wannacry | 3e5e23c0adf484b96a726f9ecdbd4a3089ad7f8979329616b73e521825e183ae

max time kernel
1790s
max time network
1155s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
27-09-2024 23:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-09-24 2.11.17 PM.png
Size

45KB
MD5

578c76503d19e73f7a935cdfb1a4108e
SHA1

74644b49ebeb844cfa821fe70251f8e56ac6e112
SHA256

3e5e23c0adf484b96a726f9ecdbd4a3089ad7f8979329616b73e521825e183ae
SHA512

52b1cb29234be0e46a90cc26f8ac9ad6ff45887f80fbaf20da53bce7c9530111778317aaa393e6e94fe97f3f15372a0de869f709e768f278bd74ba989599ca0d
SSDEEP

768:54PXdrAREaTeqsZ+93ArVC7UpbJss0JAKEKFXsojUIFI5A29+FKn2g5Fh2O:54Pa1swmfNIOKEKSY29tnxhz

Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\!Please Read Me!.txt

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1 Next, please find the decrypt software on your desktop, an executable file named "!WannaDecryptor!.exe". If it does not exsit, download the software from the address below. (You may need to disable your antivirus for a while.) rar password: wcry123 Run and follow the instructions! �

Wallets

15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Downloads MZ/PE file

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDB57B.tmp	WannaCry.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDB5A1.tmp	WannaCry.exe

Executes dropped EXE 5 IoCs

pid	Process
4012	WannaCry.exe
1612	!WannaDecryptor!.exe
4668	!WannaDecryptor!.exe
2568	!WannaDecryptor!.exe
6056	!WannaDecryptor!.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r"	WannaCry.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
162	raw.githubusercontent.com
163	raw.githubusercontent.com
164	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp"	!WannaDecryptor!.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCry.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 4 IoCs

evasion

pid	Process
4320	taskkill.exe
4804	taskkill.exe
3724	taskkill.exe
3268	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133719525300026978"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3007475212-2160282277-2943627620-1000\{6D40B560-4C85-4588-BA47-400CA8C61670}	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4012	WannaCry.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe
Token: SeShutdownPrivilege	4860	chrome.exe
Token: SeCreatePagefilePrivilege	4860	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1612	!WannaDecryptor!.exe
1612	!WannaDecryptor!.exe
4668	!WannaDecryptor!.exe
4668	!WannaDecryptor!.exe
2568	!WannaDecryptor!.exe
2568	!WannaDecryptor!.exe
6056	!WannaDecryptor!.exe
6056	!WannaDecryptor!.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4860 wrote to memory of 2196	4860	chrome.exe	82
PID 4860 wrote to memory of 2196	4860	chrome.exe	82
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 1260	4860	chrome.exe	83
PID 4860 wrote to memory of 5864	4860	chrome.exe	84
PID 4860 wrote to memory of 5864	4860	chrome.exe	84
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85
PID 4860 wrote to memory of 3508	4860	chrome.exe	85

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-09-24 2.11.17 PM.png"
1⤵
PID:1172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7fff6a00cc40,0x7fff6a00cc4c,0x7fff6a00cc58
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2228 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3788,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4296,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4316 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4792,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4848,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5040,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3248,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5000,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=220 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=220,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3380,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3452,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3800 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5236,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3272,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3260,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3808,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3792,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5516,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3268,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5764,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5872,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5184,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5196,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5072,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5972,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5996,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4820,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6284 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6308,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6596,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6592 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6296,i,12626473732754734262,16534054358453307489,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4604
- C:\Users\Admin\Downloads\WannaCry.exe
  "C:\Users\Admin\Downloads\WannaCry.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: RenamesItself
  PID:4012
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 72881727479277.bat
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1384
  - - C:\Windows\SysWOW64\cscript.exe
      cscript //nologo c.vbs
      4⤵
      System Location Discovery: System Language Discovery
      PID:5132
- - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
    !WannaDecryptor!.exe f
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1612
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im MSExchange*
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:4320
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Microsoft.Exchange.*
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:3268
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sqlserver.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:3724
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sqlwriter.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:4804
- - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
    !WannaDecryptor!.exe c
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4668
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c start /b !WannaDecryptor!.exe v
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4336
  - - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
      !WannaDecryptor!.exe v
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2568
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
      - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5024
- - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
    !WannaDecryptor!.exe
    3⤵
    - Executes dropped EXE
    - Sets desktop wallpaper using registry
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:6056

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1468

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5572

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:4020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9c4a30c9af4e13f5e2f78e83e5767e31

SHA1
5611b2135f64c0937345215f5914ea0677efa74c

SHA256
779835a6053d3d1069ef94667c012510b7f2eb23a85ce052d74c67db13bf8fed

SHA512
b4e021b7ceb63312b23313398536fda063d6fd1151868827ca53da30eccdbf5a1b4c6a4d672034477afb4ad3c1d156d0459e8a313a0b84db7a13ba4cf54414f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
87KB

MD5
db68ccda43c4688d073a648ae7817d53

SHA1
b1b2b17a147c4f6c2f2f21c2f1464e5a3977e9fd

SHA256
ca407a067c6975c31c2cf926c047810fad220d9b8240d2e1851f5be43e6b1dc5

SHA512
329fdbb27f2e63fd59958016c3aab385f37d22bb75bc1a0a51e46babf706005785bdb1582ec177fc8c29d703c1139f4d8cdb9af9e8f5c768137f856717655bd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
36KB

