wannacry | 9463c02624b207f4ab12a90bb3c7a9a6428d39f3be78c596e300be1bd77f7ec3

Resubmissions

04/10/2024, 16:36

241004-t4ddksyfpf 1

03/10/2024, 18:46

241003-xemsha1bkl 10

Analysis

max time kernel
53s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 18:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RobloxStudioBeta.exe
Size

149.8MB
MD5

bf935054472f1149f633be25ed660c69
SHA1

5a0756b269383cf8828806c798fc19781f514046
SHA256

9463c02624b207f4ab12a90bb3c7a9a6428d39f3be78c596e300be1bd77f7ec3
SHA512

7b7a546c056ecf7176adb4f4d2b60ee4fc4cc8d2ccb5b464dac1511b133d215c7560ab1e70fe74f03c26735308fe68bbdf4d007469adee25d1d9a6776a75c5bb
SSDEEP

1572864:wOh9o9Bo3syMsjkzouLK+BNtFijx2U/63IgWF9rH9i:pd3xMsjkzJ5/cjx3d5HH9i

Score

10^/10

wannacry defense_evasion discovery execution impact ransomware worm

Malware Config

Extracted

Path

C:\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2376	icacls.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Interacts with shadow copies 3 TTPs 1 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

Direct Volume Access

T1006

pid	Process
896	vssadmin.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2712	chrome.exe
2712	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 2724	2712	chrome.exe	33
PID 2712 wrote to memory of 2724	2712	chrome.exe	33
PID 2712 wrote to memory of 2724	2712	chrome.exe	33
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2500	2712	chrome.exe	35
PID 2712 wrote to memory of 2524	2712	chrome.exe	36
PID 2712 wrote to memory of 2524	2712	chrome.exe	36
PID 2712 wrote to memory of 2524	2712	chrome.exe	36
PID 2712 wrote to memory of 2556	2712	chrome.exe	37
PID 2712 wrote to memory of 2556	2712	chrome.exe	37
PID 2712 wrote to memory of 2556	2712	chrome.exe	37
PID 2712 wrote to memory of 2556	2712	chrome.exe	37
PID 2712 wrote to memory of 2556	2712	chrome.exe	37
PID 2712 wrote to memory of 2556	2712	chrome.exe	37
PID 2712 wrote to memory of 2556	2712	chrome.exe	37
PID 2712 wrote to memory of 2556	2712	chrome.exe	37
PID 2712 wrote to memory of 2556	2712	chrome.exe	37
PID 2712 wrote to memory of 2556	2712	chrome.exe	37
PID 2712 wrote to memory of 2556	2712	chrome.exe	37
PID 2712 wrote to memory of 2556	2712	chrome.exe	37
PID 2712 wrote to memory of 2556	2712	chrome.exe	37
PID 2712 wrote to memory of 2556	2712	chrome.exe	37
PID 2712 wrote to memory of 2556	2712	chrome.exe	37
PID 2712 wrote to memory of 2556	2712	chrome.exe	37
PID 2712 wrote to memory of 2556	2712	chrome.exe	37
PID 2712 wrote to memory of 2556	2712	chrome.exe	37
PID 2712 wrote to memory of 2556	2712	chrome.exe	37

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
2408	attrib.exe
1436	attrib.exe

C:\Users\Admin\AppData\Local\Temp\RobloxStudioBeta.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxStudioBeta.exe"
1⤵
PID:2228

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5de9758,0x7fef5de9768,0x7fef5de9778
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:2
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1392 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2328 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1668 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:2
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1560 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3168 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3108 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3324 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3700 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2848
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fb27688,0x13fb27698,0x13fb276a8
    3⤵
    PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2752 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3468 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2864 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2436 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3124 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3088 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3128 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2420 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2640 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2344 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4204 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2024 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4448 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4156 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=2320 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4344 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=2640 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2060 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4124 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4840 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4084 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2728 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=3844 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2464 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4320 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=2900 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4596 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
  2⤵
  PID:2936

