wannacry | hxxp://google[.]com

Analysis

max time kernel
299s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2024 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware worm

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDE6EF.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDE6F6.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Executes dropped EXE 13 IoCs

pid	Process
1752	taskdl.exe
4952	@[email protected]
5292	@[email protected]
5660	taskhsvc.exe
2696	taskdl.exe
3144	taskse.exe
5284	@[email protected]
5180	taskdl.exe
6004	taskse.exe
1572	@[email protected]
4224	taskse.exe
1936	@[email protected]
4108	taskdl.exe

Loads dropped DLL 6 IoCs

pid	Process
5660	taskhsvc.exe
5660	taskhsvc.exe
5660	taskhsvc.exe
5660	taskhsvc.exe
5660	taskhsvc.exe
5660	taskhsvc.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1948	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\xrozzleb373 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Ransomware.WannaCry.zip\\tasksche.exe\""	reg.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
225	raw.githubusercontent.com
226	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133734129988909442"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	chrome.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
1988	reg.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
2796	msedge.exe
2796	msedge.exe
2028	msedge.exe
2028	msedge.exe
4356	chrome.exe
4356	chrome.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
1296	identity_helper.exe
1296	identity_helper.exe
5660	taskhsvc.exe
5660	taskhsvc.exe
5660	taskhsvc.exe
5660	taskhsvc.exe
5660	taskhsvc.exe
5660	taskhsvc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe
Token: SeShutdownPrivilege	4356	chrome.exe
Token: SeCreatePagefilePrivilege	4356	chrome.exe

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe
4356	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4952	@[email protected]
4952	@[email protected]
5292	@[email protected]
5292	@[email protected]
5284	@[email protected]
5284	@[email protected]
1572	@[email protected]
1936	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1360	2028	msedge.exe	84
PID 2028 wrote to memory of 1360	2028	msedge.exe	84
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 3980	2028	msedge.exe	85
PID 2028 wrote to memory of 2796	2028	msedge.exe	86
PID 2028 wrote to memory of 2796	2028	msedge.exe	86
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87
PID 2028 wrote to memory of 3036	2028	msedge.exe	87

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
1584	attrib.exe
5740	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa302e46f8,0x7ffa302e4708,0x7ffa302e4718
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,5376131663048776288,9637395266283366127,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,5376131663048776288,9637395266283366127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2780 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,5376131663048776288,9637395266283366127,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,5376131663048776288,9637395266283366127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,5376131663048776288,9637395266283366127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,5376131663048776288,9637395266283366127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,5376131663048776288,9637395266283366127,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,5376131663048776288,9637395266283366127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,5376131663048776288,9637395266283366127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,5376131663048776288,9637395266283366127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2456 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,5376131663048776288,9637395266283366127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,5376131663048776288,9637395266283366127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,5376131663048776288,9637395266283366127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:5804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0x70,0x124,0x7ffa1f1acc40,0x7ffa1f1acc4c,0x7ffa1f1acc58
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1940,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2004 /prefetch:3
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2396 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3388,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4612,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2840 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4556,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4520,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3836 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4996,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5048,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5340,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3264,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4020,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5224,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3252,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5432,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5576,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5652,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3532,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3136,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2700 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5380,i,14804586492770076225,16482591066689556575,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:212

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1532

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5316

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
PID:2512
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:1584
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  - System Location Discovery: System Language Discovery
  PID:1948
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1752
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 310021728939597.bat
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5820
- - C:\Windows\SysWOW64\cscript.exe
    cscript.exe //nologo m.vbs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5884
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:5740
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected] co
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4952
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5660
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c start /b @[email protected] vs
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2100
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected] vs
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5292
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
      4⤵
      System Location Discovery: System Language Discovery
      PID:5452
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5088
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2696
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3144
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5284
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "xrozzleb373" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5936
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "xrozzleb373" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:1988
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5180
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6004
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1572
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4224
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1936
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4108

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:5436

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:3844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

Filesize
1KB

MD5
27524725d30bd2240b0b6b207025cb02

SHA1
4ffae5760f5ace30a2b382d1b4da002c4c7cb285

SHA256
a6c259b1be8f6c0e02522b1bc6f361324c9fd44354c0f9521005bc2da6363e78

SHA512
0338ec23aae2510604dfa7632382416dfc23c2c130e3a26b5da303e50bebe02d2cec07057cb40c1fb407108fdee4122b0c1c1a45cabccc7537caa3e7b9ae8738

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5c3ace74-6589-4230-9472-f92f7d8cdc12.tmp

Filesize
228KB

MD5
fd8d86dfb74044a252c9b910f1eb1e7b

SHA1
79ee451aacb1ad31f8cfb57a3d7c84bb88c63cbd

SHA256
f0189c55758f8ac36db6239623db20d7928501d3857205c7c83c7fc4193e8bf5

SHA512
04894cf00df1734e2ff6a85318fed99c38cba24017c609ff6f84d9d03e1de0a188161232ed73adca48b0c47ada0ab8a8e7b817ce172862a34f61a10d343db619

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7b38d2e12d93fececab92604e1a19023

SHA1
2f11c86eb1151914ecb98ee8ca9f163376382e07

SHA256
efa93342867d0178943bd67fa61a34d91e17f2e0a7b9493d2d62860947bd5970

SHA512
d9769d678dd6f0ecffcb38f8e5ac3711f039bcbea42cb9d34d1068e1f50614b0e2dfc61ac61469d4e537de506a689b69b39ea6a1a923b2f8b72746b55c085f3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
72KB

