Malware Analysis Report

2024-08-06 16:47

Sample ID 240601-x171kada94
Target 22Soul_Top_1_Yurrghurter.pdf
SHA256 8ff60deb10197c560baa30ec28d4542623c283b1af4a967a5e4594e604c89492
Tags
wannacry discovery persistence ransomware worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8ff60deb10197c560baa30ec28d4542623c283b1af4a967a5e4594e604c89492

Threat Level: Known bad

The file 22Soul_Top_1_Yurrghurter.pdf was found to be: Known bad.

Malicious Activity Summary

wannacry discovery persistence ransomware worm

Wannacry

Drops startup file

Executes dropped EXE

Modifies file permissions

Adds Run key to start application

Sets desktop wallpaper using registry

Enumerates physical storage devices

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Views/modifies file attributes

Modifies registry key

Modifies Internet Explorer settings

Enumerates system info in registry

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
File and Directory Permissions Modification
T1222
Modify Registry
T1112
Hide Artifacts
T1564
Hidden Files and Directories
T1564.001
Credential Access
TA0006
Discovery
TA0007
System Information Discovery
T1082
Query Registry
T1012
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Defacement
T1491
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-01 19:20

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 19:20

Reported

2024-06-01 19:38

Platform

win10v2004-20240508-en

Max time kernel

1050s

Max time network

1036s

Command Line

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\22Soul_Top_1_Yurrghurter.pdf"

Signatures

Wannacry

ransomware worm wannacry

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD9A4F.tmp C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD9A56.tmp C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bbnbuexzwbcz676 = "\"C:\\Users\\Admin\\Downloads\\RANSOMWARE-WANNACRY-2.0-master\\RANSOMWARE-WANNACRY-2.0-master\\Ransomware.WannaCry\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617433867687405" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{04A179BC-094A-4242-BA9E-1AECBB3CD907} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected] N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3972 wrote to memory of 1008 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3972 wrote to memory of 1008 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 3972 wrote to memory of 1008 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 2244 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
PID 1008 wrote to memory of 1172 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\22Soul_Top_1_Yurrghurter.pdf"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=712E9D6558D3D91E3BEA44140D979F5D --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=318C478AC17F6D63E675EF3F52AF3DA6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=318C478AC17F6D63E675EF3F52AF3DA6 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FAC787F0E7AED652DF8F0C398988AFD6 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B07EFD7C48403E15624C762E79FB96CA --mojo-platform-channel-handle=2436 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8C68024E31175F0E6207B0C190F8B63C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8C68024E31175F0E6207B0C190F8B63C --renderer-client-id=6 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=24EA7D9111771F886E9669F346E639E7 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulte720d6b6h66ddh4a59h996bh6c2d9c9aeba9

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe584246f8,0x7ffe58424708,0x7ffe58424718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,13358960307445090012,11952759285632399165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,13358960307445090012,11952759285632399165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,13358960307445090012,11952759285632399165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe5b7fab58,0x7ffe5b7fab68,0x7ffe5b7fab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2284 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4388 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4332 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff79719ae48,0x7ff79719ae58,0x7ff79719ae68

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4680 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4692 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3436 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4188 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2632 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5388 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5448 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5440 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5756 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5884 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6096 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4676 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5132 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5192 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5964 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5784 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6204 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6180 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6444 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6452 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6740 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7156 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7184 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7372 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7208 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7236 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7848 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7980 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8128 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8096 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7264 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=7252 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=7080 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=7648 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8188 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7684 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=7616 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=7716 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=8576 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=8784 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=7532 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=9120 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=9212 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=9232 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7820 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7652 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7484 --field-trial-handle=1976,i,17457746909714275561,9027433752433513266,131072 /prefetch:8

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 37371717269974.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]"

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected] vs

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "bbnbuexzwbcz676" /t REG_SZ /d "\"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\tasksche.exe\"" /f

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "bbnbuexzwbcz676" /t REG_SZ /d "\"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\tasksche.exe\"" /f

