Analysis Overview
SHA256
9463c02624b207f4ab12a90bb3c7a9a6428d39f3be78c596e300be1bd77f7ec3
Threat Level: Known bad
The file RobloxStudioBeta.exe was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Modifies file permissions
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Browser Information Discovery
Views/modifies file attributes
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Interacts with shadow copies
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-03 18:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-03 18:46
Reported
2024-10-03 18:49
Platform
win7-20240903-en
Max time kernel
53s
Max time network
145s
Command Line
Signatures
Wannacry
Deletes shadow copies
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\vssadmin.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\RobloxStudioBeta.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxStudioBeta.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5de9758,0x7fef5de9768,0x7fef5de9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1392 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2328 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1668 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1560 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3168 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3108 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3324 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3700 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fb27688,0x13fb27698,0x13fb276a8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2752 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3468 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2864 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2436 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3124 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3088 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3128 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2420 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2640 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2344 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4204 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2024 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4448 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4156 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=2320 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4344 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=2640 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2060 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4124 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4840 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4084 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2728 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=3844 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2464 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4320 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=2900 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4596 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1512,i,10213454831334664038,419410530632085858,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\SysWOW64\cmd.exe
cmd /c 153531727981350.bat
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Users\Admin\Desktop\@[email protected]
"C:\Users\Admin\Desktop\@[email protected]"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 142.250.187.234:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.68:443 | www.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 216.58.204.78:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 104.18.37.111:443 | sourceforge.net | tcp |