MD5
2f6f1f80c4ed1fd57f214bf40a885a57

SHA1
0287e82d5044c01ea99f69ab02673fe8262bb9b4

SHA256
422596b36956a2800b4dbdc3c81acc6e960c73bbc373653a471d713ff7098d68

SHA512
06fc97aa33a16b411d601f61b308c5e34f984eeb10acb752dc909b591feac285c4ab313571c70e70d2a81441bac1fde4272fd4536fc2f13ffd683d8efcc90129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
419KB

MD5
950b171fd6e6969051dde32fc96593c4

SHA1
05f50ea34a638c560b06ce7fbe78c1a3fe7925a7

SHA256
7ce97a30f89bb2319101a5e45928986420af45eb4a09b2c0054b25cf97e02ac6

SHA512
8e3d65489b28eb959f0e94920bc0b77465d1dd7924a1fd6c12a81856a6a75a012d11f7bf02e34e0c475c8ddd423d996161b6e9492ed7fe597751e562334f9e19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
37KB

MD5
1b6703b594119e2ef0f09a829876ae73

SHA1
d324911ee56f7b031f0375192e4124b0b450395e

SHA256
0a8d23eceec4035c56dcfea9505de12a3b222bac422d3de5c15148952fec38a0

SHA512
62b38dd0c1cfb92daffd30d2961994aef66decf55a5c286f2274b725e72e990fa05cae0494dc6ad1565e4fbc88a6ddd9685bd6bc4da9100763ef268305f3afe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
37KB

MD5
fed3d674a2f247d846667fb6430e60a7

SHA1
5983d3f704afd0c03e7858da2888fcc94b4454fb

SHA256
001c91272600648126ab2fd51263117c17f14d1447a194b318394d8bb9b96c5d

SHA512
f2b9d820ac40a113d1ab3ed152dfed87322318cd38ba25eb5c5e71107df955b37448ab14a2779b29fce7ebd49cc0bbafbd505748786bc00cd47c3a138aefdddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
20KB

MD5
a6f79c766b869e079daa91e038bff5c0

SHA1
45a9a1e2a7898ed47fc3a2dc1d674ca87980451b

SHA256
d27842b8823f69f4748bc26e91cf865eceb2a4ec60258cbca23899a9aef8c35a

SHA512
ed56aaa8229e56142ffa5eb926e4cfa87ac2a500bfa70b93001d55b08922800fe267208f6bd580a16aed7021a56b56ae70dae868c7376a77b08f1c3c23d14ab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
19KB

MD5
7eab02c9122098646914e18bd7324a42

SHA1
5e2044e849182f1d3c8bcf7aa91d413b970fc52f

SHA256
d58d66c51a1feb9af55ba4a2dcf2c339b7976dd011fbd5d071ca86b9d7f58a42

SHA512
dbb0f94de62d7d77d4bfe6c298043c559a0d4bc117bd7dc1d627caabffa8e712cec5e3adb4a737b350429493ac0ebfb81c8759aebed41b30218d0e7ff6f3196f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
59KB

MD5
02240241c502c60a601fea4d1ddf616c

SHA1
654602ee1bbdcade5912f9b727473f592ddc3237

SHA256
2c57c29f743821138afdd7d3e75f38f4b3912f60bb7a3c5e0170bd79adc1709a

SHA512
8b135da031724d41b7ed6fc4e6b78568c915f900a9ad35f09f98cdffe58d0f1e611232b46c78c1fc0eec6acdbaff1822887e2cdfff2ffe6aa3f5fd897261b62e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
38KB

MD5
bf95b000a1f52c689cebc5fa260f201e

SHA1
ebe21a68dd7d8321b540757f246ed6e10a18683a

SHA256
0abded4712a9ab59e84a24ec40179ed475eded446a082584d22c2f7708db6c40

SHA512
151752d4174ff487b3895535521e38071a729e7853b3b2605928b14350ff4106d2d73aae14f7c9a69843d417648a2dfcb9b295a254391c18d99f354c39e8c32b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
19KB

MD5
ca39c956585ff3441ed99f219a95908e

SHA1
c17d8ac3a1fa156abb4d7d6f4799bbabc09966b1

SHA256
c23e03e141a70b1967f6d62a272ecbc588655211752e250f9173bebcc61127df

SHA512
57b5cbce513d2f1c698e4ca82cb9b2ba1c26d7b80f21e4efa77493d0053943bd5a8eaedc3dccb23192c0145dc411a99a86356777e95afa78ac616ce3f5189a5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
88KB

MD5
76d82c7d8c864c474936304e74ce3f4c

SHA1
8447bf273d15b973b48937326a90c60baa2903bf

SHA256
3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8

SHA512
a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
99KB

MD5
b6b2fb3562093661d9091ba03cd38b7b

SHA1
39f80671c735180266fa0845a4e4689b7d51e550

SHA256
530eb1f6d30ce52b11c3844741721eed669decc69060854ddb6666012c6e9e20

SHA512
7c3f88910bb87eb58078104290d0a6fc96bb34705974bf93e6dffd928160a9f28e34d879f015f0a05754f56aeacc462e27ba3f332e9dddd6e3879c5d97db5089

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
16a7b2bc701125a5534ea06036b5368f

