wannacry | hxxps://github[.]com/kh4sh3i/Ransomware-Samples

Resubmissions

09-07-2024 10:32

240709-mk8baa1gld 10

09-07-2024 09:33

240709-lh6t1azbpf 6

09-07-2024 09:29

240709-lfzmxawhmp 10

09-07-2024 09:25

240709-ld3xjszajc 10

Analysis

max time kernel
149s
max time network
142s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
09-07-2024 09:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/kh4sh3i/Ransomware-Samples

Score

10^/10

wannacry defense_evasion discovery ransomware worm

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry

Drops startup file 2 IoCs

Processes:

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDDC4C.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDDC53.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Executes dropped EXE 4 IoCs

Processes:

taskdl.exe@[email protected]@[email protected]taskhsvc.exe

pid process

1056 taskdl.exe
5564 @[email protected]
5708 @[email protected]
5188 taskhsvc.exe
Loads dropped DLL 7 IoCs

Processes:

taskhsvc.exe

pid process

5188 taskhsvc.exe
5188 taskhsvc.exe
5188 taskhsvc.exe
5188 taskhsvc.exe
5188 taskhsvc.exe
5188 taskhsvc.exe
5188 taskhsvc.exe
Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

2840 icacls.exe
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

9 raw.githubusercontent.com
12 raw.githubusercontent.com
22 raw.githubusercontent.com
47 raw.githubusercontent.com

pid	process
1056	taskdl.exe
5564	@[email protected]
5708	@[email protected]
5188	taskhsvc.exe

pid	process
5188	taskhsvc.exe
5188	taskhsvc.exe
5188	taskhsvc.exe
5188	taskhsvc.exe
5188	taskhsvc.exe
5188	taskhsvc.exe
5188	taskhsvc.exe

pid	process
2840	icacls.exe

flow	ioc
9	raw.githubusercontent.com
12	raw.githubusercontent.com
22	raw.githubusercontent.com
47	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3119450053-3073099215-1938054741-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133649910226208983"	chrome.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3119450053-3073099215-1938054741-1000_Classes\Local Settings msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3119450053-3073099215-1938054741-1000_Classes\Local Settings	msedge.exe

NTFS ADS 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Ransomware.WannaCry_Plus.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware.WannaCry.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exechrome.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exetaskhsvc.exe

pid	process
3804	msedge.exe
3804	msedge.exe
724	msedge.exe
724	msedge.exe
4804	msedge.exe
4804	msedge.exe
564	identity_helper.exe
564	identity_helper.exe
1400	msedge.exe
1400	msedge.exe
2224	chrome.exe
2224	chrome.exe
3200	msedge.exe
3200	msedge.exe
1188	msedge.exe
1188	msedge.exe
3580	identity_helper.exe
3580	identity_helper.exe
3956	msedge.exe
3956	msedge.exe
4064	msedge.exe
4064	msedge.exe
888	msedge.exe
888	msedge.exe
5188	taskhsvc.exe
5188	taskhsvc.exe
5188	taskhsvc.exe
5188	taskhsvc.exe
5188	taskhsvc.exe
5188	taskhsvc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

Processes:

msedge.exechrome.exemsedge.exe

pid	process
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeCreatePagefilePrivilege	2224	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exemsedge.exe

pid	process
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe

Suspicious use of SendNotifyMessage 38 IoCs

Processes:

msedge.exechrome.exemsedge.exe

pid	process
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
724	msedge.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

@[email protected]@[email protected]

pid process

5564 @[email protected]
5564 @[email protected]
5708 @[email protected]
5708 @[email protected]

pid	process
5564	@[email protected]
5564	@[email protected]
5708	@[email protected]
5708	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 724 wrote to memory of 4532	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4532	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3896	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3804	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 3804	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe
PID 724 wrote to memory of 4612	724	msedge.exe	msedge.exe

Views/modifies file attributes 1 TTPs 2 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exeattrib.exe

pid process

1008 attrib.exe
3248 attrib.exe

pid	process
1008	attrib.exe
3248	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/kh4sh3i/Ransomware-Samples
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d5c23cb8,0x7ff9d5c23cc8,0x7ff9d5c23cd8
2⤵
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,13184888772134661553,11174952032467838368,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
2⤵
PID:3896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,13184888772134661553,11174952032467838368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,13184888772134661553,11174952032467838368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
2⤵
PID:4612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,13184888772134661553,11174952032467838368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:3076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,13184888772134661553,11174952032467838368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,13184888772134661553,11174952032467838368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,13184888772134661553,11174952032467838368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,13184888772134661553,11174952032467838368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
2⤵
PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,13184888772134661553,11174952032467838368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2012 /prefetch:1
2⤵
PID:3652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,13184888772134661553,11174952032467838368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
2⤵
PID:1200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,13184888772134661553,11174952032467838368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,13184888772134661553,11174952032467838368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
2⤵
PID:1096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1616