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
1⤵
PID:3008
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - Views/modifies file attributes
  PID:2408
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  PID:2376
- C:\Windows\SysWOW64\cmd.exe
  cmd /c 153531727981350.bat
  2⤵
  PID:1684
- - C:\Windows\SysWOW64\cscript.exe
    cscript.exe //nologo m.vbs
    3⤵
    PID:352
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  PID:1616
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - Views/modifies file attributes
  PID:1436
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected] co
  2⤵
  PID:1912
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    PID:2796
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c start /b @[email protected] vs
  2⤵
  PID:1788
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected] vs
    3⤵
    PID:2200
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
      4⤵
      PID:2264
    - - C:\Windows\SysWOW64\vssadmin.exe
        
        vssadmin delete shadows /all /quiet
        5⤵
        Interacts with shadow copies
        
        PID:896
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        5⤵
        
        PID:2304

C:\Users\Admin\Desktop\@[email protected]
"C:\Users\Admin\Desktop\@[email protected]"
1⤵
PID:1284

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Privilege Escalation

Defense Evasion

Direct Volume Access

T1006

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\@[email protected]

Filesize
933B

MD5
f97d2e6f8d820dbd3b66f21137de4f09

SHA1
596799b75b5d60aa9cd45646f68e9c0bd06df252

SHA256
0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a

SHA512
efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

Download Submit
C:\ProgramData\Microsoft\Windows\Ringtones\@[email protected]

Filesize
1KB

MD5
3f0a07e26a7b3ad3afbcc9f8d9b38fc6

SHA1
7a1a5f9122246a30d92791132681a420e469d840

SHA256
e5abd001186eb616a737540c1969a0f938c3bcf872f7b10581a9b8ad802b6765

SHA512
8a281cdefe8e2ec7dfeaa35f817933033f0232692db1aaf3e2aa450ec17400950f90784254e82cdeefebfc63a59197f7aaf3f352af6cd87d46449ef6d8d12aad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20026dd3c91de6aff626e8806df96c46

SHA1
462d8248e910c5b273c5afa5f51b14e55c53820a

SHA256
653810782e0da3cb026511e381b164c3dfe8bde694da44b0a6fcae8ba572701f

SHA512
0af48361bf702579e86bc9c1ea0b6d9174070e13a47e404f60851bfd76e00e75728ce0248ab293c30a601d66606a1f371e445cb397c1d1c1bf7c2d9cea005ccd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab7722155b4533617f79ed6edb90d1bb

SHA1
1ef2577f7494cffba179a9268441582b7ec91877

SHA256
275dcddf549d7f68fe687b2e72eec7d50a80e6485fb9fac95d05952607fadf05

SHA512
aa9f51f9e26a2b14577c3aa65a8d576aa782b136528656a86b15197ac08bc78454a6735876045a3efa0a298f4825a041b7926035adb33b5b2edb68c38d59f16f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e0d4a865daf56ce7830b320169bd026

SHA1
d988e44adda7854cc2b268bd41067ff54f08ab97

SHA256
a8da8ab75a787616b5cee2114006c82403e8b69ee2176e9862f1900845e2efc1

SHA512
dd3213ac12d1f0f1c2b97003b5449144fd8e5048546126f93ce72ad269f54a6d159e909829ea0104bd9dfb4f880d4114b5a33c91d9beb8d03273e2ed796f2c72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73cb70879043edd9f19e26d7e8dcef8a

SHA1
c210e08131fc4e4625323bc9159c6bf5b49d9743

SHA256
d87ac3e5279bdee589e42b783289692bb476f57b76c2c2dec32fa0170660e916

SHA512
4f63a2f3ff60e07bdea542da28748ef9e9191faadb4db834adc38386180bde65a0182d76f327e41b25622c8ed982d581c32cf0f5bb536e79dd4fc60eadbf78b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e8413a8aec464afb417e9dbb6f467d1

SHA1
6281c92896b1a37133b4717514573ec39e08daac

SHA256
685b1bab17af01c8ffe013677d0abcaf5bbc5afdb9641c9cb59605c84ce09a70

SHA512
367cc58c48fab4ee2fdea4537375ff56f1ca7e8ec511ecaf4f96645080890b6ec8400ea48acd3e8207a987f32ac47aaec122d68cc7cd4ad86b2a796052128557