SHA1
7985053182528d25ba42368047c04ed717ffaa0f

SHA256
9be9391a602327dd184ecac39d44381fcdb68c68ac8a7c16bda6f8e59e2c5edd

SHA512
b3cbf601b3ae264a82446d0837392ec363ae6ff36920d7d5cd2977a478abc059e18bda649415384637a3dbed4e5fdd17df2d501aa7960ae2caf2c0f389f344a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
449f1901a15fea7fd37389dc70176b06

SHA1
869a9d000384cb4a32938ce9daa72820f48d25e4

SHA256
e263d204d396b4658df02a4204c9600b69859485e6cf78a87c354d6857b29613

SHA512
c87da774f5d9434ec1ca1fa203357a6156c31188e67d515edf0211e76846c22201477c28256a2d76cecf1f254a2a6c34b4085f8029812e03ecd252ae5b8e75e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8b2551dbfcc3333ae9587453a94168c3

SHA1
3f030c501d4ca59a7adc704259530dfc4f577d85

SHA256
716e5cb15438126be8dff56cf198a8b97723466555ec06f43053a5867c842300

SHA512
643ddd136430a2151a16f5f17885cce4f50734f31619d219937e320b2a610698ba5bd9c78e56718cfd366fafe4f951f43d88ee98e088068a4799ed3306ce6837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
afb278f29c097ea73665463ea862185d

SHA1
c9a0c8bb71ba46126472739c15224deff4045715

SHA256
7b7f8bb19c79b91d31892009b342011be7e4b4a73e2a3522c852e24f8b5f1fb1

SHA512
a924207b1b128783497acd290eb6e2d242babc7c4790722e54dd01d931aa62919e32253df25187a25625bace1db484ee2f64d0c632d1ac183341a11f91063f31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
e5944f84e254047fac635c705fa655c0

SHA1
1649baa8ac1a7d84c1250f8b2413c45f5629f44f

SHA256
b4aff51a8efe7d9aa0480cb45e76c741def0b2b4c31de645f61f07e76c52e7de

SHA512
d9b285b6353773855710141e921a9ce93fad7297bb0c9fc9a8d28ca0e2f4d2b17c990b7338a4546d4628193f3f50a0e892da18d6daa70a31354d85f891b677da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
7f2e293ef0aba6a39aad026735c53228

SHA1
d326bfcb1dc80fd2ac031047038e18af4f486c17

SHA256
795cce2674a1a2b30bed0612da1b6d9c1a44afb593b1f995b464115fb9b5a702

SHA512
36b6f19388ab10f5070828aa5ec9f6cb55bc5638b765b5fa6c1c9bcf7e57a0274e81b326d520b961ecb01f4ab1ef883b6fea81365f15cafe80f7e3d8888bdb9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
779fb1fe5301857304537698da90d4bf

SHA1
04f08eb19e85fba0b62b732fd5f0c28d9502d42c

SHA256
48252da0720031468cd584b03946e5c4e8d5757578e52549634ab584ad5731bc

SHA512
3df3742f14ecd04d7630237edcf618bd0c528dec6abbde964bf3a1bc5aa579942ebe5c9e26b9d8024b624a5b3ae05f582d9b2c15e0a18d31ce957c4c2c652e3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0b9da7316f46e4ab2541192d61947be5

SHA1
c14a7668539fe1679635c0887b90949bc5d2191b

SHA256
ff447def6706422793ebd0c6a74c10fea6273b10d1128f4d9430ebfb903602b3

SHA512
e94368669d6cde1088ea08c98d29996d0c438e3ec3e2a6fa357dbd38fff691ab6662af5d0f63e5055e0cc2dc5bfb9770b1bb73dd0a5d8e33876cf3f4158f0223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bcf77f054b1233ec1fba05532ccb8da3

SHA1
f6dc1aefa371ad9c292ca4ccf843a9382893ea2e

SHA256
b704dc94c422fd4869c0c862c4619077d8b3e74ea144906cf1fe82b4f6cfc8fe

SHA512
5fa7909d8e4520c285f2b930065abc4c795a7102682ad74c6b6d2a2dd8c9014253f849e84ce798d1691b955a45bc0b64a4c91a011c30073d135c71cd7971968f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
375fc99afd2135e24833471b41d08f5c

SHA1
a23dbb2133009a619828968a0a46ea62e4b182ac

SHA256
ae0b9f4b139850a4f171b6e0756a1cee229dd21ff362057dd455990dd94c0b7a

SHA512
c1912e2918ebefd69e97b9673a657610978ebc9a0e3f70f54972b8738d98a1766834677597db95a82c9e20dcb9aae2c2a2828fa0797b4aaff6fb7216886a0693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
238a144033ea01ce620942b4b74fbb97

SHA1
f881580e6c06474cf910ce5c1a6f9cfb0e421f77

SHA256
ac59c8e95b0afff5f22274affe4cb77d8f9bcdedbf909719ce551a08a94664d4

SHA512
082cb7638683a20d8845e992159bad54dbdf29e788ee7587eb9c7e48c5fe44e0646e3215f5856d8813f1a0ed54f2313281402bcea0acdb5362ab7652b942ae25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
12e2a27734477229fcd3b97cf4ae42a5

