab7869e23d2ed714f3e48b678ff484848eaa2775621419dd06e91a7798e9af8cdd914548967a6d2d22e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
0d593f83e3641bf41e8a5ddd8ec9b44b

SHA1
02bab7ff4aef6c9804fbf80116adeaf313d3a5f1

SHA256
9c11549af62a4404cb4a699171f68a79c3d2aa8455c9fd9cd13d5daf6f2f68c6

SHA512
c31bae0bd2b4f0c150fe67b010049a84857dc9b3b9380e80f204c0ed7ed76d86472a6bc8428858c749fa4f84bbf96d4908e61c0013e80881f7b68c5a49804ab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master.zip.crdownload
Filesize
3.3MB

MD5
017f199a7a5f1e090e10bbd3e9c885ca

SHA1
4e545b77d1be2445b2f0163ab2d6f2f01ec4ca05

SHA256
761e037ee186880d5f7d1f112b839818056f160a9ba60c7fb8d23d926ac0621f

SHA512
76215a26588204247027dcfdab4ea583443b2b2873ff92ad7dd5e9a9037c77d20ab4e471b8dd83e642d8481f53dbc0f83f993548dc7d151dead48dc29c1fdc22

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\@[email protected]
Filesize
1KB

MD5
dce6734c27324ef3afffa37785c0e920

SHA1
8fdcc0e9fea29a8cf8534b408651c1148a53f73c

SHA256
6377c355207025e36e15e6bd3bc4d89c8af4fcf84e1beee36e52fac04bb32523

SHA512
fc364de2515b9ebcd2bd81bd3f631a3e360524c839ed79be12bd949b5de7b6a827e6bfcde3ef868c57b0626b56c7a7797a13c7364b28c68f4e382cd0b6bd25e6

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
Filesize
933B

MD5
7a2726bb6e6a79fb1d092b7f2b688af0

SHA1
b3effadce8b76aee8cd6ce2eccbb8701797468a2

SHA256
840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5

SHA512
4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_finnish.wnry
Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Default\Desktop\@[email protected]
Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
\??\pipe\LOCAL\crashpad_2156_FJWSYJPXQJRECOFJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/6576-1087-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download