| US | 104.18.37.111:443 | sourceforge.net | tcp |
| US | 104.18.37.111:443 | sourceforge.net | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| US | 104.18.95.41:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | a.fsdn.com | udp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 104.18.40.209:443 | a.fsdn.com | tcp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| FR | 185.93.2.8:443 | cdn.consentmanager.net | tcp |
| US | 104.18.33.97:443 | c.sf-syn.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | j.6sc.co | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| US | 34.117.77.79:443 | ml314.com | tcp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| GB | 2.22.249.39:443 | j.6sc.co | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 34.117.77.79:443 | ml314.com | udp |
| US | 8.8.8.8:53 | c.6sc.co | udp |
| US | 8.8.8.8:53 | ipv6.6sc.co | udp |
| GB | 2.22.249.41:443 | ipv6.6sc.co | tcp |
| US | 8.8.8.8:53 | b.6sc.co | udp |
| GB | 142.250.187.194:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| IE | 99.81.250.169:443 | dpm.demdex.net | tcp |
| US | 8.8.8.8:53 | a8271d53db29cfed71755debef6684eb.safeframe.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | a8271d53db29cfed71755debef6684eb.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.201.97:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.201.97:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.200.33:443 | a8271d53db29cfed71755debef6684eb.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 216.58.204.65:443 | cdn.ampproject.org | tcp |
| GB | 216.58.204.65:443 | cdn.ampproject.org | tcp |
| GB | 216.58.204.65:443 | cdn.ampproject.org | tcp |
| GB | 216.58.204.65:443 | cdn.ampproject.org | tcp |
| GB | 216.58.204.65:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| AU | 142.250.70.163:443 | id.google.com | tcp |
| AU | 142.250.70.163:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.187.206:443 | encrypted-tbn0.gstatic.com | udp |
| AU | 142.250.70.163:443 | id.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.16.227:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.16.227:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| DE | 134.119.3.164:9001 | tcp | |
| US | 154.35.175.225:443 | tcp | |
| RO | 185.100.84.212:443 | tcp |
Files
\??\pipe\crashpad_2712_NLXTJRMXFUIYVFTO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Temp\Cab3297.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar32C9.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1a3de0168d6c0a7d01bb1fd2fe8eb52b |
| SHA1 | 99f4f93352dafa421611f16a2ccd32cbf9ea8821 |
| SHA256 | a6367c4b9f8da342ea73de11f547ee2a611f08602e4ca3da2e95a530d60da921 |
| SHA512 | e8b80c8f788cac4183aea5fe696723cbd6f0bdff27373f55df996db03d6b77f897606c3b771a0aa6d6f6a07205902a1a9c541c9c82a3d2ed340c7132f87aa8da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 47af485a8cbacd66d96f8d035c66afdd |
| SHA1 | d706183741dd3d705973d5f4cd59a608ab6c48aa |
| SHA256 | 7a06e22df45b2c96434419b643ab5aeb1e5ea4eba06302cf37da8eef64439766 |
| SHA512 | fef822478e3a89e0d3ed50f3e17633e3bbe568f9ab81b799ee377e13cb02b5365a3635b32333ee2084951d5e536e590341509d6c6e0ba29cb4b29a7d8f837d67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20026dd3c91de6aff626e8806df96c46 |
| SHA1 | 462d8248e910c5b273c5afa5f51b14e55c53820a |
| SHA256 | 653810782e0da3cb026511e381b164c3dfe8bde694da44b0a6fcae8ba572701f |
| SHA512 | 0af48361bf702579e86bc9c1ea0b6d9174070e13a47e404f60851bfd76e00e75728ce0248ab293c30a601d66606a1f371e445cb397c1d1c1bf7c2d9cea005ccd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab7722155b4533617f79ed6edb90d1bb |
| SHA1 | 1ef2577f7494cffba179a9268441582b7ec91877 |