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

taskdl.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 151.16.21.2.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 98.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 cxcs.microsoft.net udp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 114.66.68.104.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
GB 216.58.204.67:443 id.google.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
GB 216.58.204.67:443 id.google.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 216.58.204.67:443 id.google.com udp
US 8.8.8.8:53 locate.measurementlab.net udp
GB 216.58.204.83:443 locate.measurementlab.net tcp
GB 216.58.204.83:443 locate.measurementlab.net tcp
US 8.8.8.8:53 83.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 e2c28.gcp.gvt2.com udp
US 34.94.232.12:443 e2c28.gcp.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 12.232.94.34.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.speedtest.net udp
US 104.18.202.232:443 www.speedtest.net tcp
US 104.18.202.232:443 www.speedtest.net tcp
US 8.8.8.8:53 cdn.ziffstatic.com udp
US 8.8.8.8:53 b.cdnst.net udp
US 8.8.8.8:53 232.202.18.104.in-addr.arpa udp
US 151.101.2.219:443 b.cdnst.net tcp
US 151.101.2.219:443 b.cdnst.net tcp
US 151.101.2.219:443 b.cdnst.net tcp
US 151.101.2.219:443 b.cdnst.net tcp
NL 23.62.61.193:443 cdn.ziffstatic.com tcp
NL 23.62.61.193:443 cdn.ziffstatic.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 cdn.static.zdbb.net udp
SE 92.123.135.82:443 cdn.static.zdbb.net tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 108.156.39.27:443 config.aps.amazon-adsystem.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 zdbb.net udp
US 104.22.52.173:443 cdn.hadronid.net tcp
US 8.8.8.8:53 gurgle.speedtest.net udp
GB 18.245.143.100:443 tags.crwdcntrl.net tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
IE 54.78.155.225:443 zdbb.net tcp
US 34.235.57.134:443 gurgle.speedtest.net tcp
US 8.8.8.8:53 219.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 193.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 52.178.19.104.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 82.135.123.92.in-addr.arpa udp
US 8.8.8.8:53 27.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 100.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 225.155.78.54.in-addr.arpa udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
GB 18.245.220.173:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 gurgle.zdbb.net udp
US 8.8.8.8:53 rp.liadm.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 18.206.5.192:443 gurgle.zdbb.net tcp
US 100.24.0.83:443 rp.liadm.com tcp
IE 54.220.158.112:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 c2shb.pubgw.yahoo.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 8.8.8.8:53 bidder.criteo.com udp
IE 34.241.105.30:443 c2shb.pubgw.yahoo.com tcp
IE 34.241.105.30:443 c2shb.pubgw.yahoo.com tcp
IE 34.241.105.30:443 c2shb.pubgw.yahoo.com tcp
IE 34.241.105.30:443 c2shb.pubgw.yahoo.com tcp
IE 34.241.105.30:443 c2shb.pubgw.yahoo.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
NL 185.89.210.180:443 ib.adnxs.com tcp
DE 3.127.77.137:443 btlr.sharethrough.com tcp
DE 3.127.77.137:443 btlr.sharethrough.com tcp
DE 3.127.77.137:443 btlr.sharethrough.com tcp
DE 3.127.77.137:443 btlr.sharethrough.com tcp
DE 3.127.77.137:443 btlr.sharethrough.com tcp
US 151.101.2.219:443 b.cdnst.net tcp
IE 34.241.105.30:443 c2shb.pubgw.yahoo.com tcp
US 8.8.8.8:53 speedtest.boxbroadband.co.uk.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedlon.hyperoptic.com udp
US 8.8.8.8:53 speedtest.upp.com.prod.hosts.ooklaserver.net udp
GB 152.37.112.6:8080 speedlon.hyperoptic.com tcp
GB 45.10.101.252:8080 speedtest.boxbroadband.co.uk.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 speedtest-1.london.network.youfibre.com.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedtest.swishfibre.com.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 speedtest02a.web.zen.net.uk.prod.hosts.ooklaserver.net udp
GB 193.3.26.19:8080 speedtest.upp.com.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 lg-lon.fdcservers.net udp
US 8.8.8.8:53 speedtest.noone.co.uk.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 jogger.zdbb.net udp
GB 31.22.12.17:8080 speedtest.swishfibre.com.prod.hosts.ooklaserver.net tcp
GB 51.148.82.21:8080 speedtest02a.web.zen.net.uk.prod.hosts.ooklaserver.net tcp
GB 45.92.46.45:8080 speedtest-1.london.network.youfibre.com.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 speedtest-lon.retn.net.prod.hosts.ooklaserver.net udp
US 8.8.8.8:53 tags.bkrtx.com udp
GB 50.7.152.4:8080 lg-lon.fdcservers.net tcp
GB 188.94.45.252:8080 speedtest.noone.co.uk.prod.hosts.ooklaserver.net tcp
GB 93.113.26.250:8080 speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net tcp
US 52.200.14.12:443 jogger.zdbb.net tcp
GB 185.82.8.1:8080 speedtest-lon.retn.net.prod.hosts.ooklaserver.net tcp
GB 23.59.66.82:443 tags.bkrtx.com tcp
US 8.8.8.8:53 a.ad.gt udp
US 104.22.4.69:443 a.ad.gt tcp
US 8.8.8.8:53 stags.bluekai.com udp
BE 23.55.96.210:443 stags.bluekai.com tcp
US 8.8.8.8:53 134.57.235.34.in-addr.arpa udp
US 8.8.8.8:53 173.220.245.18.in-addr.arpa udp
US 8.8.8.8:53 112.158.220.54.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 30.105.241.34.in-addr.arpa udp
US 8.8.8.8:53 83.0.24.100.in-addr.arpa udp
US 8.8.8.8:53 192.5.206.18.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 180.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 137.77.127.3.in-addr.arpa udp
US 8.8.8.8:53 6.112.37.152.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 252.101.10.45.in-addr.arpa udp
US 8.8.8.8:53 19.26.3.193.in-addr.arpa udp
US 8.8.8.8:53 17.12.22.31.in-addr.arpa udp
US 8.8.8.8:53 21.82.148.51.in-addr.arpa udp
US 8.8.8.8:53 4.152.7.50.in-addr.arpa udp
US 8.8.8.8:53 250.26.113.93.in-addr.arpa udp
US 8.8.8.8:53 252.45.94.188.in-addr.arpa udp
US 8.8.8.8:53 45.46.92.45.in-addr.arpa udp
US 8.8.8.8:53 1.8.82.185.in-addr.arpa udp
US 8.8.8.8:53 82.66.59.23.in-addr.arpa udp
US 8.8.8.8:53 12.14.200.52.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 p.ad.gt udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 sync.smartadserver.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 104.22.5.69:443 ids.ad.gt tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 172.64.155.119:443 privacyportal.onetrust.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 104.22.4.69:443 ids.ad.gt tcp
US 104.22.4.69:443 ids.ad.gt tcp
US 104.22.4.69:443 ids.ad.gt tcp
US 8.8.8.8:53 fb1649a0b591c16cc1bc348f7dce45f5.safeframe.googlesyndication.com udp
GB 185.64.191.210:443 image2.pubmatic.com tcp
FR 149.202.238.105:443 sync.smartadserver.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
GB 216.58.204.66:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 210.96.55.23.in-addr.arpa udp
GB 172.217.169.65:443 fb1649a0b591c16cc1bc348f7dce45f5.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
GB 216.58.204.66:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 sync.go.sonobi.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 104.22.4.69:443 ids.ad.gt tcp
US 104.22.5.69:443 ids.ad.gt tcp
US 8.8.8.8:53 u.openx.net udp
US 69.166.1.66:443 sync.go.sonobi.com tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
US 34.98.64.218:443 u.openx.net tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 secure-us.imrworldwide.com udp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
IE 52.215.142.212:443 secure-us.imrworldwide.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 pixels.ad.gt udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 rtb.gumgum.com udp