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ff9c388ab58,0x7ff9c388ab68,0x7ff9c388ab78
2⤵
PID:3588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=612 --field-trial-handle=1920,i,12093886809046986315,15068825398954528345,131072 /prefetch:2
2⤵
PID:2008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1920,i,12093886809046986315,15068825398954528345,131072 /prefetch:8
2⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1920,i,12093886809046986315,15068825398954528345,131072 /prefetch:8
2⤵
PID:4224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1920,i,12093886809046986315,15068825398954528345,131072 /prefetch:1
2⤵
PID:1448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1920,i,12093886809046986315,15068825398954528345,131072 /prefetch:1
2⤵
PID:3600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3484 --field-trial-handle=1920,i,12093886809046986315,15068825398954528345,131072 /prefetch:1
2⤵
PID:2452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1920,i,12093886809046986315,15068825398954528345,131072 /prefetch:8
2⤵
PID:5060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1920,i,12093886809046986315,15068825398954528345,131072 /prefetch:8
2⤵
PID:1764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1920,i,12093886809046986315,15068825398954528345,131072 /prefetch:8
2⤵
PID:2912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4360 --field-trial-handle=1920,i,12093886809046986315,15068825398954528345,131072 /prefetch:1
2⤵
PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4924 --field-trial-handle=1920,i,12093886809046986315,15068825398954528345,131072 /prefetch:1
2⤵
PID:4756

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d5c23cb8,0x7ff9d5c23cc8,0x7ff9d5c23cd8
2⤵
PID:3600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,8769859457189658510,7903113047821322950,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
2⤵
PID:1964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,8769859457189658510,7903113047821322950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,8769859457189658510,7903113047821322950,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
2⤵
PID:2912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8769859457189658510,7903113047821322950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
2⤵
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8769859457189658510,7903113047821322950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
2⤵
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8769859457189658510,7903113047821322950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
2⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8769859457189658510,7903113047821322950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
2⤵
PID:1596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8769859457189658510,7903113047821322950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1
2⤵
PID:1008

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,8769859457189658510,7903113047821322950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8769859457189658510,7903113047821322950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
2⤵
PID:1924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,8769859457189658510,7903113047821322950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8769859457189658510,7903113047821322950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
2⤵
PID:3300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8769859457189658510,7903113047821322950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
2⤵
PID:3224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,8769859457189658510,7903113047821322950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8769859457189658510,7903113047821322950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
2⤵
PID:540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,8769859457189658510,7903113047821322950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
2⤵
PID:2676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,8769859457189658510,7903113047821322950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
PID:3420

C:\Windows\SysWOW64\attrib.exe
attrib +h .
2⤵
- Views/modifies file attributes
PID:1008

C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:2840

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:1056

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 64681720517503.bat
2⤵
PID:632

C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
3⤵
PID:2324

C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
2⤵
- Views/modifies file attributes
PID:3248

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
@[email protected] co
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5564

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5188

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
2⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
@[email protected] vs
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

Filesize
1KB

MD5
c67677d841e5596910f4787e8f3c826b

SHA1
04451002804fe7961a594d1d55f09e6aa634196f

SHA256
d2a3e9d00c680e1bcaadde2c2b9eaf1e0bdd8a5e4a9caf6e583e77782f3960bd

SHA512
a9796379dcd88b6683a512a652c9caa93aed8ee6a9e06fbb7cd68648f0457648d5a2670b3ab782ffe02f4e28f70a13e9585b0dab43481e4af89ba3398758c3dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
90a846deea078c459ee657ec680dbb26

SHA1
c5e58c2097a2bb0947575e688d20b63b0d00b9b0

SHA256
5f9dffa4f1f1cbe2c229e0951f237bdb9361c04e6840bbdb1fdd8784ce078e26

SHA512
ed06574cb570b7d4bbdd9d8ce9bb6d49fc7966cf49342f096993132f6cd15fa109a9e1feca036173ab7be1d70d9fd3620f3300323a751221d1d1620427a06693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
113cb26bcf45f7e7d246924a31c87331

SHA1
155451a0597a7a5a854726795fdfa764ac120524

SHA256
2f206fcd9ca1b75c313c19b814cafd9e5c3a260850a0341245d733a0c8184f56

SHA512
46aa2aa99da819722b3adfd81814cccec88cd161470356664c9dc446300a08d8b7755421cef0a172e1c4c4e3499f9cf9e4b5ce0cf3485c5ef0bf79087c2956f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
95b51ccc3b0c7c70989faf2720929404

SHA1
20ac3858f0b42df5a327a98ddb6da1212b06ec6a

SHA256
b76352730203fa066489957833b08c0369d6698df66176aaaa52732d7ce342ee

SHA512
a518b34a297477c96015b6ab67e9678dbf8bd7e9e623315ace8b09a336e439c9af387d9f376e948860c7ed6168ef43b6b466ff83382d1f8047bc208fe58c73d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a549d2700f36b67c5568aa4f71c4b9a2

SHA1
61d04ecd27a1aa5d2cf625d15f8e3b1a43d047ca

SHA256
4520ef78c371ac63eef03c87fcc64a6f6ce8a8561ba26f53d11394b65f26e0bd

SHA512
19919ef3e0031ce5d32cf7615d2eb415b9648388716ae53f5a4701d8ec3492bd9659ddec0af5e040dd6c8d5beb860e9a82dbc251b86d7d93578e51ab363d751d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f95bbbf528505e0f78a24b6f7b3ab23b