SHA1
3961cf630d016ac9b317cfed8cf71b049f1bcad7

SHA256
a7ad91df41795e3afb1653297f2623cfea25a71b29ac8cf41335ea1dfe27ed81

SHA512
6828e412c931003fc2881f20427e5936a6ec4ae7e737b090e453dbcbf598759b3a4bdff551112e11443e428b9342181d0ee2d1afc3255ed9e9139f76acbd9196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bcd01eedcbaaa628091b033cc44e0bfa

SHA1
4e7f7e719a6a7794500e1659d7a84230f674acbb

SHA256
de5c105994b79b5002ad459967204c50f062f6d18c2f6c42d77a9389ec5ba0a1

SHA512
564ffe6ddf788375c4133513cc82fe281deb985bfc7a763538c88b3700459064c5c5aea94190755927d97dab786a503685b4b42b3b6eb676b587923fda57a9b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
25e85cf84345c1e5d46c0e474704d56d

SHA1
0ae615e4c03f83470a8ef2bf93a29c48fa438280

SHA256
ffff7714c18aaef8e222e712f4115bcf77c9d3d0ad6e54cd6f113e5540ca40c2

SHA512
4abd0ae74d32747fe6456ac1bdeb4eb6882d32aa7aa4e308bcf2dacdb251f8da7a19509dbc43a728d6a1478715c62df150aa30c01d5eb64b8386eef145cb954c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0a91924077cb9e3e1270859795a177e5

SHA1
a7454ce9bd39f5ae3182fee736936f4c4df465de

SHA256
0f60fc221621d287fa7ce97748dbcb9516ebd10f242f6a5e4d5b2f0c49757dc4

SHA512
c430602eeef5df48ca18f305c80af5ecda32bdb495b1802ea0994f17667ac360fa0e1e63758e45fe219dc37499712909ffd4b36f1bb4bb1fe8ff5176679c2cf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
05f511c6465db1e4211be7e02339ec3c

SHA1
77f54b0f1ac3930adaa1a6d98c7cf37a995e583a

SHA256
42ed7eaf93c74e9285edec1ca3111cd04251169b136e8d654b7dbea913637f4f

SHA512
4ea0209d8d9f5316089a1e71130e021e828678b21862430f70a6096400d04e6729302115f8339da9fd15a46d43ea16840b9b7e874c4d0dacabcbbc285a850814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a3b99d2e4c8a751ff8fef082d6a07e1e

SHA1
853dbca9c5e3e1d6b61b3805cbe014d2731f3af7

SHA256
30538759d8fc1f328bf9b0ab558d01508f4bb46fb1b08721dff50febe1ac8d84

SHA512
a4340c0f8d4652fe259a6c00c1960e34c1b739071c25bf27ed8a0f15f7edf2ed3ba386dac7b097723d9bf343c5c8b686aa71d68ba22d424274fa87003ad9ab48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0b75d35e7ec18f950c62e9680f23f574

SHA1
2e9c7a1300bd0e8160e2713147114656b9d9e666

SHA256
41656d43fad405a46eaadf53e91db6a8731807f3a0b446f0ca7a479bd5f06532

SHA512
18aa741c49954b9782ea26ad3c4e60e73ccd85861dac3e94ec35ad4c377422e67dcacd27adca8e40abbfe64cf6ff224bf358b2d7968986f62f61aba7713368b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f426200bca8b8140aaa3e7f2e7d448a4

SHA1
9a01e6d0a243a7bb0fe1d9e6b8bcecf84e9d5543

SHA256
28f304b17b23f55a66f40c65328edf323bfde8b7e8765b480515a25c67a35ed7

SHA512
6686e6a9f064466e69c4d2af0764e4a4deb2ee242cc6fb194c7e633f6f19901658077baa198cd97baae69ff824ea6106f854b533b9e62a8cf6d8efcbbceef456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e6664edc411350b50e1c0137f2886db8

SHA1
6e7e3d2457ccae8693ae2976d5205a36b68261f1

SHA256
fa2b2d03b8871a7858e5fd2e3ec2a8b7b7a687104a526c3473bb29b919d32645

SHA512
cfecea243a7726d9d83b0b3b1558f47f72f179ae291715a2ac2224c4589d9c5679859fd976667b30e0f7a81c6bf05ed9c7509b6651c4a00f27d069fb4b0c50bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
48cc18a3955709f85488471acef25ee0

SHA1
ae37bee7c9005d9e7954cc006c318f4dd34f0d60

SHA256
fb7fb53bdd5f66b9ab5e25779426e69e5d246c60657e0b68a706d0b85c639923

SHA512
6f777b525bf1f1735c991ce614ee91ce4dc48b89cf0ccab6a00aa9d8b5e2f43e6d044724cc5ecc6c32e67eac5f7af141997c0cb8bc315939e2e63851a53e85f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
61b2f9e91b67b382b3374aba2a60562a

SHA1
4044c9d1377b03b865ae3b366050d5d6b35ca598

SHA256
68ed118bf8e6a1a956213507745afa6f98d11830bff1a3c88499417f35b1533e

SHA512
0275896d3487a9ecc21db9162cd3e5ba344038f3dbca3b22df71deee62e13612c715a4a51928e2eb18709d1d43206edd21e9abf776c472a41566c7670eeb330f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f6b14c032d5dfa254d70e9fb21e9c0ed

SHA1
ab6225678e8323705df9cf28a8fd40e5bbf6fefe

SHA256
e6a696212da526c925caf05876110641afc14429d52bc0a07762f4c57a7412ad

SHA512
99c28aedfccf687a81330eb95d494cd736857444d6e03430fef0b9af713ab223ef803b9c501d54eecdb72fdcc8b93211e94447ae6412dd1dc46b611aa35846b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a245cfdacce201d0fad137ab23a6a3d8