US 104.22.5.69:443 pixels.ad.gt tcp
IE 52.51.177.247:443 rtb.gumgum.com tcp
GB 142.250.187.206:443 analytics.google.com tcp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 cdn-gl.imrworldwide.com udp
GB 108.156.46.26:443 cdn-gl.imrworldwide.com tcp
US 8.8.8.8:53 ce.lijit.com udp
IE 18.202.254.222:443 ce.lijit.com tcp
US 8.8.8.8:53 bee.imrworldwide.com udp
GB 108.156.46.27:443 bee.imrworldwide.com tcp
US 8.8.8.8:53 uipglob.semasio.net udp
DK 77.243.51.122:443 uipglob.semasio.net tcp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 210.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 105.238.202.149.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 155.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 66.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 212.142.215.52.in-addr.arpa udp
US 8.8.8.8:53 247.177.51.52.in-addr.arpa udp
US 8.8.8.8:53 26.46.156.108.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 222.254.202.18.in-addr.arpa udp
US 8.8.8.8:53 27.46.156.108.in-addr.arpa udp
US 8.8.8.8:53 122.51.243.77.in-addr.arpa udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 d.turn.com udp
NL 46.228.164.13:443 d.turn.com tcp
US 8.8.8.8:53 ice.360yield.com udp
US 8.8.8.8:53 5p3fmm8ga5vci92gxzhqck3jl92tw1717269863.nuid.imrworldwide.com udp
IE 52.212.132.56:443 ice.360yield.com tcp
GB 216.137.44.2:443 5p3fmm8ga5vci92gxzhqck3jl92tw1717269863.nuid.imrworldwide.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 idx.liadm.com udp
US 18.206.84.109:443 idx.liadm.com tcp
US 8.8.8.8:53 ookla-d.openx.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
GB 2.21.188.239:443 ads.pubmatic.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 104.18.38.76:443 js-sec.indexww.com tcp
BE 2.21.18.175:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 se.semasio.net udp
DK 77.243.51.122:443 se.semasio.net tcp
US 151.101.1.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 56.132.212.52.in-addr.arpa udp
US 8.8.8.8:53 2.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 239.188.21.2.in-addr.arpa udp
US 8.8.8.8:53 109.84.206.18.in-addr.arpa udp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 175.18.21.2.in-addr.arpa udp
US 8.8.8.8:53 13.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 image6.pubmatic.com udp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
IE 67.220.228.202:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
IE 67.220.228.202:443 aax-eu.amazon-adsystem.com tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 simage2.pubmatic.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
DE 91.228.74.244:443 cms.quantserve.com tcp
IE 34.246.206.6:443 match.prod.bidr.io tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
IE 54.216.45.174:443 pr-bh.ybp.yahoo.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
US 54.198.181.57:443 sync.srv.stackadapt.com tcp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 ads.avct.cloud udp
NL 193.0.160.131:443 p.rfihub.com tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
DE 3.125.128.81:443 match.sharethrough.com tcp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 78.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 202.228.220.67.in-addr.arpa udp
US 8.8.8.8:53 244.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 6.206.246.34.in-addr.arpa udp
US 8.8.8.8:53 147.128.46.52.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 174.45.216.54.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 118.159.114.85.in-addr.arpa udp
US 8.8.8.8:53 57.181.198.54.in-addr.arpa udp
US 8.8.8.8:53 sync.ipredictive.com udp
US 8.8.8.8:53 live.primis.tech udp
US 52.73.253.107:443 sync.ipredictive.com tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
GB 99.84.9.59:443 live.primis.tech tcp
US 8.8.8.8:53 ad.mrtnsvr.com udp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 8.8.8.8:53 t.adx.opera.com udp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 mwzeom.zeotap.com udp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
US 172.67.40.173:443 mwzeom.zeotap.com tcp
US 8.8.8.8:53 um.simpli.fi udp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
NL 35.204.74.118:443 um.simpli.fi tcp
US 8.8.8.8:53 pubmatic-match.dotomi.com udp
DK 37.157.6.232:443 c1.adform.net tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 89.207.16.140:443 pubmatic-match.dotomi.com tcp
US 8.8.8.8:53 pixel.tapad.com udp
US 8.8.8.8:53 capi.connatix.com udp
US 34.111.113.62:443 pixel.tapad.com tcp
US 172.64.146.152:443 capi.connatix.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
US 34.111.113.62:443 pixel.tapad.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 image4.pubmatic.com udp
NL 198.47.127.20:443 image4.pubmatic.com tcp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 81.128.125.3.in-addr.arpa udp
US 8.8.8.8:53 59.9.84.99.in-addr.arpa udp
US 8.8.8.8:53 107.253.73.52.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 173.40.67.172.in-addr.arpa udp
US 8.8.8.8:53 221.129.111.34.in-addr.arpa udp
US 8.8.8.8:53 118.74.204.35.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 232.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 140.16.207.89.in-addr.arpa udp
US 8.8.8.8:53 62.113.111.34.in-addr.arpa udp
US 8.8.8.8:53 20.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 152.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 simage4.pubmatic.com udp
GB 142.250.187.206:443 analytics.google.com udp
US 8.8.8.8:53 aa.agkn.com udp
DE 3.65.80.227:443 aa.agkn.com tcp
GB 93.113.26.250:8080 speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 227.80.65.3.in-addr.arpa udp
GB 93.113.26.250:8080 speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net tcp
GB 93.113.26.250:8080 speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net tcp
GB 152.37.112.6:8080 speedlon.hyperoptic.com tcp
GB 31.22.12.17:8080 speedtest.swishfibre.com.prod.hosts.ooklaserver.net tcp
GB 51.148.82.21:8080 speedtest02a.web.zen.net.uk.prod.hosts.ooklaserver.net tcp
GB 93.113.26.250:8080 speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net tcp
GB 152.37.112.6:8080 speedlon.hyperoptic.com tcp
GB 31.22.12.17:8080 speedtest.swishfibre.com.prod.hosts.ooklaserver.net tcp
IE 34.246.206.6:443 match.prod.bidr.io tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 csync.loopme.me udp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 35.214.185.183:443 csync.loopme.me tcp
GB 93.113.26.250:8080 speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net tcp
GB 93.113.26.250:8080 speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net tcp
GB 93.113.26.250:8080 speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net tcp
GB 93.113.26.250:8080 speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net tcp
GB 93.113.26.250:8080 speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 d5p.de17a.com udp
US 8.8.8.8:53 cm-supply-web.gammaplatform.com udp
SE 213.155.156.165:443 d5p.de17a.com tcp
GB 93.113.26.250:8080 speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
NL 81.17.55.172:443 rtb-csync.smartadserver.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 ipac.ctnsnet.com udp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
US 8.8.8.8:53 core.iprom.net udp
SI 195.5.165.20:443 core.iprom.net tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 green.erne.co udp
US 8.8.8.8:53 cm.adgrx.com udp
FR 141.95.171.140:443 green.erne.co tcp
IE 54.217.19.5:443 cm.adgrx.com tcp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 183.185.214.35.in-addr.arpa udp
US 8.8.8.8:53 165.156.155.213.in-addr.arpa udp