SHA1
ef713b37d4a2e055e2defb61e852661e4311e8b5

SHA256
a9d7f431ddd2c15e02d959387b3d1683b788660bc38f0e704222d2ac1db26c41

SHA512
2c772c4787e1bb9e1c56d6561f21207fbe4175e3740a679cf1537bdf262ec1af9d74078acd57319d630ff831a1ed7853dc504ad33bb2f3f39faab35c677c7b93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
663263e74bc30d5bcd1a1b8384ee68e3

SHA1
352583c412c6e4facf7140a0f63a63194eddb587

SHA256
96007bbd3be198d4495cade4acbde9d4f6073181898224856af587acc65a40e3

SHA512
80879a3acdc160cc19617111497102dbe5251a9a54bd8e7b03e2494df0d780569a0eeeea4d4d7f726e70ded641f1b1a6b0bfbe8c0c86238eec3434be5de5b6b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
170d522bacc5befc7e0f7e5e94ad5408

SHA1
09df0c8920e21062c9f85c29c8aa173eb9e1bb86

SHA256
681a89d48ca6f5f9a10ffe22f9aafe091b6efc397cf019ac61f00b7ed91d65b3

SHA512
e8ae8cd3bc6f6de3d33ef4c1e6f42d93e4715a3320ee737fabd3973f6380c5e867168f4d8de67ec2386f9b29ff08baebe2736c29ca396126467a463796d0f856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
62687a85b34999c78ad66da51d5770dc

SHA1
d1532af87678697276bea95a71bb116f967625a2

SHA256
bb92ad570e181c6817670737ce346a149b8072030fc4085e1b2fa976205c790b

SHA512
b0cb22dab61b70ae97ea018e7ed8246a63fad7eb6e9824eb9992b1ebde304410e11388163ab85927f25f8e7afc95750646a4bc040ab6cf9080682e300b21e41e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e421945ed9a88e17e542cd5934c449d5

SHA1
91f321eca309262bde1395105dfb06c223922197

SHA256
160e1d70d17384eeda6679df84e7c18c1f91f481a61e2136decdd336b5edd9cb

SHA512
69ec460dd3b9cb0fe7fbc38253b10bd5b534bcc4524a04a9e1d62ceb2c29f8c5c1a7c8212b4ebc6a59b9d841866660622f19286ee077e606b60a616f0b94a813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2eb49fcf77e532794fa860f4518b331c

SHA1
816af9d0bd2442006997a61a0bd49d9cb35dcc5f

SHA256
8d5c66c10bd6c11f3136ec5f50a17401ad27acad96873d43d7e22f965765070b

SHA512
7d563c729f5169298bc4e452ad96e0ec88ed3cdf336af95619446d0885dd202823688c28aac5c6795f87ce2dcdc202415b356dd48311143386ea091f5a9f6305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
ae7b431e96100e3ff2007133e3d0b6db

SHA1
8a6f0eddcd0dda5887f68c30b52902722eb784d0

SHA256
a69e232be7c8af6dd102cbcd7167e11d07b796da8ed2db0f449700f462064103

SHA512
68b4e8f57584cd835f095b775481a45adc4060162106256d8f59a88b06a5e139999b48efbe52a610dd1a8d9be2ea83d99d9739f29ddaf67fe4ca7ca4d8099119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
284KB

MD5
b823722a9e05e9595a87e8d177ccb927

SHA1
c20e60736994368eef209bd5ae5094541aaadf88

SHA256
dd1df944e64a9d897131aa5d023ce5905c074ad2daa5fb96e553d967bc355741

SHA512
765b4f29a6fcd728d3b0c2a6e928d7149eb6d313f1f2de43ac01ce316061478dc47862d691828ead34d1211ce53862ca514b5371b44ca872d9cefaad33596db8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fcf9d9f0-a00f-43c4-80e3-b0e229b625eb.tmp

Filesize
284KB

MD5
0255e5e20bdbde67b2184bd5076aa31a

SHA1
ccded7b1ec084bcd60e1614bd5f40b87e1d6a511

SHA256
e284ddd88e6c8b7aa1408e2fff5d171cc56afff3a4b7fb3f5c6eed0afdff36c9

SHA512
f9e8dc7f8ca30bbb9a605abad0b0021f6a2dd0494cd03bff3f511032d6bf711b23503d7a55d4dee04c776397609b6fa9e7f511e7f59f69d750b1997db77b771b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0176e968a02096540e4a096219a8fe34

SHA1
cd301ea619d7c92daf64446caea1f1293da48373

SHA256
f9319c68cc75bc8e334037d946cc89ad65605606c1bfd12a2fe2ebd711b14067

SHA512
b6aba8640823d43f8968ff31a2e5a48b6f6def43ea6f83cef801294ea1ca9eb1fa16cec516893485b650d7b4407e34536b380712fb72bc9da581cc2e1e0ae2d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c1de55e8af0859bea07b6af77782896