SHA1
fc858a1ee9f7bf0f18261ccb361d9bd76219805d

SHA256
10e0ba6354ccf450d2904553df8851645ea75f5ccb25c1e3060490d0ab471ba9

SHA512
9f3d7b60c116e39c5c8bd500be9519020dca0b89ceda210cfa5d1bfe011a942a610f304c73f19ea94e3e17941402d6dc8ec47fe894b4eac3bf1510525d2cf36f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
43d18bd440011a81d0819c35405184c8

SHA1
8f82539a805615281804d9ed6291b765d8bec241

SHA256
222242fcfcf05a983e80c46e092595fd12af021be67ed02e5e5dba9444f5fb41

SHA512
c7576aaaee43e10ca645454a027c8abcdc258940148169be4fcfe88c2f65b8b28c48f8fa65b47ac888b77e9b01331b90c4eecff03561dfda8daf15d63d5ba81a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2fa4c8736c09bae482a38ae52224f7d8

SHA1
7ad37eaf94e6414a60472d65c13154d509348b47

SHA256
249dcd89a7267a4560adea492b767503139f5a50566d06a58ff84ef752456369

SHA512
22c575fc99982627c199f24effc5215efbc66594331ba33aa3abca959e99143a584df32dd83e879e10ab1a465feaba19ed683eb62e7d05c12bb23f9ca8e8e703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
091ea58a40086ee1c4f8be2ea8420582

SHA1
f94ee1d3cad6cbf4d22a1b11cb4d25217197ce14

SHA256
c5e233c1ff8883d1c872d4dc6ae51d099b7a44d7bea612e3f9e905954e5fd49d

SHA512
f01f31d75560e0c591af544b0a8394e7c763f6c24a32e421ddb69baa959758b785fc15e53226f4f8a1f65201bf99930c9d5c059fb7b22cbc52e704b7b29ac1dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
436e48d7757d5122bdc03722a1f222f2

SHA1
c4c37efe321fa6974b1b66dbf43ea7bab45e30de

SHA256
3c670df650a3b5483bc95dd39cd30ed502ecd892f808a7d8393f71fcec7f106c

SHA512
f091f3a33acadc688aa7b86c07041253ae270a97f771a9d4240ea27fb95ce7bc3118d33de6eb64d1f5f0ad7021e512478e4014eccf799497d86e7039bcf01ceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
915b4b6c8ae31ac078ae7fa4a034162e

SHA1
8eca7d3021f1d92f8e1b395e47a86d0ba30ab735

SHA256
bd18c783f4b06c9e0da26ee0950ff45969f3f1b90a531bb5199827ee7e2bc9fd

SHA512
45f4cadd45ee2a40ad943c292d4a5d6bbced6d7015232149ec651095a90c9e521f6148e708f799cbca85793af3e9396fcf9e3b490c40b9fb726cac994d62d0c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6766bb104065c4fcfe8e9556970fbd1b

SHA1
58b62e492563207e7e0133fb454512fc0ce6d0ba

SHA256
245db434924fbf6d5f4c3b8111cc5f175954e021b9b39ad2ed185d5414a618e2

SHA512
7ee12f4acd311f7561539078ff4560d976880eb82f9d592928c09d505d2c459a6a6bf4245dd89a0eac876e5f152b8a62a49364333578315512cbb0f37a228696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ec9729b71ba7558c952ab1d546f972d2

SHA1
1f2a1564a43789569347249ef5b25861fe200a53

SHA256
ba261cd3142e353a015dde61cc8a561526b3ecd7aaf2668cb0246d2f7b2e0c02

SHA512
627295b7aa800abd238efaa0bf10823ed5d7ec89e3e7c924aae5a47acadbf7c23d7789096d4f41f29df1a39e8c9e56b23976d410dd8a3f61c999da6167da0516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1b61f440d828f2336d6ebfd307557aba

SHA1
b5dd92c3e6e3be5b69bb6cda873d67846f3cf3b3

SHA256
d8f124b378cca297173d16660de1e71ea04736d66c56450314d83e64f919c124

SHA512
94ba82df69927804c5f74a81c2b81494d2cda625dc25afc719dcf225bf8f4b2c6fa999aad53c22d56d199f2c816bab242623de5b971964414d07fc322e83a93e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
20a519627b16dc2cc678f316cf8284a9

SHA1
126467c3fd3e7b16999a7f5f27328c098ec1d0ac

SHA256
1088def81021290798c01ce3dc3c5476311edce2e2a0574b2384ea8e4cbf9560

SHA512
0fa99370fe146613c29ee3431774d4e92550983a7cb3c25f8f37fef1656549f20ef6fc6ac4b9a6b15fee8d1945f13390dd3e90cf6d0394c435508ea5de8750ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2be8d58d700bc4d53fcd0218b427cee0

SHA1
fd24be5fb64432b72c3b907cfebd00c91302e29d

SHA256
59421a7e0c393f76b196a29c1ad671deec2542bb2d913dbfdab1f009aa9ab518

SHA512
de6f93274f2ef88dfc5c10bc10a6241a1e04d03f86f8da99bc54adfe93936530972d9f595e844213f228e24ddfd446cf8702edfa41baaf9e5fe0f5ee31756684

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2ed4a5837943fe21d79bac843d60e070

SHA1
58f048210709114025fd41ef110a578e473cf55e

SHA256
272279b082ca92d7d8d9abf38566f185c9db8b439e1673f8b22b8fdb9d0aedbc

SHA512
4503e6e5d6685ec5a65fee7684a454f1d315ae385df196babb21da2a44f02b69ff3f7f870df52287264a8314e45cc7efd1bccefef66bfc914d2f6d8624e623ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
28dc75630b7a67e60b34622ae9ee1065

SHA1
3d639ed6faed3966cc60ecbe4578ff76a3e42011

SHA256
d78ab2c96a8f44755ef5a5ad370ff24b6fb25097dd4f540d329e61832c238db5

SHA512
0840082195a380c41c8fb5e27e90c9b10915822b63bfbd2f1463879bedd17761afb699dc88c5aacaac715ee96201ee90afbf340f1a10be5cd2f0715938a5785d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c220d1ab2113c03c21d9c44611d9ac05

SHA1
5711aa7c631a8bb25a2681f26adf54081e1348e0

SHA256
dbd7d5ec55112400b84269bb3a8b6494476a971941439c466716f7645ca53c7e

SHA512
82578b76ceee7827a0cb9281b30d8b478b9f1a5e05c6749fe74810015adfb94fb2137d0495ec72c3837aeeef7ebac529d4be267f3c40736e21f1c44fd57388c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d59ade47-a45b-4c22-aecd-b8297f8f64db.tmp

Filesize
10KB

MD5
cb1cfdb24fc95ed5885044532202522f

SHA1
ed24f86e5a52e9b8c0851162eb17c3c8d7ccd1e2

SHA256
5d0fa9b74b91ca66acc6120200baec9c8296689bbff4a75a07a06fe112bc49fe

SHA512
fb867beae36c3b1084a5f7c83adc727c7b68282124334e06c432263cb1b43d772134e27e871d0039a406c1c01b57651e52d4339132b536c9f894a1ec427f8140

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
62c25c9100ec9b238cf72ddede951ded

SHA1
affc335e09b675aad646c57e162a893f6ea4c751

SHA256
d39478237e231f7adc3663f57a9e7cb056867b5be6dfe550eda96ae999e7a4fb

SHA512
db0bd551b1fdbb1fbf0a8090f556b67039ecd6cd5b588454b4164fa86e673ae88752ed1a4ed41bb10d66fb506a56c741e954d394a160c18e5544cbf01107737d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
40f3335cdb590126270f73ab348d1dfa

SHA1
72b7345c73fe8d760b39bd01ab6b18d0c0ec564a

SHA256
8e0a00e2b7074d32a3c51a8d7724cb765d2a5a01fd29501640eaa3e6c82f569e

SHA512
ffefad8efe6741012099d7658353232d5d3a6f81bab262ace4bc298fb737b515b46930dbb5d80028ced63e43cdddc9ae3b5204794caef066b7732d20eb98e0c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
a25dd2356a8dcfab298bdb257ea31dc1

SHA1
cc58877bc47ac89951eb844923d1117d3a3894ca

SHA256
7fa41249742266f07b9d8f90a3963a06777cd9c3ef131a39e3b145b2ce260c56

SHA512
debe3515ee91345c6eacf153af86d538c42040e749cd85ed2dc925a8e8e202c2a154ede69527e900680121d84725bd3676d79282b1cf50e4923d8b7747a42d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4b7d6df8e59cc37cebc34ea7ec9d2986

SHA1
027f42386b37b5972e0f8d19f295fc123f52a935

SHA256
73c61a96c6304627c1e23a7ec394ea679a32757f67039cb3bd55b7398e8e82a0

SHA512
ade9fcd56cbb7a5c7aee5cb2ad2be6775d6091a0a2c8464d770d71cec502b202d44a7570469a8e0da27b0b8245660c4e98e61a9e17ce0c547ee202fbf4cc0972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0be4c85966c36165e2065ce901be8bc9

SHA1
20d0be4d26a07facb7278bfa8a5366cdd91b2dcd

SHA256
fdf5e2b25ac52efa187895302d2be8faebbbfdb885deb8809ce73ed7b2f45ed2

SHA512
b26c926d0f157577815dd64935e04c7c9a558f077e16a903c147eea66720ed4a120b3f5e14bfa8b72cfe50ca7f6a54cd9634458ce900cb67a7a661815b222dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
baf7aced15ee394dcffc1ddf953eb6d4

SHA1
4ab246ac18f1246a4e11435b544847c8a6ab3c8e

SHA256
bdce87fd99520d1f39c7eb4f68621cddb57b05e131d7ff4393dfb0d2318d4f70

SHA512
ddd2589b9b4899d66f650f35383bdac4986c9c6482670b8b70c0b6ef6d9842fee55a95c40ec6ecb25147775ce21881baec3c5507a105be4ba20def41750b35ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6f49af88341cf5fae365654b7431cc37

SHA1
402669bc73e4b365247d722a7c89b75383ceb688

SHA256
f362a4ee1a80f7a8da081c864e9f2cdd875eb0d75ba130de38b88c774afa9a1a

SHA512
4d83f4106b8a4268200853a0f2aff759b8bed71d8edbc1948a4deb8d152ba4434c6557230f3e04eed3467b8b85fd3edceeabc28c9f7c9b5463d33e6ea49a4be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3f2a49d153ae2775cb32d13d83e290a