US 8.8.8.8:53 172.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 173.193.186.35.in-addr.arpa udp
US 8.8.8.8:53 20.165.5.195.in-addr.arpa udp
US 8.8.8.8:53 pixel-eu.onaudience.com udp
US 104.18.24.173:443 a.tribalfusion.com tcp
FR 141.94.171.213:443 pixel-eu.onaudience.com tcp
GB 93.113.26.250:8080 speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 sync.1rx.io udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 matching.truffle.bid udp
DE 162.55.120.196:443 matching.truffle.bid tcp
US 8.8.8.8:53 s.tribalfusion.com udp
DK 77.243.51.122:443 se.semasio.net tcp
US 8.8.8.8:53 pixel.onaudience.com udp
US 8.8.8.8:53 ad.turn.com udp
US 8.8.8.8:53 match.adsby.bidtheatre.com udp
FR 146.59.148.16:443 pixel.onaudience.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 64.227.64.62:443 match.adsby.bidtheatre.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 8.8.8.8:53 sync.targeting.unrulymedia.com udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 ps.eyeota.net udp
DE 3.120.214.218:443 ps.eyeota.net tcp
US 8.8.8.8:53 140.171.95.141.in-addr.arpa udp
US 8.8.8.8:53 5.19.217.54.in-addr.arpa udp
US 8.8.8.8:53 173.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 213.171.94.141.in-addr.arpa udp
US 8.8.8.8:53 196.120.55.162.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 16.148.59.146.in-addr.arpa udp
US 8.8.8.8:53 62.64.227.64.in-addr.arpa udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 46.228.164.13:443 d.turn.com tcp
NL 185.89.210.180:443 secure.adnxs.com tcp
US 8.8.8.8:53 218.214.120.3.in-addr.arpa udp
GB 142.250.187.206:443 analytics.google.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
NL 185.89.210.180:443 secure.adnxs.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
DE 3.127.77.137:443 btlr.sharethrough.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 172.64.151.101:443 htlb.casalemedia.com udp
US 35.227.252.103:443 rtb.openx.net udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 ssp-sync.criteo.com udp
NL 178.250.1.7:443 ssp-sync.criteo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 7.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 pn.ybp.yahoo.com udp
IE 54.170.152.91:443 pn.ybp.yahoo.com tcp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 cdn.js7k.com udp
US 8.8.8.8:53 s.yimg.com udp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 142.250.200.2:443 www.googletagservices.com tcp
GB 142.250.200.2:443 www.googletagservices.com udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 pixel.adsafeprotected.com udp
GB 172.217.16.226:443 googleads4.g.doubleclick.net tcp
IE 52.215.173.108:443 pixel.adsafeprotected.com tcp
GB 216.58.204.70:443 s0.2mdn.net tcp
US 8.8.8.8:53 static.adsafeprotected.com udp
GB 18.245.253.90:443 static.adsafeprotected.com tcp
GB 172.217.16.226:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 dt.adsafeprotected.com udp
US 54.162.4.183:443 dt.adsafeprotected.com tcp
US 54.162.4.183:443 dt.adsafeprotected.com tcp
US 54.162.4.183:443 dt.adsafeprotected.com tcp
US 8.8.8.8:53 91.152.170.54.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 12.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 108.173.215.52.in-addr.arpa udp
US 8.8.8.8:53 70.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 90.253.245.18.in-addr.arpa udp
US 54.162.4.183:443 dt.adsafeprotected.com tcp
US 8.8.8.8:53 183.4.162.54.in-addr.arpa udp
US 8.8.8.8:53 175.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com tcp
US 8.8.8.8:53 e2c2.gcp.gvt2.com udp
HK 34.92.53.177:443 e2c2.gcp.gvt2.com tcp
HK 34.92.53.177:443 e2c2.gcp.gvt2.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 177.53.92.34.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
GB 142.250.178.14:443 google.com udp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com udp
US 8.8.8.8:53 beacons2.gvt2.com udp
IN 172.217.163.163:443 beacons2.gvt2.com tcp
IN 172.217.163.163:443 beacons2.gvt2.com tcp
IN 172.217.163.163:443 beacons2.gvt2.com udp
US 8.8.8.8:53 163.163.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 195.49.178.192.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 b30d3becc8731792523d599d949e63f5
SHA1 19350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256 b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512 523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 752a1f26b18748311b691c7d8fc20633
SHA1 c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256 111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512 a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 7805d8961dfa160a3970c1d8be004609
SHA1 22ffda4e708431c994d173cff8f2114ab8952e3e
SHA256 7d99ad050301f46b0216dd3c176ad07e5ff0f4f21b73fe19ee8c8414ea276979
SHA512 27050505738224dbfa57f267211cb978112b9162a255a05d6191d0c1ba11885623481c53975f1a104f19bf9118d9220186d8485972ce8240227cc8281e7a3aa9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_2156_FJWSYJPXQJRECOFJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0d593f83e3641bf41e8a5ddd8ec9b44b
SHA1 02bab7ff4aef6c9804fbf80116adeaf313d3a5f1
SHA256 9c11549af62a4404cb4a699171f68a79c3d2aa8455c9fd9cd13d5daf6f2f68c6
SHA512 c31bae0bd2b4f0c150fe67b010049a84857dc9b3b9380e80f204c0ed7ed76d86472a6bc8428858c749fa4f84bbf96d4908e61c0013e80881f7b68c5a49804ab2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 17b1339746f942e0d1135ffdf942e3b2
SHA1 850b96eafef501da7e7a033c22e8c3172b9ae922
SHA256 e3fce935806e73c09e3fe90131da3b96d853f8ef3677746e9c5fb58331d94f2c
SHA512 b6673a2cf93230c6a2353445aeba5ebf535e37fa246ab7869e23d2ed714f3e48b678ff484848eaa2775621419dd06e91a7798e9af8cdd914548967a6d2d22e00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d951e9cf80435c275cc740e2b2fc0e3e
SHA1 a1cb89346de8f6ed42253e029657c3829bfcdf78
SHA256 bb3ec3a787f284a9d4514a3f7ce7ccd8363230534cd371dfced4194c61c17917
SHA512 1a531c20cdc8529a5bb5aa0ac8abac45473fa7ff05c64d03793b2a55ff9587d9d8cb295a49806685a885bf668f7d88130c272524a87cdeedb94504c178c6ab9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a596d040c80ba47f260a43d61cc8fd92
SHA1 d2127236589efd85dafd5fc4e0492267de1ea4c9
SHA256 3295d5ef498a9681312534e47b75791a08417a20d74493cf185a83733bf4d45b
SHA512 6cd68b116dae473f594a2da0054082b7d26a43268ad7df2c0aa86a3e07ea8b44f4bb06f221f937f4097f7abec671cbff5333c467ddec6ebbd01b26aa2cf3d95d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0332f49a79b179b5b69e3255ca5ab48a
SHA1 23afdd3fa7ccbfcbfd1dd81db956778ac7cb7569
SHA256 99a6bf8c8d7a9981769e0eee325e7731ba2013837e8ea960debdaae44dbb9dfa
SHA512 fc6d13165039f4792385e50f2d38c304f73d179a3ddec3b518870ac67bf984d87328d61e9a3dd1520ca9900b9b273984828fcaca60adab41a5c2074cadbaafe4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 87effe992e71fa758df630a8061c0dbc
SHA1 cd171b86adc09cfb86e47b01ec7823f125ec08f2
SHA256 5afcb90c36a30ae77f8450e022306258b8029566128f1d5e2819c41bc66439d7
SHA512 2f39b449e3efaefae2d94479d34b602f3c15485cc8ac72f1a58e7542f6698a6591e4722bf8c470f74f8c52faab561006c8c90aa7c6bd2d85e12472401815380b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 1175434e0bcaafb07779366d39db2824
SHA1 2b7abaddd6fba42940e584337f0dc583dff25beb
SHA256 a4db75dabb9168340fadbfef2dd5f01566a3ec9394d9486620d5afc6231b8ccf
SHA512 bb786df556b52375cb35c46946dd81c1e08d6286706865ca17ee31ff98be830edb7eb337c0b843cb846396e61622f645e99ac7d2c585932d0519e904b312388c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3f55c2ea7be108ff0802db9ab0e07b10
SHA1 a6ff94200794f920a0657cd2090f3842c2c20b19
SHA256 2722b2ac474b4d13f0348106777778b3c30582f2db941d466ddb8e1f06b34352
SHA512 044cd0c76f7e971860c9efdd489a9201dc70751ea1953226ce2bb501e6c3b2d022a90c41b19a12e2726bc7779b8102159ef69f934e73847e30ec9bbf50038157