| SHA256 | 275dcddf549d7f68fe687b2e72eec7d50a80e6485fb9fac95d05952607fadf05 |
| SHA512 | aa9f51f9e26a2b14577c3aa65a8d576aa782b136528656a86b15197ac08bc78454a6735876045a3efa0a298f4825a041b7926035adb33b5b2edb68c38d59f16f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e0d4a865daf56ce7830b320169bd026 |
| SHA1 | d988e44adda7854cc2b268bd41067ff54f08ab97 |
| SHA256 | a8da8ab75a787616b5cee2114006c82403e8b69ee2176e9862f1900845e2efc1 |
| SHA512 | dd3213ac12d1f0f1c2b97003b5449144fd8e5048546126f93ce72ad269f54a6d159e909829ea0104bd9dfb4f880d4114b5a33c91d9beb8d03273e2ed796f2c72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73cb70879043edd9f19e26d7e8dcef8a |
| SHA1 | c210e08131fc4e4625323bc9159c6bf5b49d9743 |
| SHA256 | d87ac3e5279bdee589e42b783289692bb476f57b76c2c2dec32fa0170660e916 |
| SHA512 | 4f63a2f3ff60e07bdea542da28748ef9e9191faadb4db834adc38386180bde65a0182d76f327e41b25622c8ed982d581c32cf0f5bb536e79dd4fc60eadbf78b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e8413a8aec464afb417e9dbb6f467d1 |
| SHA1 | 6281c92896b1a37133b4717514573ec39e08daac |
| SHA256 | 685b1bab17af01c8ffe013677d0abcaf5bbc5afdb9641c9cb59605c84ce09a70 |
| SHA512 | 367cc58c48fab4ee2fdea4537375ff56f1ca7e8ec511ecaf4f96645080890b6ec8400ea48acd3e8207a987f32ac47aaec122d68cc7cd4ad86b2a796052128557 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 417b641796b941619542ffe6afcb0190 |
| SHA1 | 152e394644f7f44e1e8bdedd6021aaaf299907ae |
| SHA256 | c22353bd8191adb11a8d4892aa6f51ef09ac1a9ba51fc9881562aab3b16ed8e8 |
| SHA512 | e36bb79ce96f9d4cbf89f4fdf062227a1a884f1ac2bcdad99c99c6c5e3c7961c1221918616455fe62967d8beaa105a4529318d330d9b3961906b316255eee8c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9d1692f627998ba2da3ea324286fd3d |
| SHA1 | 2756938e0457fff5b52c79f345bda59e7e3fc2f0 |
| SHA256 | 4cbe8cbc0ca1d3d2c8463e7ea7b8732a74eaf8ca7d4847a6880e897e10b09d7f |
| SHA512 | adc05be160c0590bf2b61ae306331948c7e306038d210639151c524a084986b0ca7429071ce0815335a265c572f43823a9c2a83918ae956d903ea612b02d1b8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc2c17da3a9cb84c70061a62acdaeb42 |
| SHA1 | 18a3d087ec822d28aa7be367a4c38df767679eb8 |
| SHA256 | ff37cbd9f0f1b059ff51e22f20603ab8fc2da9d1d53b4308dfb326df9925ce61 |
| SHA512 | 95ce4d6adc015a550f699ffe1e9e18f415dc0ef552fc097fc9af71fa6603b2f7661754408447b5cdc387b8abad12fb7f8020446774c99be09ff2706ea9d770fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9288078d8a4733d13a17cfb46ac13054 |
| SHA1 | 52c6e5f41a077f6074ed8d5c6588e2b812659e9d |
| SHA256 | c164e3326e2cf4353d096426721d9d98e0f50b89bab929d1c66af6c4405e7836 |
| SHA512 | 83af0fed57f5ddf594bc8e76328c7987012169617c7e461e0f41dba219116f3f33dcea4714f167140f0ffc590caacd791edfe0ce6579d3f1af28adb77c79058e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a903830fbe9cfc565fc00558ca69dde8 |
| SHA1 | 70d1a188abad3ada7ac04d8c79633606b052172f |
| SHA256 | 1a02d85a70bf956a33f6e50ca052749a925f4d39e1d928537dfeedd08d574d95 |
| SHA512 | cd05de2216d578dd61735307385e6ef65d01ac4e3bc4892211f4a8bd04faaabe4a6407a7279a755e05edfc72fa14b717af0096791d685cd80eaaef686a3c70d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | c5c312a730a261e57371ec11d6fd6ebc |
| SHA1 | 9c0fa471e2457f50f60d31cc05af216a683e90bb |
| SHA256 | c49918b49d91dacecf158cbcabd34ad27e042a5e7328aeb86e93c398176086b5 |
| SHA512 | 24eaf878b58ba6728dd33775a079e1cd21ffd8ca0bce567b92f7fa8f71a53e735d5e5aae0905e88d467aaf87eee37919709dea52c3142ea2ca55fd7ee729e6c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | d21057144256bc23c6ddafbd508d3b4d |
| SHA1 | ee7ac2f0f4aa7c75ecee7309a6e3cc85dc2d877b |
| SHA256 | c0ebdc187e343dd9a2d0d4bb388a3c7d5cff70409487e0c5cf8caf90230131c8 |