MD5
dc43f05246ac5c212290f9db1a1e339a

SHA1
aeab2cdfabee1056f11f9b4cd3ea774417a471b5

SHA256
28528249399478c35c01363ebf06befb13ad5402ec2f290f2e8b5b5d6b617096

SHA512
5c7b23f366c1fc1331865e09911592ffc9a5899e2a141f4dcd09c13b9fc36a19be2c428966115b590026ef2bcb6dcdeffaa3aaa91f1a91d6e6cb8e4e15714013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
39KB

MD5
5dd1c1849fb409163e6eb41930234d91

SHA1
4ef14a8cc10c0ae11adda138255f4ca7b5af4fb5

SHA256
b0ce0de0bb281730cb865dfc5392f180b14934f204bf9668ae9fa2d4f6f40abe

SHA512
fa3491c472c7bc208b4d85643cfd0c0a3b1ad07d97b59c15c5f8ce213381c188e71f4a0351a8c3c26958f9a238b34b204c07b3885a012f39f411ce2173cab135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
71KB

MD5
7d349cc1777ff3da367fefafea14ad0a

SHA1
80f4cc647dcf2b58bfdfd9faf7739228d230d3bd

SHA256
bbca4114754f20658001996fad19214836924212a6a565b4323b10ee029f1c23

SHA512
0cb0dba853a3925cc1cc30b318820897b9b1532afb2370c7245a8a2032f308d47e49a09137b355ab827156b9096994722523ed7a2d20a75ece1f00f3763c4ffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
72KB

MD5
2af556267cc2c71de595ea2737a26640

SHA1
e77df92271560541eb8c427346aa6d9920393f3f

SHA256
57c1b102f951c4662241b6d7d819f33fc6b7aaaf4e3d7bd3391ccb7875f67485

SHA512
c85cc9bf7e1b5ffdde2a5e3df68bf9d1e5736d37d1834ac04cba0200d6f549e13833025f4a3a8934d1d7506ffa60681bff52ebc65b77ad837d9e0b8bdba3d73f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

Filesize
224KB

MD5
5c7fb0927db37372da25f270708103a2

SHA1
120ed9279d85cbfa56e5b7779ffa7162074f7a29

SHA256
be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

SHA512
a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
2bd1e770cc7b5ff3980e43066fea68af

SHA1
850a4a589b7749a4a4ff7899857aa8855fa7fb47

SHA256
6d4571a5778552450a669db122080c4f08a4c00d802b93e178b1e75c02024536

SHA512
88dc55727b28da404005350ec1af9e3f8cb390829a22d83be6fc73f5529a88b6efd2702e501f7233403d67374b2354f2edbc8c88aaa8044fc707d0d178e8a53c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
6fe41455938734d8f0573bd02e0202b5

SHA1
4e2bf01a0fc9900ba1ed895408182b6f9d506251

SHA256
0f1a41b113181dd6f6b92153d6eb5491e1ff13b0324be79b2bd437ea4e2276de

SHA512
eb540b9f6d668b352dafb7bf170a29249b9bdf32e30029c6c8e3c9deca97e349afc5bad98cb925816f6100a03f53dc0a6f969dfa681a79b1756e0ebaf3053b7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
aed1668d1f2b4c866b67ef17717dee8f

SHA1
71f15c96a24e959ac2e6f1dd5a5c8fa91983fba3

SHA256
eab2ab2ea990dc5521fa6a4bd8656b7e3806f8f76592f69f277fcbc9e3320840

SHA512
c98fbe9db9c1cbe32480c73d1faa56aa5c35143561332aa8e60cda7722040a80fa14a157ff095cf319d40bb400082d484e271496b4b888ef9bc177d75e6e3e48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
05c1111cb6f52973120b0622f60fc646

SHA1
b99151a2fe23ea0b88a4b1ecf305fc62c4c822c1

SHA256
15c5bd90341503deb181c1b204c7ec05b9e8c19b124b5a12c176bb71a3c2bfdf

SHA512
391a8ab06757e45e92c6accc7d25c1e5477edc102bf1f12baefd920d2b56a98db4e1a880659f8bc7ac961f70517321f257e365f923b312e61995abd5fcefbe34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f9b3d068fd7bdc8425f644ad9abf96df

SHA1
01a07960982037f85427bbda87154e4f29feaaaa

SHA256
f54e035a4b8dc237683783cd5739f0982210cb46d73f3f30242999958d7ee7ac

SHA512
a8f9c6f60cae570faddcef5923ee4ebe757f393d26dc7b76546605d52c0bb619e671ec6b980b7a269acde2ff993020fc7f95df476899031f036e0ad45dfc60b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
3e20ceab874352be47f90d21f15aadcc

SHA1
6775eea13ae16b18486fb7db36691830d9ba6940

SHA256
92fea0da39d009e0b9eb3f8f08310cde5afb6b53d4cb4c792303229ed17325e7

SHA512
b85c010bd0e1e2fd2d980cb444fd729815934266473b8ac33ac97dd2b6952561ed77c330d2bfe514d95848b4c59eb112f29638b6bf6b0a6c484d569213bfb6d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
35c7e06cebb5ad6dabc63da80b5e5fa8

SHA1
4950c8e370d96a6fbfc66a0bc72994a1993603e0

SHA256
8e58bc953eff0e47c22639d63a9b620356c4674dfe0c1eee4ae4584fd04c7675

SHA512
97f54482a09c63c63e0d0132bf083be5442d906b9e70e981537f9e358f064515414d6a05eef31a140b85882c9cd0c3f6be5a7c2eeca2a35a7caac9d1a20960d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
05b5b8f6484e41f308d6d0faa25b6108

SHA1
4aa14efb6159ada4ae360d9328ca74ac9ecc60da

SHA256
d9f18bbe6a665dbc4383bccda0809f15b6efd5d00751375aab7e00bf85c609f0

SHA512
b7a2325f351accec39429e152297a9c31b0befe65bf09a4fc1628a12f803b2b622ff0bed514624c651401042041e0508121914b44b010e2769422228b1adc944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
711b09fabdf144ff09cbd0484a1cc0b4

SHA1
41ceef0caf751151239a13c71640ff2fee21b754

SHA256
f4b01e08087c2133f60b60c28fa6820a2760b4f132a680632439526fab7affc9

SHA512
a67d51c8828e608dfb3d63a9772ea461c0bd402e9d67cef88fe971ff770cbc398ac63a3b017c54ddc013f25be0b39b2a80358ff73810f78c4c29904e13f48668

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
95873c225987e944d5da75a87c23aab6

SHA1
0696c93c60358fa1f05c3c249ae610885661e4dd

SHA256
3f2f4a0c50fa2804c1c28cb51b6c5bb8d049b1e149df31348f26a2bb2ccafbb3

SHA512
bbf50b9e59b0f2742a4f1bf391d86ba0bfefe6caba5e1fad105eeca666fd0d799065eaad55c291d6a7979cb76a91fdfe058c1752f8a43735fa7ccf6995555534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
3d410d22c1eac797bd77a9cc47400497

SHA1
ca88e4a195ff6a38edf4ede54b3a060f444b3a17

SHA256
6e2e67d4b9a3908fb3aee24af476d0749caaa2dcf181ced123b3ebe1e3f2c472

SHA512
bbc986e01b62c8cb8a126bc2dad3166b040c8b84a145b482a94e49053e5336d5f09a19511cb3e099d49e3b3d46d944dc2db7c516236cee8f12fac9ddb95e4bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
8ba84f030c0d1dacca2e505644f4cd1a

SHA1
de2adce9e3a8ad36d218113a9e9bee3146c24676

SHA256
6fb87f2bf80cf8e90afb75bf04ff0445ef95d1bd2adb472c1ad58d5066910b55

SHA512
1c7b9bd2eb9ca245b9b9688a6e71512bcbecbe7c863615932800d49484e17d0cc4e23517a909ecbff52940711280d36f6fe03f526db377c1871afd8f2eb312b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7cd5752bc88a617d048c02403ed49366

SHA1
09061f7a2d9bc4a5936ebebd4e573522df69ae7d

SHA256
60be133a2f44ee52d0481db8c574cdcff3f4c4116508eb9bd2c6da3c9370329e

SHA512
df025b8a07236c6753865e3b9cd8e20906feecf7bc343405b7da697c6151060c1e205e951a33ff4b9ebc1946d9b4d624a480c9fb90e018a111064ad19734c9ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
388020da95eed4ef68d7dcdfce2caec9

SHA1
bbfc0ab54c46f8768b30440663ef166cbab431e4

SHA256
853b7a5bb5c7f1b87e4e4a97d65c8102571889734e096098bd542fd02aa3dbf9

SHA512
1269d37f797725e3751309dc4ca7108539e5ff49095899bc593e4d1ad0e589a1ea44f9b65159a081f5a916867b8dfa514c96233dc26c265804e89eefa39b880f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
65ee221b5981d2c02ba156bb5d6e0693

SHA1
634b1f4912312012e294767434559d5e5f73fe57

SHA256
1d315edd9f4e12feaaca4e848ab814ef25703e7220ad52e709c9d65dd043515e

SHA512
1feb828ca781fc72f088f1a08de25758ab8c5a1d2df1022e69844cdaecd68217d98ccfc4b2170ad3440d82a90671c050060ef2bcf8de5708014d49ad6889f878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
01b1ec7e2bc97f2f253bcffa692ef2dd

SHA1
cb338838257a7bb9d036600c55b77883ef76ee97

SHA256
93b0d9273c6ec61eb49a9145e03931995c2e749fba6af96cb48275ce67f5c0ee

SHA512
f912c3846314bb3339acea6cc3bb1fd61966b26e818ac1ec3b45f17e7156ee478ed72d91c1eab8b643584a5b94a2b9c34bdd826d837cc8e9f9ac2c05196c4bdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e5b13c3194e3837c3c7746984717ffbf

SHA1
18081899bfa5e72188e0d7a16e9249d0d79d95fb

SHA256
c665d9635d1183f56ec711d8a747a5e2f0edfc69a15cb52366f88f2d7005dc3f

SHA512
6128d2220f506c433cf40c3790bfea675359068fd421683eb2a551674fcd30db87ea428fc4fac3eb68a5b6337f160358a0ca9c558656c1532c6622223126eae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c6af62029bef601267c0b0923d8ecae8

SHA1
b19e30d160ad7d097807364a921a9d3b2cb14a59

SHA256
96208a67e7e0e979022a47c9d1471f7fbe2d491f6967c5888bc1e675d52c7ca3

SHA512
f3fdca1af0ac745b7490ee752cd6af5a2b8db74e54044108c806ab6b59e5aec7801ff5f250bef992b84df735be3130b5661c88c90012f8a3e38609e05f2030c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
c9caccefa5fac3f005cd70313af2dd91

SHA1
70cd54b6539b852bc8a085d28e3d7aa3d153350c

SHA256
5f0d023dea5d70ab45319973936935258e7750fb60c08d527b4ad59cfac334d0

SHA512
e86e3fd7e7e983d55667e9cce6873418b9b4847a4ff6077f3eeb0fe2a2fbc604a36ef39ddf17d86c9eb386bc608d5a6aca20ae4f668e5ffdd119da0e892c37c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b425e2b8ee970e6f13d4bcf789950b55

SHA1
999dfcf672310c77944cc14fe803434bbf5557d8

SHA256
5044691509f3d5a79a4da80bc88f22a01acf4380b0f7157b80ffc446dd383070

SHA512
1a37632510f7599ca0097499baef7d67fccf5b413d8edf43d6632df69751c139626b6e93ca1a500203a00d8923a822847775e7bdfcca3ec044ae810dcdbc7b76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6197385fb09f1bdabf95927c2519c812

SHA1
e4254defcbc69b59ba07a6ced03a5600ae89e811

SHA256
f82f76ed32d8dd3f7a357b18ab37876d845471dba53b76141b1b90cf3d157de6

SHA512
11d79bf918e2a85856e99ed0b1f1b4eb4c7b6178009e8378faa1109b8af385d4aa64fb6af623a7ac1ddfa8ef9ee9bbf0f3a05ba5ea9938356738122140857d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
e9ca46c0a57049af51a64cc7343e7eac

SHA1
7b94935f3f0ab86adfb673027f2291df50d069d9

SHA256
a3ee4ca32de9ebbca640e0618983cce0a891b452d75efe676df32dcec4e74488

SHA512
0c54eb9bb84bf9fc7cde99812cd6c025fa78d5ab8f24acdc2bd78942c5d167e6dfc3028a65f2491ceaed7a9c12456bc849722e8d9cf6a3753a085db5f640cd09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eb7ce4dcafe0639e82e9ab531f9c2444

SHA1
a51eb2beb2edbd5150484dfb5f7eda893c0d8d92

SHA256
e67447c474e17339d04f3499e38815b8a9daf2596aa21a0535818f4846db3cfd

SHA512
123c43d2f7ac701fd00c6f0f9d646619cd353dc6149837efe354a6c079327314a5c4bad06329caa030f7ee055c19c004256f0a16ff7fc85aae56c28de842a9b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c3f1bd3dfe3be62ff524649091c9542a

SHA1
71d64ffa88b72bcff1a8c87792def49287a81d5c

SHA256
df6bf71b58e65f536f9a4f66d7a2d4621faff630e5be851cd1145e1150e77078

SHA512
c1cc7059b650e7120677408f523c3accf2821b2503c308f31b1702aeea25697f6b0bef471c5ecfa8b5d597b764a49d5cd7fdc3bc4fcf513126bf0450bf17d704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
13005c099c91bf424203a31d10315f71

SHA1
d62e9916b60297fbd57fcd3e0b6617b52b0fa44e

SHA256
1adcacea587675600225599986a06347631833770ce7d0547d74a3842b6d80b5

SHA512
8a81d631ad6a8a3824a65b9cf04873b25fcc36cd326bc8a9933cf394d2f3bf3fcb42975b3d07557f3e388994f1ff43df65cba29c438a0f5014d02782540e3678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9fd65fe0a7dd09a2ac4193bfb7de0a77

SHA1
adea98b125fcd7f223d79ad18bc8e525a32a9417

SHA256
60568382e1879557243698e98e807e05aaedfa6af8224603b4899e77e358f543

SHA512
ff29be3cf7d0f06ebe123a2d47e4e022344f85cf8bfdf2f771ca83979094d3498bba2707249c28d1ec79a76cac5eb0d0fa442557b47278e401e8034833ed9f51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c79252fb82cef175c7f18e184afce58e

SHA1
67ee9d1487b160d2cd7a879a5699026b17181acd

SHA256
eb0d144c6e36da4ca20b73081d3ccb74ce2d4783cce18e6bc78f508af8246fac

SHA512
f021bfafdd62aeac76e90a074525d3911a1dda90e1788934454be8269f5be5c3856cb901fdb4b42f5e65586dffa9d06fa13f8cea43ad71ad267b4c555e6ded16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
940e10503b3ee0cf02ef4c7406cfae17

SHA1
6fd089a9d6fbfa03a86c8fa5ced64110f0f6427e

SHA256
18280230ca56c0591a46ed200eb051e2a1a959604e6e24f8437f63e288e9420e

SHA512
e76c207a853d9f5a14316e9ef34d5e842252eb4a0f2cb8f4a99d2e91ce635d9b587fbcaf82fafcf68f7be15af53cb2f6c71d2884f325ea88c1de311eab75d605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0041abf5fedbe1fe9360c5ec4a6e2ddc

SHA1
5fdc907fec8149503f3d6bb9eb09369bf72f899e

SHA256
ea1ba4e8289a9f66faf84c4af49d9a7eaf3c4a4296f871d0ba1cfecedfc8ec05

SHA512
62d7d12dcb37ef412f1deffc3c6f96a51d0fb94cff6ad7a829819610783be6c58b7031275031d38b527d8e62ea460df3d7a4f60c1429793a9b192cf4d044f79d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
63bf9393d4c3495caadcd1b09935f0e2

SHA1
5fad3983f5f7fd09f76d912aa98e72aa0dbc2c31

SHA256
12a69c48a87a487c2693c58151bdef12e1b921d4b7d3d724bed82b04bf5de2b9

SHA512
d0812e2d982b50f07b739e3ab97f5df4e0a506de41f6e4945b95acdfcdd1a27dfb19af421c864442984297ad2441e28f7b3f7e3c1d60e8a5189855f5f0a05103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
aa55c77894bc27fc05ac39c471d6f8c8

SHA1
826157199aa013aa4a07d8eca48ff0a644a5baf6

SHA256
3aae124c300f5d3397fd8f60622732c1c8e93580b25e14cbfc3dcafa46a61ddc

SHA512
9e626b82ea1ffd7037baf7f41593e8f1e4720fe6afde6e8b62ac289b338b64471d0db43727c6e481faa7382acd3efb362d8d14cc7983e014b33bccb7be88ab31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d441303f1a901fad10ec43790c891b59

SHA1
5d693fa601245fc5325aa6b9db9923fe619448da

SHA256
88d9c4ed5ff3dab50c4944ba5f45f1d579493067aad0fba3812647df6af3dcb5

SHA512
6c9a00b9eccc30e46a2093612a232968bc461168eb0d564e127c6fc0951fe6b1c96d0d71ce858b328eb9d7234888ae9b9033d12426d4e157b3f8d9f0b1dc4dce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8d209ed2130651531c173e61a605af42

SHA1
f3110a6bfadf1d2908bec3b0380eb2b6941426e7

SHA256
04d913af87e5d8d1fe5acc7398372516e8cbf318be31c2b3d6a2b87ae8117d4e

SHA512
44a036a7510393cd48840e95b6a0b17a1cc4fe70c97b4fa5a8145248d3348ad7117cab64194de852ca0772024227c85d843e283722e99dfc7e5808663cba5d89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
33e092b1d4136047c544807d5a62a479

SHA1
24b961bedd6621734595b817e9976f1ad3c62d09

SHA256
0658a5eb238428cc50028972eae6f1d84871653a9b2a4db46139bb4e5b782d48

SHA512
66f5ddb8869178afe28d5bd7347f41cdd9e5f6c46249407d7e1a369d19968b537bac163c6db7aa313fe32608770603d62da3a0685b6d214815351d2fc977bd00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
34d58bbdd712baacfc3c1aa10b7af784

SHA1
789e75be0fea54decdd8f6701afd0e6efeda1162

SHA256
b37fc349b9f15e7317fa36c27a26878b09543120c8169aa285c7e802a59bf4a9

SHA512
2ca1bccab37359298ff16f651f9947acde74c54dc61e37f7f59307a9325cb88d04df4a14f38585710ee7d0be802a59825a9d95640bd6a27414aeffe20e4b5240

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a6d3c866a21da0342de0af6d12da743d

SHA1
50f32e6f8dfef0e430f00c8ca349a0405bd2a740

SHA256
f4fce62d68d917987fca6744a6f77dadc69f807bf54d4b55635ffb4dc879c24c

SHA512
0db7e2c33552726c728a65fbd2af88cee6f4e4f00228fb391d410e125e736e33dbcc2f093c6e1117eac4e87224171d89c3ff1a08bf25c0adf2c49a15edc10dbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e258fe725736024e6f382299710969f0

SHA1
c10ac49fbca29bf9a30dad5d63625c2b55d7da05

SHA256
a0adbe87878dbf5076ac22f80ae6b0606e05d80ede69e1f5fa51f1e90eeeff4a

SHA512
eb867491425a42666351baeb5dfbd922fb882d8ca5173aaa6621231a9a1e67d44b120b21517b2fd27db40a6dfcdf1ea4dc91308db04b28a91d4ecc4fef396ebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1ff72bf6af299b1c8b4e12867006a37e

SHA1
97cec3b0c40c9b064eb497ffa63851ede0c6b474

SHA256
1246cc1c875ea00589942ac28fd44df911acf1e44a7e1715529866e2b3641989

SHA512
70e96530d78af3cde20fea803ec3e7720dcb1db63adb0737e9f91d60357b8bc5905e449dcb54d4dc8f7edb2459dac58149ae6f791c694f915f56bacc0ce9a90f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
576b1f3654dc2efdb202bcc2e9d5eeff

SHA1
2cc9986e5151d7a606d8c5a453745cdbb28210a9

SHA256
d1fbe7a11f6dd76142480a0c8982716c1fe6098e187886dc793f05067e70fdf2

SHA512
77cbd30abcf02d7482866680767d10bd4609766bcfc7d9aa5a319bcf5531a78036a6b278de2b06122df0f08e99593c0efea7330dfa570a363a690b4209a2b5f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4bec4b908f239e6a701de9e143bea5ea

SHA1
d6109dc0a8f123837c7536ada2df38c38acddb83

SHA256
19bd62b5114aa4e9d8ed3815d754b69cdce3018c17ca827a7db3d90e90e2343f

SHA512
594fd4f387ff0438f6cfadb416f35af642e9235862dd827c0e1e162fdf6a0a2d06bc15d913a1ec9d0008e52799dd56c95d83e753aa023fe9dd4c913850bf416f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cb86408b19c17fbb36f1b2657fc13819

SHA1
4cc67333bd9b2d8a87476e9fd013dba7e450e686

SHA256
182b1ed9f08692ccac43add7dd2625faebd077f55c0d73b0b215084ec94e069c

SHA512
114380ee9f37e6c9bcdd232f65b5de45b6f9d3e4dcaa00a36cde5341c69f3cad9f21970b7ec932f19feb197d136061203b992ca6a7164bc05aae581ddc4a5a4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
508663cde083e940bee0eb0c75c43eb5

SHA1
007531f49c29a30a1a422168ae97f397d42a3971

SHA256
755dd3276b4157537ca054b2040dd4049f85acb7fbd566270e477c8d4fc22ea9

SHA512
c510bd1a0c10e84f9692f94d0094cb459d4c7e7607a520bfda628147c74f8520292b7c20aecf947911f36b9ac57c7f9117646160af0a743247bdebdc698f87de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0672f2d2a7996f23673326963974f2a9

SHA1
636d90c84e2ae6313d0ae4a12f1859a1412c52f9

SHA256
646d6896d4dab5ee39a4d72739438a5dd2f9063eaf4e2c687bf091390bb6cd8d

SHA512
4938794e99eb5955261355d41f592d096fde5bc9bcb5225a991b068a317c1f0ca0f6a6c972ce7380899cf05f063fdf388c3490b76c7de45c22a8ff4f3db7943c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
01561bda1f93582ab29be06078e064da

SHA1
52e093ad6c200620c2ed1bdeecbfcf919d73e514

SHA256
f3232dd6ba67a8c11b1c06f48637e32f8dd7398b485f99694716513939891a7e

SHA512
aaff64c6ea43986b69432186a1d90b21f9f0a5020adba525e30f2aff80729571ffac58e4f55cf16e37ed23d705f63878cd78d3f000d2ec756c4f3c818de916da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
462b9a1406f4363fd6a3884650317ac7

SHA1
e2766bdc6b2608a293bb1912d5550e460231c308

SHA256
8630e1628076312febb1909b91debe20d254d6b462f9babaa33b152325162fc7

SHA512
7e23a22331b4363d4c28f6987fb999199021b4853cc603d796e923caa70bb18e3c5b07aac3a7bc24c512cc29c2acba0a8b6ce486208ad89d20a4be1c7926bf3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
94749f275f7a3e93a65abde8f6c2c23c

SHA1
e520cec845a875a4274f20eda9fa690f056319bf

SHA256
38e46029b3a7e599a86a9f04b3b447535939008c61e7c10e765b5536709e4aab

SHA512
14d39cea88395d91216ce55b728f99cbaced81e60220bf933beaf4d46b450473c2b651bc0484f08f0d35191bf476ea51531c75f4a9dec49ccf07fdec4a33ac42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ce6139f25919c8e15801afa3fb28fc43

SHA1
8fe1e76d5455a5b620303a0b2ec0bdfee37ab151

SHA256
99d5264b5bb372315cefdf6e37eb998ffaab1818eeb03d8dc706c8154b3461da

SHA512
bca55183f2121b22afac18e2d14727b2a5201bc8d606b9e1ede96688c06638289b91d091344d8b5b15e8ffccda59ef7efc88645a02abb4c45e28ad453f554299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
36e55af4228f5e35abb333e72fcd6fc4

SHA1
7114e6c5cefcc9a485affcef2fcaa20b7aed530b

SHA256
8d71bb3347445b96bcc87524aecd513bbaf2729b03df2981d3a2b277ad6e0893

SHA512
facdd98ba8a46ae1a201692d0918ee83943b3228913a89ce6586b16af5874848f2290584fd43beba5e3780861204a6d3e2b7603230269ecd342253fe653a63f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6d23e71d9945d71e33611d827679d0ed

SHA1
9ee4260eba851a90be0a6a0b3041c58a83383cf7

SHA256
e7a7b2b7e604b8525671a55203d0bbe792b0c2c2f9f88c5355d55962ff88a033

SHA512
2ab6213c550e81b3404cf4debc9d6a391a7e96c8208558bb4d2df4f5b29b8ef8969c0879466413dba89ba7ba2cac7e2e0f4779764624a7a56d7fde43cb87eba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6f4fabe5b05f69fdf70f2bc3c1e355d5

SHA1
65476e13b1f69506cb1e7b7ccd7453f45a377bb5

SHA256
043809f9028878743beb398c899962a27c0cb70049fb77a8659827c8f00568ae

SHA512
cf6f7eab9b9a972beba137b26bed405b2a635fa64d6841a136f52b16b1872df58241217313a2f6ddb6507875cf25a4b547c27d03d03ea80e3e4dfc30756d172a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
34c26e2cbd85e3251f020281e884df54

SHA1
d19bc68898bc83fe659c67171e1deade214a19e2

SHA256
5092170bcd0f1b08fa87df9de1c634e5bc9cca341e14399a2c36237f0daeb4f0

SHA512
22c188b922498bcbbfc513c4e944a24453fed943ca96af66a20daed227303b3e810b1ba48756e7adaa9350ee64cbeaae04cb2c4fae03374ccce9c5143dde6134

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c7adad5cbd10e4d0f0a5d949bd1e0605

SHA1
aeeff8046a48b6b452b1cb00365d44c3c4a39784

SHA256
e9f0129bdfcffa5fcc7336889f235d8fa0f28d684bcdceda3dad0ad4f101ff32

SHA512
485fb61d640443650dc1b875bced6d8507283cb20ad9ceb2b24a060c9b646f1d46602cd1df87ae6c1f823d90b60db1fe48915209c688e0c1e796818f9cd18ca2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\eb58f1f1-b3e7-4af4-9671-2c1733ee03db.tmp

Filesize
9KB

MD5
149f2392225a97b13d5c32083db7a9ff

SHA1
c3af0102e28498f0c11a4046bdb02afbe56b5aa1

SHA256
3ac44e5598258dfb780802f3e19878e5f7ac27ed9117aed9e926ca40ad8749db

SHA512
c3a55850aa63fcf4ae4c13b7d62b03ef4b051c945f909d0553d7610e1ebd9266cc1ebbc2f704946b9263d253fc9deb388279be0c352a4ab55f40043ffeea7d5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
dd12d5092937970fc8557d6ab1025916

SHA1
a2a0a4cb19dd6ded66b738fc06545a4f6e187beb

SHA256
baa9e0830d3603c5b4eaf1904ef3f96768cedda9c74952506866e6d38a35643a

SHA512
f2c5fdb588de668bc06c59d07b1eae12b59e6486a1d2275979b2bdcb93bc7938fd309bfce303ddda7898c13f4552ae349d72bc2c20f158036d1b1d2acbcb8ae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
0741dd9a2f1706252dd97c8bca3233d4

SHA1
ca079a55200098c9d70ba0bec8f6ecb3f9fed28b

SHA256
cbfce227afae93e65852f1dfc8ad583da1b08530a67beb9eaeaa9f9829f0242a

SHA512
6946babeefc8d9b35a93a89404d4380a11da9346f328322ec4f7be1d2f6db81d2b620bbe2b4293f8fd5fa827c960bbc45f392450389c8efedddcf617e0338b4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
9fa39374bf8e7f5d62cdfcec23a60591

SHA1
01205e27354f76f5d38572feb8d6aa34b0949552

SHA256
4b8440ad23d0fdb57756cb0149a794285ea23afbe2b8e2d2a736c481fd6634de

SHA512
feb7ae4b82aa88879a5493efab00e86e927faa96cbc1be4ae6786bd0eaada0384e4d9e944667d90effcd1e32d72a9879740e3e9dd71c82c77f056663ab43818f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
292KB

MD5
b06be8359d2c348bc54a522534fa1bc0

SHA1
caf7b17904fb3e24f874bf70f56af98500a2eff5

SHA256
7cc2a51764353894cbada03189d5d473ea3a6d55f24e812e3df8c7c70c4aa2de

SHA512
6e071897b2838ab01711c09b2d71ed3f15105f0277c6cb70ca759efa9e545d16ff4449b323b6f65953028c98caeed4b62b58954916f795d426d2e713cf17a9bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
192231057e800163ef435811fd5f31c4

SHA1
eb599e07d03853cdd6954059a7f586976203d8ff

SHA256
b27d2ecbe74991c293f21e5c9be9c36f0dec23944cb1f6234b74ff8b7950182b

SHA512
0bc212019194adbbcccd161eec41f867ceecf34c0f804f010b2deed8dfac282a3733ad85c372d591f472190c7d917498fa0e596a59b34d2b27080622f61870f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
ea4c2251782cbf8655d26e69b52c6726

SHA1
93cdc81137518987227c1e5c5170f81c1fcbce04

SHA256
2f048b7a0b66be6c4dbbdb39f353c600ec3f1ca5787a1c116de6d322b7aeb1ac

SHA512
1e80c8985a59f7f7f2f6193d240cac1582e86f101537237adf1940578cf225a4a1967a3fad0a7651444e267572186a5f3a9886b151ead8c04871491900086c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
089d1208086ceba780dc1848c0c95b75

SHA1
e2679f077ce97dd2282b28652fc5fa2a509efb6b

SHA256
f0bbf30d4d53d5c1603b3647f72368768c668f58723031c2f133548f93f4b2b0

SHA512
306f30641d4dfc72730a6f9be17980c4a0f7c55d589c967bcf5fa11292270abc84cc4cc7cb36c61a96860d7ac589a91bd3cec18c32fd63aa9cd58653cb014895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
194fbf7a3da2fa95ab4e5d790dc4d9d3

SHA1
03dfd1fa8030df8d869d026c6ddd64eaf348fec7

SHA256
b001317db603b5d2491d048d502716c4eba63bbcf247354bdb3f7ebb16c0e72a

SHA512
49b8ac95e7edab719d715d11ce84a2d00488516edf8ff471be8c99735be3e39a6191dab534f3690ee4e4651d4c480d77f6bf55927d40787295d406a2b45efa89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
b32f471286bd39ba0f0c75d0540e7b1b

SHA1
ffd1fd299b57697d4e559a4f848ca1275f701d03

SHA256
707647b11d33e19771ce8c9d4a3020fbd743fa3bb1bc75ec080b83eee8e9be47

SHA512
9edfedb25642c976367150a0d21a490ce0e5aa2428c0384eb565b28013fd7581e4832833bb88992821043b049aeef9358e0234ca2ba68445f3c52ff77114308c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
7cf68d952a181cec856e66badc8cf306

SHA1
a384df436238f4dadf225d9484abbb3c93108749

SHA256
4b35ea3282013d57e275c0d91cb567975faa09791790bdfcb2ec7c080a6d12bc

SHA512
60fbc14130b3744f092ff80ce3e4899c16ba2ac10c3d7ad013cb804d0d14f0daa8a29b0fbf7eb6dd3e15501dbee40d9062ae76cb83b9853f80fb301bcedf641a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\first_party_sets.db

Filesize
48KB

MD5
5a1706ef2fb06594e5ec3a3f15fb89e2

SHA1
983042bba239018b3dced4b56491a90d38ba084a

SHA256
87d62d8837ef9e6ab288f75f207ffa761e90a626a115a0b811ae6357bb7a59dd

SHA512
c56a8b94d62b12af6bd86f392faa7c3b9f257bd2fad69c5fa2d5e6345640fe4576fac629ed070b65ebce237759d30da0c0a62a8a21a0b5ef6b09581d91d0aa16

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\!Please Read Me!.txt

Filesize
797B

MD5
afa18cf4aa2660392111763fb93a8c3d

SHA1
c219a3654a5f41ce535a09f2a188a464c3f5baf5

SHA256
227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0

SHA512
4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

Download Submit
C:\Users\Admin\Downloads\!WannaDecryptor!.exe.lnk

Filesize
590B

MD5
abb47707d94b16e006858dcda9eb4e06

SHA1
7a919ec222650ce74be3e860d1522c8b099ca0e2

SHA256
d336b4192e2710a27cee76b28681eb6778b8f8b3a8dc5872449e4e843bfdeaf9

SHA512
f84f648235ec86ac532d8cba51a9fbf5d9cbe9d83f2fc9fac2b6d5c2a615a2b5d7d82397755738d211409b8711d28feb137c1c437fa25c8715daffee3a758a24

Download Submit
C:\Users\Admin\Downloads\00000000.res

Filesize
136B

MD5
4cc3374489fad583f5f21b1b0779cb3c

SHA1
5aa6ee150b16a1fe4e60aeb3a64b296b8422d891

SHA256
7532ac1f464cbebe44959469f49e8322623dabb9f8a4247a24b89cd9fd449413

SHA512
8e712179f7423c3b9849beeac76644e421c68ea2fe5c0f4d59da75354034682400b3c4fcca14e1a4074a2bc82bd3154d25b6548a4bf2a0322c61dbbaad7dcda0

Download Submit
C:\Users\Admin\Downloads\00000000.res

Filesize
136B

MD5
9f22cc3a7a164c665d422eda15c6fee8

SHA1
9bfe4e5175a137e08ec579e6b3c522ff6525c91a

SHA256
2638e8b9b9b6ca134bd8b6bd2ed29772f7d27668d35b20df805e8bbb755cdf48

SHA512
c2269c576a0611fe396284bf8d1463b3dfbcd1e409c2b849c9a8fc3f377d3ab206e8d4145c39e9c395cdbdf4aaf2e61d2a093a52015388d1d849b6267fbd29e4

Download Submit
C:\Users\Admin\Downloads\00000000.res

Filesize
136B

MD5
20ac9c4f01ef62677825ee491c75bc3b

SHA1
d165b285da505d6291528b38b37fa3ef430b6475

SHA256
7df710e7126207c0f4e700810312c40df779bfda60424e9301ed33d443573baf

SHA512
fe78542ad6f58dc2183d87a6ed3e7cc58f18dfef880d2678ff446bfdd406c2359aaf89e872cf7f26c5ca30e92a4099a9b38e0ad57ef05e6cb90ddede079fd605

Download Submit
C:\Users\Admin\Downloads\72881727479277.bat

Filesize
318B

MD5
a261428b490a45438c0d55781a9c6e75

SHA1
e9eefce11cefcbb7e5168bfb8de8a3c3ac45c41e

SHA256
4288d655b7de7537d7ea13fdeb1ba19760bcaf04384cd68619d9e5edb5e31f44

SHA512
304887938520ffcc6966da83596ccc8688b7eace9572982c224f3fb9c59e6fb2dcaa021a19d2aae47346e954c0d0d8145c723b7143dece11ac7261dc41ba3d40

Download Submit
C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\c.vbs

Filesize
201B

MD5
02b937ceef5da308c5689fcdb3fb12e9

SHA1
fa5490ea513c1b0ee01038c18cb641a51f459507

SHA256
5d57b86aeb52be824875008a6444daf919717408ec45aff4640b5e64610666f1

SHA512
843eeae13ac5fdc216b14e40534543c283ecb2b6c31503aba2d25ddd215df19105892e43cf618848742de9c13687d21e8c834eff3f2b69a26df2509a6f992653

Download Submit
C:\Users\Admin\Downloads\c.wry

Filesize
628B

MD5
f1f447ff5895c67717d0a9a97e9d933d

SHA1
1738e6fd5b1e16396fc8c5407727b321b0600557

SHA256
8abd521f663d8797a804fe38d6244120ab14b092fe4a3613ba87394e37358c95

SHA512
20618dfccfe626eff598add21e2848ff491b0ef24017ab10a6202fce7eee4e78d3bf1d3d8831c9b01beb4eeaca0742aefbf34697608c7b413353d981819ab4f5

Download Submit
C:\Users\Admin\Downloads\m.wry

Filesize
42KB

MD5
980b08bac152aff3f9b0136b616affa5

SHA1
2a9c9601ea038f790cc29379c79407356a3d25a3

SHA256
402046ada270528c9ac38bbfa0152836fe30fb8e12192354e53b8397421430d9

SHA512
100cda1f795781042b012498afd783fd6ff03b0068dbd07b2c2e163cd95e6c6e00755ce16b02b017693c9febc149ed02df9df9b607e2b9cca4b07e5bd420f496

Download Submit
C:\Users\Admin\Downloads\u.wry

Filesize
236KB

MD5
cf1416074cd7791ab80a18f9e7e219d9

SHA1
276d2ec82c518d887a8a3608e51c56fa28716ded

SHA256
78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

SHA512
0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

Download Submit
memory/4012-1183-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download