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0c953e8d8b896721611fa851e60ffaa6
SHA1 ee6af822aa35b84ab693b8e88b442e8a689a3541
SHA256 df3b0edcf050586d6fd2ecb88d67ed08d97f6e87436fb761e5f77039dd40676f
SHA512 10322d423e8fa5b8055b1a089f1f3156787c51ce401aec7c485cf5b128fbf5e2db4bd312a6219c1391000d4546ba50010c43e831b33d826b2125f3073c0e4b3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a11bf8b196cd02ec2b68ba29bd9ff5cc
SHA1 9f29f876c7f00f74475a32557f8848ff3b0e4619
SHA256 eb4ac6fb75a74dd88e6e8571489223e98be8fb0538e1944ddef479a55144122d
SHA512 bd3c520fca51b34fa4f0a276d2c239be6859bc0dba79a7e29486393f66b392a666f5ca6e1bf1085253930b35b6dcf43fb70b7017805a80d43f5a0a50dc2c74a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1ad53efa11111e1f4de4bc14ea476797
SHA1 3e66fe8dd244fd3bff02a9f8fc5747dc3c3993bd
SHA256 6351006b9bdc25b94580f178db38b8599c7a7e56ca59f4792cc3761dc8ba1952
SHA512 8d7678ea3d4bb99bf75dd3a2d2a8ce8793bff4ed726c946606cf8a5f9ed361464676841b4333c9e289e5ac2fd8e685a1ee72fb922ed54a76456f4fe8da9418b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a3eb0.TMP