| SHA512 | bb169d2613b18de616a601dd6b2b13458d6d165dfcedcca09102d35665019cf2aaac3f360d0d110567068bfaf4fc298310f0fe9bebd3f04f441d090d00b7d8cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b4098d68e5430428759d11c2e52da3bb |
| SHA1 | 1833fafccef0af8aaf771af6571e594bc9208df8 |
| SHA256 | 2fcd7e007c59d982c4cd9b9bfa66593d3d781ab926d2107ab4eb4c23b3fcc956 |
| SHA512 | aba75d9af904551f2ec746297ee6947b85c627a34c802ebce3b4370078cc6b070eb85b44dd48c21c4cb2ffb374562d2dbaddb29443b61d9b0377d6b09f522081 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\logo
| MD5 | c0bb58a52af1c3c657749681c9982766 |
| SHA1 | 6e6c03f0feaafe6f48a108e1e8fb7556ec0fc611 |
| SHA256 | 58fa9aa8243e0316a1b27eb3d92c4e52b9b0545468934ea3e4479f5ff150018f |
| SHA512 | be84af420676a420de36cc019296756825f11d2c257381f7ac47d434d443548fbce736cf0bc833e41651beafabf385a27406d1e1b3e0c704403f608e0bbb4020 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003
| MD5 | 9666d74b18f57389ee2d3dee5073f71a |
| SHA1 | 1830bc2670e616a1da1af27157159e6677a5ad63 |
| SHA256 | 6fcb1e788f9a12b8ad937172802c41475f2180906db38d6507a3af6a2b721cae |
| SHA512 | 69ea6d6080b3ac00f4c4fcf9e00c9e16bd2c3373073f7dde3b1735fabeaaed1e7f8b76113e5ed2b9df08d089ca33ec367c595312f0c2f6e0fbad364464bc989b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
| MD5 | abda4d3a17526328b95aad4cfbf82980 |
| SHA1 | f0e1d7c57c6504d2712cec813bc6fd92446ec9e8 |
| SHA256 | ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476 |
| SHA512 | 91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3b573e62cbff62710421bc81b0997480 |
| SHA1 | 74ca9629b90802b621a0b7d21013aa0c0b4da17d |
| SHA256 | ce821a6f6189bf6a9a65b4f79f38ed9ba37d59457c2f22b57771c835798475c5 |
| SHA512 | 7a08fb10e23b7f46d0efa9b8d731dc54e24f9edcd22d76905c95982119865d77462a198c1b4d9df6364b473415ed385b3c066d52b213d382b734b595708c0a22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 87c2b09a983584b04a63f3ff44064d64 |
| SHA1 | 8796d5ef1ad1196309ef582cecef3ab95db27043 |
| SHA256 | d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0 |
| SHA512 | df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c30d9889f52f03199dfb182d3c594acf |
| SHA1 | 6f5764c1bd43f33a3a70d38fed79cb5077e0e253 |
| SHA256 | 1cebbf680d1ce33248eef19f0a42da68b2a71965774e6761be20212188626e97 |
| SHA512 | f27ded259ca4bfad1c6e5e25a2769af9687205bfa48569d3b89ad26d4795d3d5acd175b8b8ec49906d14055dc6c825d7646145335217e8facfdf70fe113378df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5a4c0f3b1b4a882eada482abe85df2f8 |
| SHA1 | deb89ddb356099cdb27e7b2a709c5537a98354bf |
| SHA256 | 5e2e51e8230af264b1a343440075e615230ea50be28dc9cbb409f469237fb71e |
| SHA512 | 9722d8963c755133f3a1430f5f0f5f069ae90e59785ac51d70cbbae0d1b8d22b0c56151a0e6997121a4d4b8e7dd32008f6fe0fd87e99e1706a027cf99f0c10e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 363a58e6d06b79e2cdf6a7a5567abbfe |
| SHA1 | 28be6c44ef7a08b2de6e277daf38d66b5ae54c95 |
| SHA256 | 4ef8cb6324500c9cce8e3cb4d7ce1819f03bc6de8ee86fc81601f1731d6299d2 |
| SHA512 | 1e65496eeaab4d45571d9f0d4b63c9e8e6c8dc6d0dcd08a973b3c97f23791e4e8c9349d580b2ed790488f2f5db83989d137a9ca667f9ffa3dbc4ccfdae8c4048 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e6478d2c01141fc9161d79b917010acf |
| SHA1 | 9b61a4055464508bcf3115a2eba4f1c5c1d50c68 |
| SHA256 | 22478c19834f410095986dbce31ff4a4bfef98294f06ea799d1c110dbb11fd45 |
| SHA512 | 55934e8a4b50b732ee9bacf218d367ae59c45822d984f92664f97484b939605dee84ebead386465cff50047f436160dfc05092c1b3077fbc65727813c20eba2d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms~RFf77e08f.TMP
| MD5 | 1c4e28723b3d862a7cc4f8c7f9963b0f |
| SHA1 | d529b7d811bbc44e06c2c9203c811fd54b90a7ce |
| SHA256 | 4c0c458b52d8fba75db6e7b9225e61f3997b65a4b7971923276fee15cef6eabd |