SHA1
d5efde7bcf31d692d697ebbc54ccd13fb3624856

SHA256
130afd8eb97d11640a28231e9314983eee9eff75964c93abd71e84e6412f710f

SHA512
9664d41b0b1767ddc4012318fca427edf9606c525f868a5ba98e5987bf5e71e4710dd19a0ed7223c706588b5803f3b118ee949c51d6fd99696049befff5fd510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
89bc2e52ba07b756ef20fba420e8caa0

SHA1
776b2104493ab05e5974fb47579c570dc3ec692a

SHA256
18a6ceb6a2e1018360d236f01343cd1a115341105a203a9ee9fe07e5204ee503

SHA512
2597897df075220fa5528e4d2985baddc8c05fc417a045f0c89eb75f9a489da909a34b5e2f6e989667154226c2a43dafc57fe50375b4956f8055f68953b92bbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3ff142a3-2026-425f-9466-19193e513b11.tmp

Filesize
1KB

MD5
9b34bad3a50b81b60bb19daaba2a6ada

SHA1
0ec45e137941b10eca71e870e66388f2bb2353fc

SHA256
497ea162d8e9183b989ffc63cb0105fc0c0cd4ac9b4e96df0e03144551fa6f0b

SHA512
74076ae94ca3d4ed1831d0d8bb02524d1591e710d250d9e55b9de1e2e35230cbb0b36f001704738c654f0f67f507c840850f12f8ad957ef754e1958246461465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4f54f078-a960-4e9a-bea1-58e4c586e58e.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\79f03910-8f5c-423f-805d-1c4c8f6a4603.tmp

Filesize
1KB

MD5
a8ec480fba2921d3835d8335a1056f96

SHA1
7bdf82d7f1e5ef01a0a1f4d0010dc258c20a631c

SHA256
cf32d6e1709ee05d810ba5df016c4e4ecebbc59d23dad7578a442d2359d940c5

SHA512
2262535e9f8f7cac58c2ce0a7ff829c1d94a94dfc9dffe3bcfbe482b5beb475a8070541eeefc0c97cac5d61a4817b2473bc67e26547e852de6033f9428980bc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
8b8c153be796b80a43a317fabde6789b

SHA1
b83a0981b8b3429591c1cdbb07c7af02b22aab63

SHA256
52a30dc3e6b17e75b9cca4e4be32f60371d2e9684818c04e5d1d21d3ad7212cc

SHA512
3c9f60855fff23501f00a23d3aac00aec4b3b5e1a04d2e0c72258a2b51deeca9429f30a96a1bce333757f39ed2a0926bde66eca9e3e4fe415b162cf66d031480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
c89bd0d606b818d449886dd3834b6080

SHA1
ea51789b3c63c1d9c6ce012d55add8bc6a453716

SHA256
26d475eeac349546be9d7e53e49fe392819598ce996f378a263b760dd27b3bbb

SHA512
9d97bca348482235e8610a730a0a33a23e96f57fb2c32495768cf978809025f0e256f80990dfacc7764b2ccfe4cc41dbfc4fae3706eede22fdc4fb60d06c3da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
5b61677afa5c83e2ca9fa3663e928a9e

SHA1
bf6f640192f18d322ecf9f2301e8e92ae5b6edde

SHA256
3ae34897bd5609237fd909b65454ebdb8f591be755802a02d08fdd27ab2282b0

SHA512
0f218e21d426cde4d8779746ce98ed22aaa84a5f202f8c81b2d530fd486cda4d50cf726762328aa9fd386d82b8a95306efff966d1416a7f36616dabf31feedd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
f91d68aeb1daa3c7f517feead5f149fc

SHA1
c83420d39ccf23ede69c44d7d4e10e8e7935fe5c

SHA256
15468cd5f16f07e9e5cf3ea20b9bbf72b1b86e64b781a9ad6b7016984cfa60c1

SHA512
5a3c9e4f202427aaaec9ec0dc3c28a022637ad52923d44ab027db1bf2d0ec4ffcdb9f9374d8c873e7bd9d51ed9bc479902feec00d7e9e45914f9f7f172fa1ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2622231181f1ea011cade38d4e54472c

SHA1
f36b9f994bebe2ebf55458bf91ca82592308d669

SHA256
1ffb178977fd211d844312946b497ea5c95001b7ac14179e1c0827e4924ba9b4

SHA512
237efc17f2492e186f4c43ecd8296b9cf4dab2fc6d70f8fdd1bd2651f54bf9e269963d21f1298d83323618ad498ee2cc656d0812a6a63a73e1985e6d1bda163b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cba84a2d7baaadeb6336a807967aaf79

SHA1
c4111268d84310355a8ccb18e15ca52af69ce3ee

SHA256
939afa72d1f935b2beb6755f1d88dfc9f259cd2a945b5d53d90cd19cd9dd4093

SHA512
09ab42b5adde7676a335d2ec0a3c533d99a502876ac5f81d5b28e1742528de175db31275c9108cb02907258cba39ed1b90eb88f355e09ca9ac9de4ce97fe1b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
68c2e3a478a5db46ac3ac8bdf2793b8a

SHA1
8f0453d3934adf92cd7dc654281d32e3c4af03e8

SHA256
53c061893053cfaca2d705743cadaab8e22a84276da797d1427435a05d83e0ac

SHA512
57100b534d64c2a885eab369bfdf296a784536f383a440d54a3f6a4250a94454363ae17626f93f1707b24cddc4d4d001de6ef299eeb78a6e7fc6fc11ccb5f483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
d73dffb863a90aaa45eb1599ea885b7c

SHA1
76eb4bb147d0cbe122961555fc2dc97ffbf337e6

SHA256
c5afdd9964f471d016456015c92dd9cc23d8ae69b0a8868022bbe69c2e9edd8c

SHA512
d70395b0b86c0ade69c46f11c2047fc9d8afda0135ed247850619fb9aaadd2fce48687e3b8ed4fa4c5d3de3f9b6e7c86d98c1271fc8380afefae3da8472cd240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
85b9fe43be39609c470e0c0576abee64

SHA1
e3b41ed4a71bb0dbd0eae13fb82b7441e8c44c15

SHA256
ad08d12467cdefd3ff334908d8fa62e589e7c695f8b62157cb9eb0142d576e2a

SHA512
98a0d5871cc8c643d85a07bf1c40160263f28a7a08952f25c3a7e877360a5f20915a4fdc37fee369f057cbc8f0f6909e2bea0342d606208dbcc2cc1d1b1eff24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
bd3faa3cf2b336010cd29fe9540ee0b5

SHA1
fd85fc318e8dd6df7c71292a35b82bbd76b54daa

SHA256
55278af63aaec704816735b4f67da0daccf346ab2fae40f225725863742af70e

SHA512
1807ffe848d789d61d27ba912e75ce7ac940ede11e5aff6c9a3b9ae6487691ed1fad6e60ae7580f5b5f127278d83a43ff15517091ecc26b8644126ac919df3b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
15KB

MD5
8e66cb53e66ff61b7871d1ab6d9c4944

SHA1
254d088098957c0bab22f629f74370193cb7b334

SHA256
48e44f56e240eb167b8d95ab10a7b00bcbe80cc91f642c4fe5d66deb8da92ad9

SHA512
26c61f37db5696040ad3e3de15b82aa7d51ebbdad4107361ba4dcca59c01fe7f54cbfc251e0249e6f4debe325e39b8d1ae8547cdc91ea8dac67aab3b75d889d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
41fd12dccc7e727c9a76c0db0a76d1bf

SHA1
6caa2659bd8623f13dfa201342b3c9c4baa88f2b

SHA256
0a3470dfba0f8fe15ec9c198a513b56aaef1931981a00e2297a1eb9bcd696877

SHA512
5cb64a74b1d4e37d52d5c07ee4d42674d776d78a5664a7fa54a9f7c7e246a7cf835144bb9ae553d491fb28f09d18a22f245e1b973fcb234ddf8657e5375f595e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
76ce25dd0003895d216aec011fd48815

SHA1
82b7e4be21ebef67d9fe1b9b8025961da5a45f9a

SHA256
c0098c46f84c08915e00ce0dba99fc5c119a8b277d1525335207466a7ce2f9bb

SHA512
7926cd52bd8cb212c621ebee307fb85584c8f3b565daca95eaef7c8620b68d567334ab8da6b041ff975183fb984d73a84a5f0ae2b7a51c2a60a58a38cdb45f3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
0a8a7c3dafeb4ad3d8cb846fc95b8f1c

SHA1
69e2b994e6882e1e783410dae53181984050fa13

SHA256
a88495f2c1c26c6c1d5690a29289467c8bb8a94bf6f4801d2c14da1456773f90

SHA512
2e59b4cd4cf6f86537aae4ae88e56e21abcff5070c5c1d1d2105a8e863523c80740438cc36b2b57672bc7bb7fb9387896135afcce534edfd4697fecf61031a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8f6259851dabca2e62481f89843f1039

SHA1
de5ebf149b612719609283047b831b83efbab7bf

SHA256
5a91155b0c350efe31b9458de860812214931c929b33b972ca729d18ba14d367

SHA512
04b0155ada18420665caaa15646ebbc2476528e1d61f852974d917942234e8033d94fe6dcd1325efadc8487197834e7f3194ba30a7f7184882b8a4d1374cd4f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4b72af95754df2739b9c7b0d839b626

SHA1
fe7a9184ac2facd7f259792676d267b2c1d21ab5

SHA256
f2249e9b78f526d9dd486ed160a6a1c5e0c647ca280ecda91baef3a677fa2f35

SHA512
2240a1c551b107ed07c64e99a6e5018ba3bf65b2c04621f38d0dd29d7a5760c15a52654833035e13bd9aeceee9b6cd2470ae1941386a0c83eceb443bfca4c614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f7408c88e5349a66a7f688329a14f6fb

SHA1
81528643ab96ed48f85140a2a299a73835d9a91a

SHA256
597af4fca6b295ef9cc2ed9e3db6b861abc0a172d2b054c9d8ea09bce84723da

SHA512
458dba944fd4c98a7a91b8c927fc56207b75e365e853bd6bc4d423b43f2700a1064bbd99240fea74b49da61db246a18ef69c1d7965cc035214cf95dd281ad2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0203ceca008c5c76cde7c4abff5ac210