MD5 9c738f316905179c2438de0dcb6249ed
SHA1 b230f084808f0ac6e2ed2695c88c8109a0c9c00d
SHA256 ebcadd42d339607cfdff51b9373f653eac4c763b4bb8a6acefa1c69e33610cb9
SHA512 d44b0b1a81dfffff6813eead42942c01d2419ee52e4eb4b69efc681afbf7d3a0b12199e3c79724d8899dc7192a54afa2a364a659e1b211f0c82e412808aaf122

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b32c502a-c81c-4124-897a-49d8a3ea4125.tmp

MD5 37f1de60a7ff8c61fed26dd3df24cb5b
SHA1 1a677b6170fd300019af95bf956d4007eac9a9ee
SHA256 add687ca5ae7e7d4e22410d9064b04f8e2de4f485a969ec6c10f602119f442fd
SHA512 257b810d042d7d1b80608ddf1cc305ab44c7ef12ffb3a8aacdf0f47534ad6918d62d15a1ed6f7296719094c8ca43cca4332b565f0d25b22663b74add7bc209da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2e0e1ad1bc59b9642d4c697633a6bfe5
SHA1 a191fa135136def02d966564e66fbc8213942a5e
SHA256 6b1bf3c635d323845eb7146dd75970125c1f9bf4a82ef3334f5e0ec3c7ee8e95
SHA512 7d88eacc412f2d85cf00ef1fc33aaa46c168ed46d3fd5f49aaeb5d45dea44bb992a31ba10509db98fdfaf56c5db25274dfacd06cfa3e1e512dde9486ec343a73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 c356a0c771a0209d3482777edfc10768
SHA1 1ff2d992af8a6f19c30ecbe8f3591f26fe1cab08
SHA256 32381f4549d36fa4583e599adc04056a4da80a6067c6805b7081c3f3f54a27ad
SHA512 561084baf8d65579ead79e79c2c3920ef987384d52ecc11a2689aff95c54a6b823a0c4a8e5b910e60e569450e36563f53adb5796f261f13bbeea59130b81fe3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 af3899196275dae45500fc7671ba1a97
SHA1 8baed8b4951ae14677fa093e56d5540f6d989372
SHA256 7413bc9ead0d8ece381038166e278e2554908209d8a084e961fc18eab8ee6c7e
SHA512 32a8c08b55013ebdc62eb9b1cfcaf54a8ce7ef7ab3dd208a30a3cd1f6281cafc7d667e0c19ffe6dfbea8be5cf53df9509ed0c34337d8bfbad0723aa620542d3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 3b119bc0b1f8f4b3a8d126cd1f153a87
SHA1 e9a65c737466e5624c75b3cc72fb60877f7898f7
SHA256 0edbc4b05210c7c811e3943ab0e6e891da2933f809a817ab1cb0c3cc388380e1
SHA512 7eefefb3dffe25caf225b2c1f39fa4a204a253725b3844d3d840181408291bc469ac3acc6415453f27cadc228aed4262fdc3c9c0747e173e2a1874211db98e46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 151a02370f26509d3c823d2161da6b2f
SHA1 a0585e2623eaca0d820af3f2e75d61d111a6ddcf
SHA256 ae33b10e6256f2f91b661d37028b08547f267645dd8b22d819244cb8f4ffcb9c
SHA512 61b6426163859b814bed3f7869b8e5917799e24ba5713d7ff9ed9345a88155efc28384d666665493edeaafe7543eeca06d3efd848ed57680ed13919ef4bdf608