| SHA512 | d47bd9aae38199572e873961b5228e246ca08ccd4a9b8124a0263c66f3dc063abc5d3c73c5b3de713c4ddf52e34e6ae87f2958679beb51c60493ad0597f6aee7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1199ade758ba9451_0
| MD5 | 0041e187bb78eead432f42888336c4e1 |
| SHA1 | d2bc5590f3b5371ff317884092907ab0330a2a36 |
| SHA256 | 7f67bbae79c414bbb2de296dc30a9e48e2e2f8ab801f42fb351eed2745f4e99f |
| SHA512 | 2bc9c9c62a04c63111415794405c5839961e5708bda56f52d627c0751bea11184750902af8df41a7367c51fe36d8514dca8efa054d00ed15eccc74dab8506eb8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\04294a9e50a9152f_0
| MD5 | ed8b582f31f4d14cfc5dac0116230f22 |
| SHA1 | fd378e9a40540c5cfa2d5507c7e0837f01eaac60 |
| SHA256 | 73eb69d98ade8c632b60d1275f4450e458378d42864c453938e01d8d38ca7929 |
| SHA512 | 80d6205971a2d50e3a27064c45b05d06ea5549f988692953f505a5e107efc5e1ffc2d83655a8ff3caab3640b131423b8f72de753077eb1d0523dbee445b71f05 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\777aa18d7ac091fb_0
| MD5 | 9315f6ba3f1c1ea6f8a731afe2e05f52 |
| SHA1 | 316a3b08bca1c281f84e8946f79940fae5925a7e |
| SHA256 | 0cdb63d5f45542446eb6b2a65c2261ae13c629ab95b367408473e28cf4ac6840 |
| SHA512 | 0ae5565fb1e8988db1c696e261d4beb3f625fcb079d705f52f18e35e96c9c69678c606564601b1670546c2eab96d7644ea3c0dccb15c0315b391eba0b3ff3a1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c91dea6515372629_0
| MD5 | 7c725734ae6cc00b1215ba87b52c8aab |
| SHA1 | dfa036b82572b471f822e11d3d1d0eff4d7fedde |
| SHA256 | 5721b31d8020a1e14b21652b5b38f414cabc1e301963c7f66119fb2624ed1b50 |
| SHA512 | 98c58975a8565ed61c52a746df573a1c1642a5de923d4e50aa0aa5c75ebef59222bbef14535e301c80b67be2d0337b53b13b580b0cd8fa9a5797850948ce5adb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d14d03a731593e25cd74ad568c41f8e |
| SHA1 | 4f7f46f10495d3a7ac290e7deb20f8cac2e7d4ac |
| SHA256 | 5e5a568fb81b7795c5e43ebe8ed07fe75304b91a40b7407b5bb7c850bcd735f1 |
| SHA512 | a0d7426fea3f7a330a9479f4eef4f90e87798155e5dad1b4ad25952a475602d319a43f80582501f0b6113c240811912a9e5724d1d0512d217f0ad8d718474fb6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | ed2cffb54cd70a044117aa2538a440cf |
| SHA1 | 66d1c3a97d6728eed06fde72f1628990dd9b1a2b |
| SHA256 | ec8c95ee427cd0d09fb3c30ad2e86285755bb3eaad12f6c1290963dd622ce153 |
| SHA512 | 60702eaf453c832885db5d3f50cd2d080d3ddfd539c8b8d3d819ce86d3ea6925fbcc8fdefba51f1cad85fa85b47492107d0ea4fd453c10259780cc808e0cbe7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 65c783a2500907298c074aac674acdf9 |
| SHA1 | 80a00a26d8203b56f5a69b62e53f11ef80de573b |
| SHA256 | b522da7ea82e3b7db6134c335c0d68930764a7f60c9234114485853ac8b7906b |
| SHA512 | dcc6791b33f20bc1fe31511861a7c05d2195da0248a25b7ab8310c86d240da4abf0872985a69fcfce718d14dd71b04c08b30130a70ecdeab751aebe12beb5a40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b3ff6726be4e6f9cd288ce3099148b91 |
| SHA1 | a8675cc513737c68086d79e5bb72dd5968781153 |
| SHA256 | ddbf984c1c436df15f087979883401e5a328a874a27badfea08797a21ad77930 |
| SHA512 | 3fb116cbc41f1aee5460e8950c38c7e3c361e510add2b717177c864910488c29918d1753fa5fc6dd8dfbba2cee1d37570220ebdb04138b94db5e99c1f29b72d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bca68d5fc709852b507795c229db16fd |
| SHA1 | 235f947a34d4c6b4cd9e269f351f43b9d644a4bf |
| SHA256 | a2518903fe217548553b91641d18e1885e7e19157ea2ea18d9c94bce225bad12 |
| SHA512 | bd30186d796dda176cf8d2ed57aa8b907cee0f67a9d79a8b41cf3d1a1a453b2f5498ed5aba93188ad1cb3e1e0014208e01826035c4284cc592d8b889208dcd0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 97d715c385478328bce870a07891801a |
| SHA1 | af09aed9bcca066123d0933b9c4f705672d3726a |
| SHA256 | ff04f47b3cdde56ff5697fe074c6530de9bb8c6a26a8b08799165768d5d154de |