SHA1
d83204c39b91247d40c0bb3b25845a545140eb03

SHA256
3ce01525a8d66aec721000c9849ebcb7ecea5fe27d6dd8e6f0cfcc5ece121be6

SHA512
e23ee819f56c28d22056feb36f3d6e241a8e695d5d85ade06ced1a35568fa31e9906ec22f7b38e6be4785e4200d7b4434f195a2b467b5326da2fa624956e8f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c924eac6fb38ccb7d56382a9c0691bf

SHA1
d4a220157d14f8e45eb3b8eb3064d3573c832e69

SHA256
e3e9bbf217c6d2d683081d6867a6c27c0a9d29a2a501192e11134cc184329fae

SHA512
c85dc179b804d2f3adb9859de0302b4b5add29b2118199d273260d271a8d719284b45166ef5e46ea8f952ed3dc82f876e0dd08c91e5622f1357b87d773702467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67302d0fd9e4ac6d1f8a70cbf8d6c060

SHA1
985f29855bc7b110b5e35b02d7a2bbe5dd385d9d

SHA256
339f7dbde01155579529a1e9a5960e08a192e7465e13fcab960a2ae583b4426f

SHA512
07f1321158f6f28cb95f3292483a585e1e749c5df061d7a1f84f480b71b8c9f2678cd51f4a5957ada78a76eebfab999d4c392596d7e0abdcd49f246b5d3f570c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d90d047d09dfa7a1bd07973115c5d2f

SHA1
8ab181a708eecf1a37f0317135e8cb57ba0dc3bc

SHA256
8e4bf2edf47165c15a0e636ac45a21fe544bb9c5380f71015c85cef14ffd0a6d

SHA512
a0da38b61a7c48ec034ae2eb92b19af3c0e956adcfd899897d0c5c7c7d13d68d4174a62375a6761101af03ef5ffebf9333f0ebd91e80796d2ddd97aefc77c772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
62a722109be45aaceec1d8b6fc7356d8

SHA1
c4e791a9344ae8ffa08814bd7465f88805aa142f

SHA256
08fdd540136b9b4abb80a07c3b19bb25324f6c4a63c44a1066abdc81291aca8e

SHA512
6eff9ce57324fbefd16e22bb09a7ec786b16baba3b2c4cfded27a3d973fa34dda3b422089f22df4199b9bbd73bbcfa1b16bb14525b905503e62f416e7687ec9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
55dba038c48e3cddcd936a1d8b41e1de

SHA1
ec1bf6251f5071ed108efb3579aa1c609a99f31d

SHA256
9381838e680d89e95f219dc0c1b646fee79a4c485a599b298ed97e3e275f0074

SHA512
800d7c2aa4072697ea44d8ed404265712d6e4f9eca66e1555faa03ba329cbaee0c8a17a1d0758d24c6e44ff37e9282a96d35c2636d60e9a55c5cf626312f258b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364990970276439

Filesize
11KB

MD5
86db099c423d0df63d2af8e9088ead4b

SHA1
c6ada8bb0d5ea36d18cc7790aeadd1876ea3828f

SHA256
082b6dbd468b9fb1d9849234a1c2ec2659a1249f01ebaf49ef08be5e1569715e

SHA512
079450829a82e27631da86ccd44d8892ce50ca5deac518b58d1707bc7245c31ca1e3084ecb9cf883212f857032dffc01cf10144d7b3bc39a702003eb8acbb314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364990970587439

Filesize
6KB

MD5
58cafc59019b5a1d0512393207d2791a

SHA1
c18d0f98eaf6b46677ba0f2a03dad04475a07821

SHA256
b6833dad3995cb478d30f8d82d0871aa1bb9def6b6aacf36eeee2e86022cd14c

SHA512
c20fe4001e80e59113141a2ceaa1662929470c4bd7bac48f542c148a997e1c3cbd19bb7dadc25a1045736685f2d4275dc4aaf646e5a6f904bd9cdc23a206d4a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
4912316203f633ffc95ed4e93ddb9dcc

SHA1
eb711861b475b82d2925ee4d8cc9931a4154d82f

SHA256
50808f3e2504e5845c476d74bc89671d7d5bafe1fe91c47a0d26b2fb4a5127d9

SHA512
d59dc707179d2ece1369b565ee8cc17169bdb3b945e8f5979d5da994f196ffd24c24db057dea9c461b19b42b36a1d6a146e2e011a452d8ef88fc6734d7afd201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
15f06c37b8b0014dbb5c9622df0817f7

SHA1
b878ba805e564b5644c9e8cd73fc3133848a736f

SHA256
75979b99de8ca35aff753ed9d20c14e8f322e935b0dbb5123f5a132a77e0babf

SHA512
9b6d9cf561e16b7188b8a5b33ddd15b67e1d83d0f47a03bea9910661f0666e6b70b65ed4a124ef4c757fe27b13b9520e329f7614eea37171faa9008a470b1f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
511af3f0a6e5374007935c577bd910b8

SHA1
3e1a2383e17859919650677a49169041e607ba17

SHA256
0fa4ba0df51f618096df804c9c3e3acd27e9fc14451232117fc47f8c57b48f91

SHA512
3ffc8070c29b4fbb91fdd5c302b32c14bbec191f104c3c20e5ae642b76ca4e420d60d833f571a690ed8711166dc5e2254a4cd80c27c0c052a065532e6573db59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8cdbf9e9842d12231952985788e6b3e4

SHA1
9e388b6bb06e025eddc553f0ad0131fbac3a50af

SHA256
460a18fcf1de731c6925caa521411ee687221d7988aca261d39bfb8677807f04

SHA512
43d188155311707e40e6f80b1401d9d595be68839339978f1423da503dc20d55ef3ffd5ade4e8a2979028dd1e2467398b199a8629a5b05889cfc2a813d8da9d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3e759a5f003e621eea9001cb36b9f066

SHA1
ae386b6d9195c02b433eac330721bb6ccabb1849

SHA256
fd84bfb15e857d2a05a08004ea6e0d061d65ebdd2857d4a4007d5216d4c712f0

SHA512
6dc85c863ddbf8c9195e50ef6b70c9047b50f54bcb52128f17bc7c0ab430afc6b1f3249442957ad2b4862eeff6bca112edc4d8c6f0d2300ced7113d77728ece3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58049f.TMP

Filesize
1KB

MD5
10fc8f26ca174f97a6adf9a5522b6229

SHA1
745cf247577c075cde2d3ce0bc5b36072e719c1d

SHA256
04622307c0eaa315c3a14d50d04f0ccf816fa6e33578ff62db89922cbc0234e2

SHA512
2ad1e9c8a4c0d446a6d9a9f5f6b434bd4fe2c4a5ccbb3f827ef0c283621820cbf3c5d7f6c57560ef22d85d0c45c85b1d4081f2fddffe5c0f8e05ceb5bc8a741a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
d92eb8097f0f4c8edade076b13a74333

SHA1
804f7e7a32faac9f4e44fd095ab79d9894007625

SHA256
b0e1568be92d6d39462998021499393fc25e6e08ef96c9b80ffa35b2fa6a0d14

SHA512
095e57322f583edf643fe470157d44cecece65a62e4f8e4c478178d49a48d4956279077a6395060eeb05a9b11bc61db492dbfd3ea8c40feb3a2dbb7899fd458e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
100cb9cb94cdd317c1d6346ccd988147

SHA1
4878e4b04fd0132c5a55406cae1a8cc2314e3203

SHA256
bb150f909d2e6e8ebcce70cb089945881d39f85cc85e6b75e45fd408d043e0e8

SHA512
f7e7bcca1bf8b641f082ac1663d5dbd007a0bfaec446bc925e430e393a382e0db07751c4147a4631cbc1526e2656942b08930b03a3484ae5033611fe11277206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
2KB

MD5
7893e6590951157fd0d508b79d71b65d

SHA1
ced018a6b5ea7d1bb499b42e531e5963ea8ffef2

SHA256
96561e9c54899efe6887270d7f2d943d4296caa25d8d4414d42aa2c4625ef021

SHA512
32b67444f5189afa307537d3ea801ce0d0a0bf99a74187ab9dca3914186f059fb8743e2cb8f5bf7f06fb780c776d70dfefaf823eb8c2a8ac1c4d84fdd7ae931e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
095c830e8b4efe9262d17dc37160156b

SHA1
56f8cb28be203cd2e560f8322cf40f772b48df3f

SHA256
708fe5bbb17a63c747ecb36037f38ec9fd4c7257cc78d79d463d34f56f42f0e2

SHA512
09bcf0fe32d3ab4504a8f18b0f9dc237a2a23b80fcb9c8930ecdd63f8abf95aa4886a97b6ce39ed7a29cb871e8bfb3ea9b5d545768fa287ad0fc3cad60c59b41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
cbc17bb48b28c8d0752a359e46e926d6

SHA1
c9b5abde39d0eb13d64225faf38e43c6dcf7f542

SHA256
5cb50a22d12ce65995c55f6a490ae995ac850cbf8caac58540f01ce8db40c19b

SHA512
f1cb51a1ca1ab0d19633ef07879e5f58dc1394168c3003bcdbedbc5968a9bd45e53cfc48a35951dbc9b15e62c40f64e5cde8add60784e70d17d5d5acc059e89b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
5771e138a76824bb02222c700df53e6d

SHA1
297273ae1f7c599e11edf32f9c47221745bfc46b

SHA256
d10242318bbfb0e844e8d430681b7a9f42f2988ca10721521e7a85584bad394a

SHA512
9825e53f466d2885eb09a60813f0c6a381804d6431cf18010577e566cfb34f23877c93d8c91097234d3fbdd51cfbf09bcf08fa9113cfa98740ad1beb61294199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
f2846069f0cd8b0bdaa2bb6c3f88e6e9

SHA1
ed64ad185504ad93508e308b9a58841b6b16e8ba

SHA256
92e588107fb7597dacad646a52048ae34507b13a092edc3a986a0e97240c15c2

SHA512
c60399a41d24b7ad999fd5515dc57670f5ae6a92ce04fb4829418be04994f052bd28107604cec5b826540d297d568b6e08412eec1ef0acfabb6d587f1a641ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7eca9bb19d423d002b082f4225637ef0

SHA1
7a766fe4907891e882a60fe7f0be6e382a02cec8

SHA256
a2e25bdd6c610ca615456a131c31405e54d2781e554a96cc7d52397ebd1ab8fd

SHA512
621d268d252711ba1cf3190339f59c51a3638c247128a46274de0eb76a0f696e9c50a3903bc86c03efc1c453f8a8a61f0f24eefa185e621c1cdd5dbb53fbdb87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
2c408d427d0897841fde2d15bb413bfd

SHA1
76541a3063b7164a8deaf1f910192e46846e7e43

SHA256
8168499ac047d8fefc70961ace131b9470b908d88b7687971d329c18712bac4c

SHA512
45455401db1336b42d2ed9fd85dbca4d038fdf59d0a02edf0da360611228d8229e06de5c9eb5a458fb2689fd8e965ee5401fe1bce4e30f2feeb33cce3e5dc423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cce9eccf6de7b646032c34fa0f7b098c

SHA1
b0b357f26b5c4c7bb0ffcdf38f95751fc91a3f04

SHA256
2f41c190985e76de7e899a3bca61f8f1c88d9fa89f658253ca3bc8b94a25bea3

SHA512
b01595741de8963877c6efb9639d880fbd08161594d05edcb3253b21ba1f4c7896a8320aca4b34f23fbaf648e99990515071fc256f0a882b2fa516a4f4e5355a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cfbb08e9b72934795b02f5e03507120e

SHA1
b2b4f758ee45b41e054cd1f971b5c9aaa13ac143

SHA256
3b6ce3c537ab5e41a61e14c2a1f594f6ec7b3a918c30ee8f050f136e96e91a8b

SHA512
fcd826f6df4c1d613909cfbe68d2fdf8d2012133718e53f37aee69ea208f7efa271d03c78af8dc2f92b76c45ea500ebe1585f4066e5fb450bc1047fee5e396e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
25a9f93d6804af6733faf3c3cc7a445a

SHA1
1e3bcff3a0714ed080048b62f386df4093cfa5e5

SHA256
712cc5fa3e02672b00a0d36431447794da2a5071fa6ee5ad02908eb093f2a1c8

SHA512
84dadd1424bca70e1d8417e1d2e19617b2a7b5b5577af67dc9123f4c1677a19bd8504667bfb10956cf9f3c06fe16fb117999a783b550e752b5f377557cfcf78e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
952fd5a4027552bd7b67143202ef8ddc

SHA1
47e1211c3fc78e8baa5e78847beb817dc8576981

SHA256
fa7177f32eff6eecabb472860befb40320025f9fcb3dec95d7fc515923cc31d2

SHA512
a28a8fa3d1a6378596b586e42c2f98b2e462061429132b5fa79ebdc92f6a0108236bfc372f38c53f4f55f0816ef73a59e72728d23e683a7a2d9f4e1e076eebb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ccd4c7da7055e01bae964e9d981536b2

SHA1
de68024791f80e0559a598c6670e7fcdde3b3c32

SHA256
035c42f8d06e9fc4deaaae92741776d5e8b483dc5a4c586c95c4e0a5011473de

SHA512
b59a40344383d154153b60ea83f28d52cace870001812df6f0ea705cc29102ea842cc2a5ab25cb8ef728c0aa8060e84f4e68975c8421408654ee9716f9a3f184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Filesize
933B

MD5
7e6b6da7c61fcb66f3f30166871def5b

SHA1
00f699cf9bbc0308f6e101283eca15a7c566d4f9

SHA256
4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e

SHA512
e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry.zip

Filesize
3.3MB

MD5
efe76bf09daba2c594d2bc173d9b5cf0

SHA1
ba5de52939cb809eae10fdbb7fac47095a9599a7

SHA256
707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a

SHA512
4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry_Plus.zip

Filesize
2.3MB

MD5
5641d280a62b66943bf2d05a72a972c7

SHA1
c857f1162c316a25eeff6116e249a97b59538585

SHA256
ab14c3f5741c06ad40632447b2fc10662d151afb32066a507aab4ec866ffd488

SHA512
0633bc32fa6d31b4c6f04171002ad5da6bb83571b9766e5c8d81002037b4bc96e86eb059d35cf5ce17a1a75767461ba5ac0a89267c3d0e5ce165719ca2af1752

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry_Plus.zip:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
\??\pipe\LOCAL\crashpad_724_LXUBBXBCACYGUGHD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3420-794-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/5188-2441-0x0000000073AF0000-0x0000000073B72000-memory.dmp

Filesize
520KB

Download
memory/5188-2442-0x0000000073820000-0x0000000073A3C000-memory.dmp

Filesize
2.1MB

Download
memory/5188-2445-0x0000000000B40000-0x0000000000E3E000-memory.dmp

Filesize
3.0MB

Download
memory/5188-2443-0x0000000073A40000-0x0000000073AC2000-memory.dmp

Filesize
520KB

Download
memory/5188-2444-0x00000000737F0000-0x0000000073812000-memory.dmp

Filesize
136KB

Download