C:\Program Files\Google\Chrome\Application\SetupMetrics\20240601192307.pma

MD5 6d971ce11af4a6a93a4311841da1a178
SHA1 cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256 338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512 c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 932cedf1020b340d4cf0e43ab9c0edd6
SHA1 44c373e7303d50bdd5ace70d002891afcb6f4149
SHA256 2772d9d36d94a7f139311d592aaeed19a5ec0242e115419c36eb86f515569350
SHA512 6f3e0f154ad20c4a62d639f735447ed1feb5c47a130a3b20148791cd20cb86f42709284e89a7cf887dd7e259732f9d17d667495222d5badf5416daf7c66891ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a90e0f73e6ceab0080bec4a053590eda
SHA1 5b6e8086458bb61ebf64e9ad6ff8b979686b7f53
SHA256 550fb067558227e69eec732baf5c44b78bbf56e72651f79344992f93254b83c7
SHA512 cf56032d22bbcf5dd39207e7938c54e2dea0e6d9b2dfbe6e56ce24a07efe08070ec7cd9f3feb04f36bc920070cbc5abf8e6458752d759dadde0d4cc423ca32f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5853df9a9af5d307d125bd2f17bfc77d
SHA1 3755ce761853f51b55cd17aedd3779a9f1fbe8b4
SHA256 384bc12af6e540b942eee151c1c6d5626109784a7d6d0224a1e02afdbaf04afd
SHA512 9cca2950c78897ad7aa384a65bc8bfefe837c36dd1262418de5f3d00e88eb0913ccefc7e94305223442bdde52d8dc89fcd7698a4ceb135a9b72710727080e443

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6c239253cf6b4afac32bca0d824c6072
SHA1 b8567e53ed2130c499e715f93a98061317ce679d
SHA256 a9bbaab8c96445690ebde297179de5d2379cd1186e259efb44ccf5dfbde10257
SHA512 9d208f1a779515fc4141027b1ccc308e2b55747c6f7e7345c6085d396e9a7e93b10907f465e00a2b06bbe779267f1b0da18c67878922b6ee23196814e0f93f87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ad74848d7817b208db3291ba2c161f5c
SHA1 36608ec0af841b7a0e6a8b7bd73b7aafcf5366bc
SHA256 7caa0514031393103a058cefe16b2749994a5734df78903f33ca0ce79b094cdb
SHA512 863a08a7d5804b5ce0f32e903368194609abdbf54ca32081954db441bbc51a60256588e6caacbef1b2a4c3bf47edaaf579057e882f6332f7b2b2a0b26a4eb593

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master.zip.crdownload

MD5 017f199a7a5f1e090e10bbd3e9c885ca
SHA1 4e545b77d1be2445b2f0163ab2d6f2f01ec4ca05
SHA256 761e037ee186880d5f7d1f112b839818056f160a9ba60c7fb8d23d926ac0621f
SHA512 76215a26588204247027dcfdab4ea583443b2b2873ff92ad7dd5e9a9037c77d20ab4e471b8dd83e642d8481f53dbc0f83f993548dc7d151dead48dc29c1fdc22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

MD5 f3dc36eb8d102c5b65b1a457ea739ef0
SHA1 b18742e75723d4379811ec5cd6a714d5841878e1
SHA256 7b8db0f76ae02660aeb9294c337153d4365ea193c2e9c0ddd4ca2a54fe7457c2
SHA512 db56010e8d7b5f831d64c4daa8ccdeb21deba6ce5b4594f065eb942d551c56c6174a306ee17b3359cb7260f512dfdd645ce0b62bff992bf0d2a96e9771bdbce0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 244606039af7df2eb9b827928f42ddbd
SHA1 5e245b8dd05820d2c0ebfebce6621bf817e9d7b0
SHA256 bfc87c821c3a2a79827f08be82545f419536ac4226239f6ae4dc95482da334a0
SHA512 0435ea35383235b4b763ae3071a899908efcca2c47157a1ad1fcf369ed9ad6b02ebc09867464d55de355e8685eea86ae4b3abb1590707ea5c52fc659dc33e065

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 372e5ce19c238193eca5894b4d9e5526
SHA1 cddac7f34aaf96c54b023f9c6cde45c957ca3ddf
SHA256 cbdda7369fb2db018423f2e3d5e788123546048e0ca3d31a7566409afba50f1a
SHA512 6b26d8a58acd53dd9f518e155e8e9d5dc5f284c8e17dafbefb459dbe4dd1840ec398f0ddf89305849d99e624ed03092a4cc2484f6c52fd6de73f0a74222c6d69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 8ffcd2fbde09a0b5aa7178c11de27b12
SHA1 34b19e525fa062b4dff10f7284cffc9ebb66660b
SHA256 28f211c2ee1e9090306c9f8df3c8cba35b31dd4df4ffa16fe09d870bea109cc1
SHA512 1abd60b6f05e70c3506eb488ff9b6178bb7cfb1410ec132c9b84f7b0a237466d09ecf501dbdc21a52dd16e0c25bc32f9b93a42de0e5909f9dccf07eb6079d5c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fc09c3d53428ae98cc1c6dd1c12534de
SHA1 2c95bb82a2f7a2bc7a06788ceba95fcf34c10a25
SHA256 d019aefac0d63c85aaf43377ecc980e2f0c284aee454c1a33dde94ef5b201f01
SHA512 de1a38521ce24fb83c3336afb3da58c2958bd6b0b6fe50b11b1af8f28bdcd774a8dbfa8d15aae29832d21834d51e587bacfd444302fda473380a8665bda2762d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b74d260e48386699e6b094b6868e286d
SHA1 e88948495489eff0c5fd780ed948d59738e9ebf9
SHA256 dc9fd1aa430ae783492ed6bb9ea58c5dfd3e567366056158fdab9f46cbfac59b
SHA512 bbde1a03594a666a433c97a5a753e78dabdebe4fc9160247da6f7bda1d46a6d23ee688c2ba51df9138886058a9270ceda1cf308a86d18a8b075120f0c8a6eff8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4215dcf853f6ec4637f15e72718546d5
SHA1 6a88a4e9b969bc806b57e220ad0a8cd2f24d7546
SHA256 8845aea067088de6abba2ebf25b19730ae1f542352507cf786561ad0a73f5daa
SHA512 56da33fdecfb157fc99622a9fbf2e254abb4d2faeb667d61c2ba99e0cd4e003cf6f53ad2475f176b49661fa08d64e971b52b173b199bddccbf4abe5ffa8bed81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5064873ba1150a484acd4e84a11e7f7f
SHA1 8a5bc2d9def67423d679260707863f49b2417457
SHA256 a3903cd86b5cf47e2e322ea019de5d62e024eccd728fe94a37f7903d9f35a12d
SHA512 12995b5d9c9567a0c4d553e137e80a515db8b620a86f8c44b85b9de6e7209c124c89a4d40f0908c2b34b139a1e61a733907e7b78032c9bb740ff35cf250ef1b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5716aa2a9d0713bf84036fec2c29d267
SHA1 616e6ae81a7bfb755541f80360b82f0df4a48d23
SHA256 6ba8902f2c182fcbd30e63b4c23b19014fb6ee3f8215203e9fc94990e3430d7e
SHA512 dfdb44b206f8ddb63a136a268a84cf7119e9b93ca74083898db715b14bf1e3be54623ca287a54bc7ab2f986570eb689b1e1cf4e099f26199d4e153959d889de1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8c60b41c9937b06e3adca14ddb2a8b1e
SHA1 f7378d98abb10a70c0a5e072336445bc574a7452
SHA256 63d22b2fd97f5e6ccc85663c2681cab2e5c7958ce4f6923af97148c37d148d96
SHA512 5672ea00398fe0fb8092668cfe816ec25319813bfbd21f9df00706850bad4b81d6974968361e4746f297778701f61932da787522f02ee291e2a3ef0daa96f7b1

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

memory/6576-1087-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

MD5 7a2726bb6e6a79fb1d092b7f2b688af0
SHA1 b3effadce8b76aee8cd6ce2eccbb8701797468a2
SHA256 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5
SHA512 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

MD5 dce6734c27324ef3afffa37785c0e920
SHA1 8fdcc0e9fea29a8cf8534b408651c1148a53f73c
SHA256 6377c355207025e36e15e6bd3bc4d89c8af4fcf84e1beee36e52fac04bb32523
SHA512 fc364de2515b9ebcd2bd81bd3f631a3e360524c839ed79be12bd949b5de7b6a827e6bfcde3ef868c57b0626b56c7a7797a13c7364b28c68f4e382cd0b6bd25e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d1bf435f6b2fda2827707365bddc8e67
SHA1 ffeae1ac23c90f0c7cd3a9dc2e9925bba8215f7d
SHA256 558f447579ba8e0a9ed6cb10a7718cccffd4b043354f5725f55e0e3de6329b03
SHA512 7ac17df740e055fe793eb34a153cad907af026aa618e7724ae1ec73c9021a2d60bead9f6f7ed2a6e8b5a67baaa60295b5b18f42861c06248caf27b2619780a55

C:\Users\Default\Desktop\@[email protected]

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 36cfbadc314be3dc9a6817b5a6937f43
SHA1 555e899cf5b0521b60ac9b25eb5dbcc5365165bd
SHA256 5b504cdc07f074da7ebbe97537a0cf84533ffddf655400025a704546eb940005
SHA512 c7f150577140b53218c2832f69ce735426b90f0b5a5b6caee135a6e47204b55e06bc23a89481c1e428765c626c4c52260795466b54ab23a454346479e83e9da9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 969f8a97e006855c2cb78fb9a8290d78
SHA1 bff5eefd6b64b4699d6a99d10f4fab61f1d958d5
SHA256 1bf45b120c884a78a3612c6179ab74b326037b7fd354c822c96750fe37e2a429
SHA512 08eaf7f67f0aec1e8d0288f72abfec436e0a76ff47d3de828010dcb3044cbaa1ada98c6c72c226ea35cb563e5bdbd118ed840fe17d98837507391f597f58ee8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 cddf691c8379f8195e05e875c7971332
SHA1 69649b7e5eaff49097de7e850e5ac2ebddc7e675
SHA256 e29e895ec3ca7eba2c8509b181369668fedf19757c0f1a05c5fddc444b349d84
SHA512 288543782562446de4484f7d723b00f9b97a429fdc7e0a93937108bae8635de6c66309e11062dd24d18434ec2ece4ed3da10ab491da76d340564b722406e07da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 802d98e33bb87b820dd855732b381ea6
SHA1 13e77afe0c0a1c90eaa8f2580f42f0c5b4fc505c
SHA256 8c0916c8fd33e9308c6514cd96d7fc80e41dbe5b888118e6d2d48f4a92b054a1
SHA512 101474d610bb6e07f95b164ee80e8529f2bb371d9af323b98e1281b60d7b56dfa259602de82619ad8d309b789950a26e77c390f2bab9b53e817243030a4f6e1c

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 19:20

Reported

2024-06-01 19:23

Platform

win7-20240221-en

Max time kernel

120s

Max time network

126s

Command Line

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\22Soul_Top_1_Yurrghurter.pdf"

Signatures

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\22Soul_Top_1_Yurrghurter.pdf"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 573acf007fc212a908b907654ba3ed5b
SHA1 9e7596cc4963683a8625db02f5db903d470a1c0d
SHA256 152a8d7434400ffa1f8a9afd9037020ee9160d391605458c0345b4aa9a52356f
SHA512 814462d91de583171433d073d51752dda2aa7026403efebe2ff130afd4f93a5d334af7a5a2be50a0101562d559f5104217761907115ef2390f755f752a2b1227