SHA1
59f773bf6e01b119e4f5723fb1c1935b3a2d8d47

SHA256
c0e84755541eff91bfd697904655a85638bc12f0d93218413d34e3e50613b328

SHA512
93b1742adfbf4f9950e173d441af936a9429aec81c153c77cae3e777496c8bf8cc146ae9a6a5ea0eaff4f0ff5a6c727bbca6dedf987fa3824d7e90b3b9f09492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3b165ebdf60c2304ff83b92084529cd8

SHA1
eb13b362897d1c42fae191f111c501958dc55cd7

SHA256
a0cfe980ffce532be8ef0a1a2ea0d05a9614b328d83bed93f8cc16bb697c3c54

SHA512
acbd48deb1b8a63f5eaf052861c1fcf957c0f01fefbccd1b2c63b22b523ff9503ac44cc756a91939c6f772131392db163c4662371ceb9cafdb7e350b90890385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0e210d7a71ca2656741cc3413a17ebaf

SHA1
8915735839e7defe2c2d50f2bb91e109bd2636fe

SHA256
6e0a5cc29ba443a1419cab41a45ed545ef3d58d49146df91f647bdf07ed6d894

SHA512
414fd233770d45eab3f0e9bff58a10a1250efb9aad95e555119dd378c41ad5ff40c112577d75ddfadd3dcd34a1e5e003237bd78a115022fa1de2394f511f1b9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Filesize
933B

MD5
f97d2e6f8d820dbd3b66f21137de4f09

SHA1
596799b75b5d60aa9cd45646f68e9c0bd06df252

SHA256
0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a

SHA512
efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\b.wnry

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\c.wnry

Filesize
780B

MD5
383a85eab6ecda319bfddd82416fc6c2

SHA1
2a9324e1d02c3e41582bf5370043d8afeb02ba6f

SHA256
079ce1041cbffe18ff62a2b4a33711eda40f680d0b1d3b551db47e39a6390b21

SHA512
c661e0b3c175d31b365362e52d7b152267a15d59517a4bcc493329be20b23d0e4eb62d1ba80bb96447eeaf91a6901f4b34bf173b4ab6f90d4111ea97c87c1252