| SHA512 | a38d4fdae7223d3f5a3ccfd5c961a2c3d19e9932b7ea9fad0f75e7c8772c2e13b57ed484299c4004582b8a5466d89dc7f901f316565d4a28714d84946c9566dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 95c8ae9f4050e70fcc3bcccd3deba21f |
| SHA1 | 0482c4a1c27e78a26e18967ba2775e07d646744c |
| SHA256 | 2f7a228e144146e7a78394d6d2fb515799fce9a7ccecac71ecac092a093b7ab5 |
| SHA512 | 82b6f7f9f13e328d8e62c0557c5f12c6906a0a1697154b4fca1c46d342f1519082568087df4ade46114a1cc2592ce4c2cd15c0f8a6f007c53064a9ce0ae3c3b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 2ef3f4547f9b4be6b74436fb2b9fb036 |
| SHA1 | 9aafd53b1ab902ad22b1d7934d7182ecce88298d |
| SHA256 | c0b9b646668bea527581baa78ebb3ef8a51fe84498454dd454ed26cf6b074aa7 |
| SHA512 | b62001ae7eedcc11f004d26766c7d4fd8d23fb97e6b70396ac3647314569b26486ed1c244fc2c929f6c4fa92e61dc354eff1d37c6989e605a9293f1c29113f39 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_indonesian.wnry
| MD5 | 3788f91c694dfc48e12417ce93356b0f |
| SHA1 | eb3b87f7f654b604daf3484da9e02ca6c4ea98b7 |
| SHA256 | 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4 |
| SHA512 | b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_greek.wnry
| MD5 | fb4e8718fea95bb7479727fde80cb424 |
| SHA1 | 1088c7653cba385fe994e9ae34a6595898f20aeb |
| SHA256 | e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9 |
| SHA512 | 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_german.wnry
| MD5 | 3d59bbb5553fe03a89f817819540f469 |
| SHA1 | 26781d4b06ff704800b463d0f1fca3afd923a9fe |
| SHA256 | 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61 |
| SHA512 | 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_french.wnry
| MD5 | 4e57113a6bf6b88fdd32782a4a381274 |
| SHA1 | 0fccbc91f0f94453d91670c6794f71348711061d |
| SHA256 | 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc |
| SHA512 | 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_filipino.wnry
| MD5 | 08b9e69b57e4c9b966664f8e1c27ab09 |
| SHA1 | 2da1025bbbfb3cd308070765fc0893a48e5a85fa |
| SHA256 | d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324 |
| SHA512 | 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_english.wnry
| MD5 | fe68c2dc0d2419b38f44d83f2fcf232e |
| SHA1 | 6c6e49949957215aa2f3dfb72207d249adf36283 |
| SHA256 | 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5 |
| SHA512 | 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_dutch.wnry
| MD5 | 7a8d499407c6a647c03c4471a67eaad7 |
| SHA1 | d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b |
| SHA256 | 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c |
| SHA512 | 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_danish.wnry
| MD5 | 2c5a3b81d5c4715b7bea01033367fcb5 |
| SHA1 | b548b45da8463e17199daafd34c23591f94e82cd |
| SHA256 | a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6 |
| SHA512 | 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_czech.wnry
| MD5 | 537efeecdfa94cc421e58fd82a58ba9e |
| SHA1 | 3609456e16bc16ba447979f3aa69221290ec17d0 |
| SHA256 | 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150 |
| SHA512 | e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_croatian.wnry
| MD5 | 17194003fa70ce477326ce2f6deeb270 |
| SHA1 | e325988f68d327743926ea317abb9882f347fa73 |
| SHA256 | 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171 |
| SHA512 | dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (traditional).wnry
| MD5 | 2efc3690d67cd073a9406a25005f7cea |
| SHA1 | 52c07f98870eabace6ec370b7eb562751e8067e9 |
| SHA256 | 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a |
| SHA512 | 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (simplified).wnry
| MD5 | 0252d45ca21c8e43c9742285c48e91ad |
| SHA1 | 5c14551d2736eef3a1c1970cc492206e531703c1 |
| SHA256 | 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a |