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
417b641796b941619542ffe6afcb0190

SHA1
152e394644f7f44e1e8bdedd6021aaaf299907ae

SHA256
c22353bd8191adb11a8d4892aa6f51ef09ac1a9ba51fc9881562aab3b16ed8e8

SHA512
e36bb79ce96f9d4cbf89f4fdf062227a1a884f1ac2bcdad99c99c6c5e3c7961c1221918616455fe62967d8beaa105a4529318d330d9b3961906b316255eee8c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9d1692f627998ba2da3ea324286fd3d

SHA1
2756938e0457fff5b52c79f345bda59e7e3fc2f0

SHA256
4cbe8cbc0ca1d3d2c8463e7ea7b8732a74eaf8ca7d4847a6880e897e10b09d7f

SHA512
adc05be160c0590bf2b61ae306331948c7e306038d210639151c524a084986b0ca7429071ce0815335a265c572f43823a9c2a83918ae956d903ea612b02d1b8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc2c17da3a9cb84c70061a62acdaeb42

SHA1
18a3d087ec822d28aa7be367a4c38df767679eb8

SHA256
ff37cbd9f0f1b059ff51e22f20603ab8fc2da9d1d53b4308dfb326df9925ce61

SHA512
95ce4d6adc015a550f699ffe1e9e18f415dc0ef552fc097fc9af71fa6603b2f7661754408447b5cdc387b8abad12fb7f8020446774c99be09ff2706ea9d770fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d14d03a731593e25cd74ad568c41f8e

SHA1
4f7f46f10495d3a7ac290e7deb20f8cac2e7d4ac

SHA256
5e5a568fb81b7795c5e43ebe8ed07fe75304b91a40b7407b5bb7c850bcd735f1

SHA512
a0d7426fea3f7a330a9479f4eef4f90e87798155e5dad1b4ad25952a475602d319a43f80582501f0b6113c240811912a9e5724d1d0512d217f0ad8d718474fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
62KB

MD5
9666d74b18f57389ee2d3dee5073f71a

SHA1
1830bc2670e616a1da1af27157159e6677a5ad63

SHA256
6fcb1e788f9a12b8ad937172802c41475f2180906db38d6507a3af6a2b721cae

SHA512
69ea6d6080b3ac00f4c4fcf9e00c9e16bd2c3373073f7dde3b1735fabeaaed1e7f8b76113e5ed2b9df08d089ca33ec367c595312f0c2f6e0fbad364464bc989b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
72KB

MD5
c5c312a730a261e57371ec11d6fd6ebc

SHA1
9c0fa471e2457f50f60d31cc05af216a683e90bb

SHA256
c49918b49d91dacecf158cbcabd34ad27e042a5e7328aeb86e93c398176086b5

SHA512
24eaf878b58ba6728dd33775a079e1cd21ffd8ca0bce567b92f7fa8f71a53e735d5e5aae0905e88d467aaf87eee37919709dea52c3142ea2ca55fd7ee729e6c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
418KB

MD5
d21057144256bc23c6ddafbd508d3b4d

SHA1
ee7ac2f0f4aa7c75ecee7309a6e3cc85dc2d877b

SHA256
c0ebdc187e343dd9a2d0d4bb388a3c7d5cff70409487e0c5cf8caf90230131c8

SHA512
bb169d2613b18de616a601dd6b2b13458d6d165dfcedcca09102d35665019cf2aaac3f360d0d110567068bfaf4fc298310f0fe9bebd3f04f441d090d00b7d8cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\04294a9e50a9152f_0

Filesize
3KB

MD5
ed8b582f31f4d14cfc5dac0116230f22

SHA1
fd378e9a40540c5cfa2d5507c7e0837f01eaac60

SHA256
73eb69d98ade8c632b60d1275f4450e458378d42864c453938e01d8d38ca7929

SHA512
80d6205971a2d50e3a27064c45b05d06ea5549f988692953f505a5e107efc5e1ffc2d83655a8ff3caab3640b131423b8f72de753077eb1d0523dbee445b71f05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1199ade758ba9451_0

Filesize
1.5MB

MD5
0041e187bb78eead432f42888336c4e1

SHA1
d2bc5590f3b5371ff317884092907ab0330a2a36

SHA256
7f67bbae79c414bbb2de296dc30a9e48e2e2f8ab801f42fb351eed2745f4e99f

SHA512
2bc9c9c62a04c63111415794405c5839961e5708bda56f52d627c0751bea11184750902af8df41a7367c51fe36d8514dca8efa054d00ed15eccc74dab8506eb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\777aa18d7ac091fb_0

Filesize
242KB

MD5
9315f6ba3f1c1ea6f8a731afe2e05f52

SHA1
316a3b08bca1c281f84e8946f79940fae5925a7e

SHA256
0cdb63d5f45542446eb6b2a65c2261ae13c629ab95b367408473e28cf4ac6840

SHA512
0ae5565fb1e8988db1c696e261d4beb3f625fcb079d705f52f18e35e96c9c69678c606564601b1670546c2eab96d7644ea3c0dccb15c0315b391eba0b3ff3a1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c91dea6515372629_0

Filesize
352B

MD5
7c725734ae6cc00b1215ba87b52c8aab

SHA1
dfa036b82572b471f822e11d3d1d0eff4d7fedde

SHA256
5721b31d8020a1e14b21652b5b38f414cabc1e301963c7f66119fb2624ed1b50

SHA512
98c58975a8565ed61c52a746df573a1c1642a5de923d4e50aa0aa5c75ebef59222bbef14535e301c80b67be2d0337b53b13b580b0cd8fa9a5797850948ce5adb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
95c8ae9f4050e70fcc3bcccd3deba21f

SHA1
0482c4a1c27e78a26e18967ba2775e07d646744c

SHA256
2f7a228e144146e7a78394d6d2fb515799fce9a7ccecac71ecac092a093b7ab5

SHA512
82b6f7f9f13e328d8e62c0557c5f12c6906a0a1697154b4fca1c46d342f1519082568087df4ade46114a1cc2592ce4c2cd15c0f8a6f007c53064a9ce0ae3c3b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
526B

MD5
9288078d8a4733d13a17cfb46ac13054

SHA1
52c6e5f41a077f6074ed8d5c6588e2b812659e9d

SHA256
c164e3326e2cf4353d096426721d9d98e0f50b89bab929d1c66af6c4405e7836

SHA512
83af0fed57f5ddf594bc8e76328c7987012169617c7e461e0f41dba219116f3f33dcea4714f167140f0ffc590caacd791edfe0ce6579d3f1af28adb77c79058e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1016B

MD5
e6478d2c01141fc9161d79b917010acf

SHA1
9b61a4055464508bcf3115a2eba4f1c5c1d50c68

SHA256
22478c19834f410095986dbce31ff4a4bfef98294f06ea799d1c110dbb11fd45

SHA512
55934e8a4b50b732ee9bacf218d367ae59c45822d984f92664f97484b939605dee84ebead386465cff50047f436160dfc05092c1b3077fbc65727813c20eba2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1b8a8e6e741cb52728f1aeab5f1f9a90

SHA1
1ff88fabc23732894a479c3de41ce8adfd22e4d5

SHA256
e50725b01512c5cf27fc9966d84b69e1bfb38df9ecd40aacc3efd0ee28133b28

SHA512
9868934e4ff08a5f52f932f91bd1a231036ba2e85cbb337d6d7490dbdecfcb7e85b26d3cc7f909f606e108defa7608a1cd73a435b4526deb45beeee7f475da8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
1a3de0168d6c0a7d01bb1fd2fe8eb52b

SHA1
99f4f93352dafa421611f16a2ccd32cbf9ea8821

SHA256
a6367c4b9f8da342ea73de11f547ee2a611f08602e4ca3da2e95a530d60da921

SHA512
e8b80c8f788cac4183aea5fe696723cbd6f0bdff27373f55df996db03d6b77f897606c3b771a0aa6d6f6a07205902a1a9c541c9c82a3d2ed340c7132f87aa8da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1016B

MD5
3b573e62cbff62710421bc81b0997480

SHA1
74ca9629b90802b621a0b7d21013aa0c0b4da17d

SHA256
ce821a6f6189bf6a9a65b4f79f38ed9ba37d59457c2f22b57771c835798475c5

SHA512
7a08fb10e23b7f46d0efa9b8d731dc54e24f9edcd22d76905c95982119865d77462a198c1b4d9df6364b473415ed385b3c066d52b213d382b734b595708c0a22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1016B

MD5
bca68d5fc709852b507795c229db16fd

SHA1
235f947a34d4c6b4cd9e269f351f43b9d644a4bf

SHA256
a2518903fe217548553b91641d18e1885e7e19157ea2ea18d9c94bce225bad12

SHA512
bd30186d796dda176cf8d2ed57aa8b907cee0f67a9d79a8b41cf3d1a1a453b2f5498ed5aba93188ad1cb3e1e0014208e01826035c4284cc592d8b889208dcd0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
97d715c385478328bce870a07891801a

SHA1
af09aed9bcca066123d0933b9c4f705672d3726a

SHA256
ff04f47b3cdde56ff5697fe074c6530de9bb8c6a26a8b08799165768d5d154de

SHA512
a38d4fdae7223d3f5a3ccfd5c961a2c3d19e9932b7ea9fad0f75e7c8772c2e13b57ed484299c4004582b8a5466d89dc7f901f316565d4a28714d84946c9566dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a903830fbe9cfc565fc00558ca69dde8

SHA1
70d1a188abad3ada7ac04d8c79633606b052172f

SHA256
1a02d85a70bf956a33f6e50ca052749a925f4d39e1d928537dfeedd08d574d95

SHA512
cd05de2216d578dd61735307385e6ef65d01ac4e3bc4892211f4a8bd04faaabe4a6407a7279a755e05edfc72fa14b717af0096791d685cd80eaaef686a3c70d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c30d9889f52f03199dfb182d3c594acf

SHA1
6f5764c1bd43f33a3a70d38fed79cb5077e0e253

SHA256
1cebbf680d1ce33248eef19f0a42da68b2a71965774e6761be20212188626e97

SHA512
f27ded259ca4bfad1c6e5e25a2769af9687205bfa48569d3b89ad26d4795d3d5acd175b8b8ec49906d14055dc6c825d7646145335217e8facfdf70fe113378df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
65c783a2500907298c074aac674acdf9

SHA1
80a00a26d8203b56f5a69b62e53f11ef80de573b

SHA256
b522da7ea82e3b7db6134c335c0d68930764a7f60c9234114485853ac8b7906b

SHA512
dcc6791b33f20bc1fe31511861a7c05d2195da0248a25b7ab8310c86d240da4abf0872985a69fcfce718d14dd71b04c08b30130a70ecdeab751aebe12beb5a40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
47af485a8cbacd66d96f8d035c66afdd

SHA1
d706183741dd3d705973d5f4cd59a608ab6c48aa

SHA256
7a06e22df45b2c96434419b643ab5aeb1e5ea4eba06302cf37da8eef64439766

SHA512
fef822478e3a89e0d3ed50f3e17633e3bbe568f9ab81b799ee377e13cb02b5365a3635b32333ee2084951d5e536e590341509d6c6e0ba29cb4b29a7d8f837d67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2d2bf47986952f23e7b6588aee9fe9ad

SHA1
fff946d4cd4830eded8125150b8bbd60b1ed8d80

SHA256
754e424083f7e1bda7362872d00cf5485db4279d1a4867ee474875f343535923

SHA512
39cf6a6439ed93e93cd68db3099ee9b1c01c89b18458278117e1fe28b0748c5fa2a3ca216c4854e89efcb5e49e0356efbaf5123883b08fb1aed1943041ebf437

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\logo

Filesize
48KB

MD5
c0bb58a52af1c3c657749681c9982766

SHA1
6e6c03f0feaafe6f48a108e1e8fb7556ec0fc611

SHA256
58fa9aa8243e0316a1b27eb3d92c4e52b9b0545468934ea3e4479f5ff150018f

SHA512
be84af420676a420de36cc019296756825f11d2c257381f7ac47d434d443548fbce736cf0bc833e41651beafabf385a27406d1e1b3e0c704403f608e0bbb4020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
341KB

MD5
5a4c0f3b1b4a882eada482abe85df2f8

SHA1
deb89ddb356099cdb27e7b2a709c5537a98354bf

SHA256
5e2e51e8230af264b1a343440075e615230ea50be28dc9cbb409f469237fb71e

SHA512
9722d8963c755133f3a1430f5f0f5f069ae90e59785ac51d70cbbae0d1b8d22b0c56151a0e6997121a4d4b8e7dd32008f6fe0fd87e99e1706a027cf99f0c10e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
341KB

MD5
b3ff6726be4e6f9cd288ce3099148b91

SHA1
a8675cc513737c68086d79e5bb72dd5968781153

SHA256
ddbf984c1c436df15f087979883401e5a328a874a27badfea08797a21ad77930

SHA512
3fb116cbc41f1aee5460e8950c38c7e3c361e510add2b717177c864910488c29918d1753fa5fc6dd8dfbba2cee1d37570220ebdb04138b94db5e99c1f29b72d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
341KB

MD5
b4098d68e5430428759d11c2e52da3bb

SHA1
1833fafccef0af8aaf771af6571e594bc9208df8

SHA256
2fcd7e007c59d982c4cd9b9bfa66593d3d781ab926d2107ab4eb4c23b3fcc956

SHA512
aba75d9af904551f2ec746297ee6947b85c627a34c802ebce3b4370078cc6b070eb85b44dd48c21c4cb2ffb374562d2dbaddb29443b61d9b0377d6b09f522081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
78KB

MD5
2ef3f4547f9b4be6b74436fb2b9fb036

SHA1
9aafd53b1ab902ad22b1d7934d7182ecce88298d

SHA256
c0b9b646668bea527581baa78ebb3ef8a51fe84498454dd454ed26cf6b074aa7

SHA512
b62001ae7eedcc11f004d26766c7d4fd8d23fb97e6b70396ac3647314569b26486ed1c244fc2c929f6c4fa92e61dc354eff1d37c6989e605a9293f1c29113f39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
76KB

MD5
363a58e6d06b79e2cdf6a7a5567abbfe

SHA1
28be6c44ef7a08b2de6e277daf38d66b5ae54c95

SHA256
4ef8cb6324500c9cce8e3cb4d7ce1819f03bc6de8ee86fc81601f1731d6299d2

SHA512
1e65496eeaab4d45571d9f0d4b63c9e8e6c8dc6d0dcd08a973b3c97f23791e4e8c9349d580b2ed790488f2f5db83989d137a9ca667f9ffa3dbc4ccfdae8c4048

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3297.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar32C9.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\153531727981350.bat

Filesize
400B

MD5
ab68d3aceaca7f8bb94cdeabdcf54419

SHA1
5a2523f89e9e6dde58082d4f9cf3da4ccc4aae26

SHA256
3161fdccd23f68410f6d8b260d6c6b65e9dfb59ef44aef39ebb9d21e24f7c832

SHA512
a5de5e903e492a6c9bcf9fbc90b5f88a031a14fca8ee210d98507560290d399f138b521d96e411385279f47e8de6a959234a094e084c2e7e6c92c0ea57778f64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\b.wnry

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\c.wnry

Filesize
780B

MD5
383a85eab6ecda319bfddd82416fc6c2

SHA1
2a9324e1d02c3e41582bf5370043d8afeb02ba6f

SHA256
079ce1041cbffe18ff62a2b4a33711eda40f680d0b1d3b551db47e39a6390b21

SHA512
c661e0b3c175d31b365362e52d7b152267a15d59517a4bcc493329be20b23d0e4eb62d1ba80bb96447eeaf91a6901f4b34bf173b4ab6f90d4111ea97c87c1252

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_bulgarian.wnry

Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (simplified).wnry

Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (traditional).wnry

Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_croatian.wnry

Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_czech.wnry

Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_danish.wnry

Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_dutch.wnry

Filesize
36KB

MD5
7a8d499407c6a647c03c4471a67eaad7

SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_english.wnry

Filesize
36KB

MD5
fe68c2dc0d2419b38f44d83f2fcf232e

SHA1
6c6e49949957215aa2f3dfb72207d249adf36283

SHA256
26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

SHA512
941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_filipino.wnry

Filesize
36KB

MD5
08b9e69b57e4c9b966664f8e1c27ab09

SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa

SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_french.wnry

Filesize
37KB

MD5
4e57113a6bf6b88fdd32782a4a381274

SHA1
0fccbc91f0f94453d91670c6794f71348711061d

SHA256
9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

SHA512
4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_german.wnry

Filesize
36KB

MD5
3d59bbb5553fe03a89f817819540f469

SHA1
26781d4b06ff704800b463d0f1fca3afd923a9fe

SHA256
2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

SHA512
95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_greek.wnry

Filesize
47KB

MD5
fb4e8718fea95bb7479727fde80cb424

SHA1
1088c7653cba385fe994e9ae34a6595898f20aeb

SHA256
e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

SHA512
24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_indonesian.wnry

Filesize
36KB

MD5
3788f91c694dfc48e12417ce93356b0f

SHA1
eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

SHA256
23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

SHA512
b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
12KB

MD5
ed2cffb54cd70a044117aa2538a440cf

SHA1
66d1c3a97d6728eed06fde72f1628990dd9b1a2b

SHA256
ec8c95ee427cd0d09fb3c30ad2e86285755bb3eaad12f6c1290963dd622ce153

SHA512
60702eaf453c832885db5d3f50cd2d080d3ddfd539c8b8d3d819ce86d3ea6925fbcc8fdefba51f1cad85fa85b47492107d0ea4fd453c10259780cc808e0cbe7d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms~RFf77e08f.TMP

Filesize
9KB

MD5
1c4e28723b3d862a7cc4f8c7f9963b0f

SHA1
d529b7d811bbc44e06c2c9203c811fd54b90a7ce

SHA256
4c0c458b52d8fba75db6e7b9225e61f3997b65a4b7971923276fee15cef6eabd

SHA512
d47bd9aae38199572e873961b5228e246ca08ccd4a9b8124a0263c66f3dc063abc5d3c73c5b3de713c4ddf52e34e6ae87f2958679beb51c60493ad0597f6aee7

Download Submit
memory/2796-2170-0x0000000073EE0000-0x0000000073F02000-memory.dmp

Filesize
136KB

Download
memory/2796-2168-0x0000000073FA0000-0x00000000741BC000-memory.dmp

Filesize
2.1MB

Download
memory/2796-2171-0x0000000000CD0000-0x0000000000FCE000-memory.dmp

Filesize
3.0MB

Download
memory/2796-2169-0x0000000073F10000-0x0000000073F92000-memory.dmp

Filesize
520KB

Download
memory/2796-2167-0x0000000074240000-0x00000000742C2000-memory.dmp

Filesize
520KB

Download
memory/2796-2184-0x0000000074240000-0x00000000742C2000-memory.dmp

Filesize
520KB

Download
memory/2796-2183-0x0000000000CD0000-0x0000000000FCE000-memory.dmp

Filesize
3.0MB

Download
memory/2796-2185-0x0000000074990000-0x00000000749AC000-memory.dmp

Filesize
112KB

Download
memory/2796-2186-0x00000000741C0000-0x0000000074237000-memory.dmp

Filesize
476KB

Download
memory/2796-2189-0x0000000073EE0000-0x0000000073F02000-memory.dmp

Filesize
136KB

Download
memory/2796-2188-0x0000000073F10000-0x0000000073F92000-memory.dmp

Filesize
520KB

Download
memory/2796-2187-0x0000000073FA0000-0x00000000741BC000-memory.dmp

Filesize
2.1MB

Download
memory/3008-1260-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download