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_bulgarian.wnry

Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (simplified).wnry

Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (traditional).wnry

Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_croatian.wnry

Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_czech.wnry

Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_danish.wnry

Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_dutch.wnry

Filesize
36KB

MD5
7a8d499407c6a647c03c4471a67eaad7

SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_english.wnry

Filesize
36KB

MD5
fe68c2dc0d2419b38f44d83f2fcf232e

SHA1
6c6e49949957215aa2f3dfb72207d249adf36283

SHA256
26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

SHA512
941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_filipino.wnry

Filesize
36KB

MD5
08b9e69b57e4c9b966664f8e1c27ab09

SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa

SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_french.wnry

Filesize
37KB

MD5
4e57113a6bf6b88fdd32782a4a381274

SHA1
0fccbc91f0f94453d91670c6794f71348711061d

SHA256
9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

SHA512
4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_german.wnry

Filesize
36KB

MD5
3d59bbb5553fe03a89f817819540f469

SHA1
26781d4b06ff704800b463d0f1fca3afd923a9fe

SHA256
2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

SHA512
95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_greek.wnry

Filesize
47KB

MD5
fb4e8718fea95bb7479727fde80cb424

SHA1
1088c7653cba385fe994e9ae34a6595898f20aeb

SHA256
e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

SHA512
24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_indonesian.wnry

Filesize
36KB

MD5
3788f91c694dfc48e12417ce93356b0f

SHA1
eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

SHA256
23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

SHA512
b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_italian.wnry

Filesize
36KB

MD5
30a200f78498990095b36f574b6e8690

SHA1
c4b1b3c087bd12b063e98bca464cd05f3f7b7882

SHA256
49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07

SHA512
c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_japanese.wnry

Filesize
79KB

MD5
b77e1221f7ecd0b5d696cb66cda1609e

SHA1
51eb7a254a33d05edf188ded653005dc82de8a46

SHA256
7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

SHA512
f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_korean.wnry

Filesize
89KB

MD5
6735cb43fe44832b061eeb3f5956b099

SHA1
d636daf64d524f81367ea92fdafa3726c909bee1

SHA256
552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0

SHA512
60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_latvian.wnry

Filesize
40KB

MD5
c33afb4ecc04ee1bcc6975bea49abe40

SHA1
fbea4f170507cde02b839527ef50b7ec74b4821f

SHA256
a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536

SHA512
0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_norwegian.wnry

Filesize
36KB

MD5
ff70cc7c00951084175d12128ce02399

SHA1
75ad3b1ad4fb14813882d88e952208c648f1fd18

SHA256
cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a

SHA512
f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_polish.wnry

Filesize
38KB

MD5
e79d7f2833a9c2e2553c7fe04a1b63f4

SHA1
3d9f56d2381b8fe16042aa7c4feb1b33f2baebff

SHA256
519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e

SHA512
e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_portuguese.wnry

Filesize
37KB

MD5
fa948f7d8dfb21ceddd6794f2d56b44f

SHA1
ca915fbe020caa88dd776d89632d7866f660fc7a

SHA256
bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66

SHA512
0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_romanian.wnry

Filesize
50KB

MD5
313e0ececd24f4fa1504118a11bc7986

SHA1
e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d

SHA256
70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1

SHA512
c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_russian.wnry

Filesize
46KB

MD5
452615db2336d60af7e2057481e4cab5

SHA1
442e31f6556b3d7de6eb85fbac3d2957b7f5eac6

SHA256
02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078

SHA512
7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_slovak.wnry

Filesize
40KB

MD5
c911aba4ab1da6c28cf86338ab2ab6cc

SHA1
fee0fd58b8efe76077620d8abc7500dbfef7c5b0

SHA256
e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729

SHA512
3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_spanish.wnry

Filesize
36KB

MD5
8d61648d34cba8ae9d1e2a219019add1

SHA1
2091e42fc17a0cc2f235650f7aad87abf8ba22c2

SHA256
72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1

SHA512
68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_swedish.wnry

Filesize
37KB

MD5
c7a19984eb9f37198652eaf2fd1ee25c

SHA1
06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae

SHA256
146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4

SHA512
43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_turkish.wnry

Filesize
41KB

MD5
531ba6b1a5460fc9446946f91cc8c94b

SHA1
cc56978681bd546fd82d87926b5d9905c92a5803

SHA256
6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415

SHA512
ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_vietnamese.wnry

Filesize
91KB

MD5
8419be28a0dcec3f55823620922b00fa

SHA1
2e4791f9cdfca8abf345d606f313d22b36c46b92

SHA256
1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8

SHA512
8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\r.wnry

Filesize
864B

MD5
3e0020fc529b1c2a061016dd2469ba96

SHA1
c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade

SHA256
402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c

SHA512
5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\s.wnry

Filesize
2.9MB

MD5
ad4c9de7c8c40813f200ba1c2fa33083

SHA1
d1af27518d455d432b62d73c6a1497d032f6120e

SHA256
e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b

SHA512
115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\t.wnry

Filesize
64KB

MD5
5dcaac857e695a65f5c3ef1441a73a8f

SHA1
7b10aaeee05e7a1efb43d9f837e9356ad55c07dd

SHA256
97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6

SHA512
06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
4.9MB

MD5
4429e81a8abf8b7a33d8d6b8ade61abb

SHA1
15efc8ac8a609c09eea59127f5919b3fd810271c

SHA256
eb5a63fa7770db77326cf4039fc08e6c5ea2a0b40142c09d695bd383673cc12e

SHA512
aafd09aa7eed4c908760f5403f231a752b9c369e8d8547534c655e46ac30b8d4754ed9e0e5ffed8c4d733481bfc79930292317134b93502c83ea65fed8505714

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry.zip

Filesize
3.3MB

MD5
efe76bf09daba2c594d2bc173d9b5cf0

SHA1
ba5de52939cb809eae10fdbb7fac47095a9599a7

SHA256
707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a

SHA512
4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029

Download Submit
memory/2512-1147-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/3844-2729-0x0000026C7D090000-0x0000026C7D091000-memory.dmp

Filesize
4KB

Download
memory/3844-2731-0x0000026C7D0C0000-0x0000026C7D0C1000-memory.dmp

Filesize
4KB

Download
memory/3844-2732-0x0000026C7D0C0000-0x0000026C7D0C1000-memory.dmp

Filesize
4KB

Download
memory/3844-2733-0x0000026C7D1D0000-0x0000026C7D1D1000-memory.dmp

Filesize
4KB

Download
memory/3844-2697-0x0000026C74C40000-0x0000026C74C50000-memory.dmp

Filesize
64KB

Download
memory/3844-2713-0x0000026C74D40000-0x0000026C74D50000-memory.dmp

Filesize
64KB

Download
memory/5660-2690-0x0000000073EF0000-0x0000000073F67000-memory.dmp

Filesize
476KB

Download
memory/5660-2692-0x0000000073E60000-0x0000000073EE2000-memory.dmp

Filesize
520KB

Download
memory/5660-2686-0x0000000000780000-0x0000000000A7E000-memory.dmp

Filesize
3.0MB

Download
memory/5660-2687-0x0000000073FC0000-0x0000000074042000-memory.dmp

Filesize
520KB

Download
memory/5660-2736-0x0000000000780000-0x0000000000A7E000-memory.dmp

Filesize
3.0MB

Download
memory/5660-2688-0x0000000073FA0000-0x0000000073FBC000-memory.dmp

Filesize
112KB

Download
memory/5660-2753-0x0000000000780000-0x0000000000A7E000-memory.dmp

Filesize
3.0MB

Download
memory/5660-2689-0x0000000073F70000-0x0000000073F92000-memory.dmp

Filesize
136KB

Download
memory/5660-2650-0x0000000073C40000-0x0000000073E5C000-memory.dmp

Filesize
2.1MB

Download
memory/5660-2691-0x0000000073C40000-0x0000000073E5C000-memory.dmp

Filesize
2.1MB

Download
memory/5660-2651-0x0000000073E60000-0x0000000073EE2000-memory.dmp

Filesize
520KB

Download
memory/5660-2649-0x0000000073FC0000-0x0000000074042000-memory.dmp

Filesize
520KB

Download
memory/5660-2652-0x0000000073F70000-0x0000000073F92000-memory.dmp

Filesize
136KB

Download
memory/5660-2653-0x0000000000780000-0x0000000000A7E000-memory.dmp

Filesize
3.0MB

Download