| SHA512 | 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_bulgarian.wnry
| MD5 | 95673b0f968c0f55b32204361940d184 |
| SHA1 | 81e427d15a1a826b93e91c3d2fa65221c8ca9cff |
| SHA256 | 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd |
| SHA512 | 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\c.wnry
| MD5 | 383a85eab6ecda319bfddd82416fc6c2 |
| SHA1 | 2a9324e1d02c3e41582bf5370043d8afeb02ba6f |
| SHA256 | 079ce1041cbffe18ff62a2b4a33711eda40f680d0b1d3b551db47e39a6390b21 |
| SHA512 | c661e0b3c175d31b365362e52d7b152267a15d59517a4bcc493329be20b23d0e4eb62d1ba80bb96447eeaf91a6901f4b34bf173b4ab6f90d4111ea97c87c1252 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\b.wnry
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
memory/3008-1260-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\153531727981350.bat
| MD5 | ab68d3aceaca7f8bb94cdeabdcf54419 |
| SHA1 | 5a2523f89e9e6dde58082d4f9cf3da4ccc4aae26 |
| SHA256 | 3161fdccd23f68410f6d8b260d6c6b65e9dfb59ef44aef39ebb9d21e24f7c832 |
| SHA512 | a5de5e903e492a6c9bcf9fbc90b5f88a031a14fca8ee210d98507560290d399f138b521d96e411385279f47e8de6a959234a094e084c2e7e6c92c0ea57778f64 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
| MD5 | f97d2e6f8d820dbd3b66f21137de4f09 |
| SHA1 | 596799b75b5d60aa9cd45646f68e9c0bd06df252 |
| SHA256 | 0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a |
| SHA512 | efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0 |
C:\ProgramData\Microsoft\Windows\Ringtones\@[email protected]
| MD5 | 3f0a07e26a7b3ad3afbcc9f8d9b38fc6 |
| SHA1 | 7a1a5f9122246a30d92791132681a420e469d840 |
| SHA256 | e5abd001186eb616a737540c1969a0f938c3bcf872f7b10581a9b8ad802b6765 |
| SHA512 | 8a281cdefe8e2ec7dfeaa35f817933033f0232692db1aaf3e2aa450ec17400950f90784254e82cdeefebfc63a59197f7aaf3f352af6cd87d46449ef6d8d12aad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2d2bf47986952f23e7b6588aee9fe9ad |
| SHA1 | fff946d4cd4830eded8125150b8bbd60b1ed8d80 |
| SHA256 | 754e424083f7e1bda7362872d00cf5485db4279d1a4867ee474875f343535923 |
| SHA512 | 39cf6a6439ed93e93cd68db3099ee9b1c01c89b18458278117e1fe28b0748c5fa2a3ca216c4854e89efcb5e49e0356efbaf5123883b08fb1aed1943041ebf437 |
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/2796-2167-0x0000000074240000-0x00000000742C2000-memory.dmp
memory/2796-2168-0x0000000073FA0000-0x00000000741BC000-memory.dmp
memory/2796-2171-0x0000000000CD0000-0x0000000000FCE000-memory.dmp
memory/2796-2170-0x0000000073EE0000-0x0000000073F02000-memory.dmp
memory/2796-2169-0x0000000073F10000-0x0000000073F92000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1b8a8e6e741cb52728f1aeab5f1f9a90 |
| SHA1 | 1ff88fabc23732894a479c3de41ce8adfd22e4d5 |
| SHA256 | e50725b01512c5cf27fc9966d84b69e1bfb38df9ecd40aacc3efd0ee28133b28 |
| SHA512 | 9868934e4ff08a5f52f932f91bd1a231036ba2e85cbb337d6d7490dbdecfcb7e85b26d3cc7f909f606e108defa7608a1cd73a435b4526deb45beeee7f475da8f |
memory/2796-2184-0x0000000074240000-0x00000000742C2000-memory.dmp
memory/2796-2183-0x0000000000CD0000-0x0000000000FCE000-memory.dmp
memory/2796-2185-0x0000000074990000-0x00000000749AC000-memory.dmp
memory/2796-2186-0x00000000741C0000-0x0000000074237000-memory.dmp
memory/2796-2189-0x0000000073EE0000-0x0000000073F02000-memory.dmp
memory/2796-2188-0x0000000073F10000-0x0000000073F92000-memory.dmp
memory/2796-2187-0x0000000073FA0000-0x00000000741BC000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-03 18:46
Reported
2024-10-03 18:49
Platform
win10v2004-20240802-en
Max time kernel
92s
Max time network
158s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\RobloxStudioBeta.exe
"C:\Users\Admin\AppData\Local\Temp\RobloxStudioBeta.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |