Analysis Overview
SHA256
07ecdced8cf2436c0bc886ee1e49ee4b8880a228aa173220103f35c535305635
Threat Level: Known bad
The file WannaCry-main.zip was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Drops startup file
Loads dropped DLL
Modifies file permissions
Executes dropped EXE
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Enumerates processes with tasklist
Sets desktop wallpaper using registry
Unsigned PE
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Modifies registry key
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Interacts with shadow copies
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious behavior: CmdExeWriteProcessMemorySpam
Views/modifies file attributes
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-18 03:10
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-18 03:10
Reported
2024-10-18 03:21
Platform
win7-20240708-en
Max time kernel
600s
Max time network
554s
Command Line
Signatures
Wannacry
Deletes shadow copies
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD626E.tmp | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\WannaCry.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD6272.tmp | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\WannaCry.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\juozponvnaru273 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\WannaCry-main\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\WannaCry.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\TaskData\Tor\taskhsvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\WannaCry.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\vssadmin.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\vssadmin.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Suspicious behavior: CmdExeWriteProcessMemorySpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\wanakiwi\wanakiwi.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\wanakiwi\wanakiwi.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected] | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\WannaCry.exe
"C:\Users\Admin\AppData\Local\Temp\WannaCry-main\WannaCry.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c 74851729221065.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5b89758,0x7fef5b89768,0x7fef5b89778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1280,i,3237351132293929312,6733418954872786276,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1476 --field-trial-handle=1280,i,3237351132293929312,6733418954872786276,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1524 --field-trial-handle=1280,i,3237351132293929312,6733418954872786276,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2240 --field-trial-handle=1280,i,3237351132293929312,6733418954872786276,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1280,i,3237351132293929312,6733418954872786276,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1396 --field-trial-handle=1280,i,3237351132293929312,6733418954872786276,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2172 --field-trial-handle=1280,i,3237351132293929312,6733418954872786276,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3324 --field-trial-handle=1280,i,3237351132293929312,6733418954872786276,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3156 --field-trial-handle=1280,i,3237351132293929312,6733418954872786276,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 --field-trial-handle=1280,i,3237351132293929312,6733418954872786276,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3800 --field-trial-handle=1280,i,3237351132293929312,6733418954872786276,131072 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2540 --field-trial-handle=1280,i,3237351132293929312,6733418954872786276,131072 /prefetch:1
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4084 --field-trial-handle=1280,i,3237351132293929312,6733418954872786276,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4252 --field-trial-handle=1280,i,3237351132293929312,6733418954872786276,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4208 --field-trial-handle=1280,i,3237351132293929312,6733418954872786276,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "juozponvnaru273" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\WannaCry-main\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "juozponvnaru273" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\WannaCry-main\tasksche.exe\"" /f
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Users\Admin\Downloads\wanakiwi\wanakiwi.exe
C:\Users\Admin\Downloads\wanakiwi\wanakiwi.exe
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\tasklist.exe
tasklist
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\wanakiwi\wanakiwi.exe
C:\Users\Admin\Downloads\wanakiwi\wanakiwi.exe 2720
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
taskdl.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.212.206:443 | apis.google.com | tcp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.212.206:443 | apis.google.com | tcp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| NL | 188.166.133.133:9001 | tcp | |
| SE | 171.25.193.9:80 | tcp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| SE | 193.11.114.46:9003 | tcp | |
| FR | 62.4.14.52:9001 | tcp | |
| GB | 142.250.200.36:443 | www.google.com | udp |
| N/A | 127.0.0.1:50169 | tcp | |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| GB | 142.250.180.3:80 | www.gstatic.com | tcp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_indonesian.wnry
| MD5 | 3788f91c694dfc48e12417ce93356b0f |
| SHA1 | eb3b87f7f654b604daf3484da9e02ca6c4ea98b7 |
| SHA256 | 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4 |
| SHA512 | b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_greek.wnry
| MD5 | fb4e8718fea95bb7479727fde80cb424 |
| SHA1 | 1088c7653cba385fe994e9ae34a6595898f20aeb |
| SHA256 | e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9 |
| SHA512 | 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_german.wnry
| MD5 | 3d59bbb5553fe03a89f817819540f469 |
| SHA1 | 26781d4b06ff704800b463d0f1fca3afd923a9fe |
| SHA256 | 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61 |
| SHA512 | 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_french.wnry
| MD5 | 4e57113a6bf6b88fdd32782a4a381274 |
| SHA1 | 0fccbc91f0f94453d91670c6794f71348711061d |
| SHA256 | 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc |
| SHA512 | 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_filipino.wnry
| MD5 | 08b9e69b57e4c9b966664f8e1c27ab09 |
| SHA1 | 2da1025bbbfb3cd308070765fc0893a48e5a85fa |
| SHA256 | d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324 |
| SHA512 | 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_english.wnry
| MD5 | fe68c2dc0d2419b38f44d83f2fcf232e |
| SHA1 | 6c6e49949957215aa2f3dfb72207d249adf36283 |
| SHA256 | 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5 |
| SHA512 | 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_dutch.wnry
| MD5 | 7a8d499407c6a647c03c4471a67eaad7 |
| SHA1 | d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b |
| SHA256 | 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c |
| SHA512 | 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_danish.wnry
| MD5 | 2c5a3b81d5c4715b7bea01033367fcb5 |
| SHA1 | b548b45da8463e17199daafd34c23591f94e82cd |
| SHA256 | a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6 |
| SHA512 | 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_czech.wnry
| MD5 | 537efeecdfa94cc421e58fd82a58ba9e |
| SHA1 | 3609456e16bc16ba447979f3aa69221290ec17d0 |
| SHA256 | 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150 |
| SHA512 | e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_croatian.wnry
| MD5 | 17194003fa70ce477326ce2f6deeb270 |
| SHA1 | e325988f68d327743926ea317abb9882f347fa73 |
| SHA256 | 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171 |
| SHA512 | dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_chinese (traditional).wnry
| MD5 | 2efc3690d67cd073a9406a25005f7cea |
| SHA1 | 52c07f98870eabace6ec370b7eb562751e8067e9 |
| SHA256 | 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a |
| SHA512 | 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_chinese (simplified).wnry
| MD5 | 0252d45ca21c8e43c9742285c48e91ad |
| SHA1 | 5c14551d2736eef3a1c1970cc492206e531703c1 |
| SHA256 | 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a |
| SHA512 | 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_bulgarian.wnry
| MD5 | 95673b0f968c0f55b32204361940d184 |
| SHA1 | 81e427d15a1a826b93e91c3d2fa65221c8ca9cff |
| SHA256 | 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd |
| SHA512 | 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\c.wnry
| MD5 | 383a85eab6ecda319bfddd82416fc6c2 |
| SHA1 | 2a9324e1d02c3e41582bf5370043d8afeb02ba6f |
| SHA256 | 079ce1041cbffe18ff62a2b4a33711eda40f680d0b1d3b551db47e39a6390b21 |
| SHA512 | c661e0b3c175d31b365362e52d7b152267a15d59517a4bcc493329be20b23d0e4eb62d1ba80bb96447eeaf91a6901f4b34bf173b4ab6f90d4111ea97c87c1252 |
memory/2364-39-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\b.wnry
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\u.wnry
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskse.exe
| MD5 | 8495400f199ac77853c53b5a3f278f3e |
| SHA1 | be5d6279874da315e3080b06083757aad9b32c23 |
| SHA256 | 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d |
| SHA512 | 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\taskdl.exe
| MD5 | 4fef5e34143e646dbf9907c4374276f5 |
| SHA1 | 47a9ad4125b6bd7c55e4e7da251e23f089407b8f |
| SHA256 | 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79 |
| SHA512 | 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\t.wnry
| MD5 | 5dcaac857e695a65f5c3ef1441a73a8f |
| SHA1 | 7b10aaeee05e7a1efb43d9f837e9356ad55c07dd |
| SHA256 | 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6 |
| SHA512 | 06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\s.wnry
| MD5 | ad4c9de7c8c40813f200ba1c2fa33083 |
| SHA1 | d1af27518d455d432b62d73c6a1497d032f6120e |
| SHA256 | e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b |
| SHA512 | 115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\r.wnry
| MD5 | 3e0020fc529b1c2a061016dd2469ba96 |
| SHA1 | c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade |
| SHA256 | 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c |
| SHA512 | 5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_vietnamese.wnry
| MD5 | 8419be28a0dcec3f55823620922b00fa |
| SHA1 | 2e4791f9cdfca8abf345d606f313d22b36c46b92 |
| SHA256 | 1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8 |
| SHA512 | 8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_turkish.wnry
| MD5 | 531ba6b1a5460fc9446946f91cc8c94b |
| SHA1 | cc56978681bd546fd82d87926b5d9905c92a5803 |
| SHA256 | 6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415 |
| SHA512 | ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_swedish.wnry
| MD5 | c7a19984eb9f37198652eaf2fd1ee25c |
| SHA1 | 06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae |
| SHA256 | 146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4 |
| SHA512 | 43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_spanish.wnry
| MD5 | 8d61648d34cba8ae9d1e2a219019add1 |
| SHA1 | 2091e42fc17a0cc2f235650f7aad87abf8ba22c2 |
| SHA256 | 72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1 |
| SHA512 | 68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_slovak.wnry
| MD5 | c911aba4ab1da6c28cf86338ab2ab6cc |
| SHA1 | fee0fd58b8efe76077620d8abc7500dbfef7c5b0 |
| SHA256 | e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729 |
| SHA512 | 3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_russian.wnry
| MD5 | 452615db2336d60af7e2057481e4cab5 |
| SHA1 | 442e31f6556b3d7de6eb85fbac3d2957b7f5eac6 |
| SHA256 | 02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078 |
| SHA512 | 7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_romanian.wnry
| MD5 | 313e0ececd24f4fa1504118a11bc7986 |
| SHA1 | e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d |
| SHA256 | 70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1 |
| SHA512 | c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_portuguese.wnry
| MD5 | fa948f7d8dfb21ceddd6794f2d56b44f |
| SHA1 | ca915fbe020caa88dd776d89632d7866f660fc7a |
| SHA256 | bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66 |
| SHA512 | 0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_polish.wnry
| MD5 | e79d7f2833a9c2e2553c7fe04a1b63f4 |
| SHA1 | 3d9f56d2381b8fe16042aa7c4feb1b33f2baebff |
| SHA256 | 519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e |
| SHA512 | e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_norwegian.wnry
| MD5 | ff70cc7c00951084175d12128ce02399 |
| SHA1 | 75ad3b1ad4fb14813882d88e952208c648f1fd18 |
| SHA256 | cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a |
| SHA512 | f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_latvian.wnry
| MD5 | c33afb4ecc04ee1bcc6975bea49abe40 |
| SHA1 | fbea4f170507cde02b839527ef50b7ec74b4821f |
| SHA256 | a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536 |
| SHA512 | 0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_korean.wnry
| MD5 | 6735cb43fe44832b061eeb3f5956b099 |
| SHA1 | d636daf64d524f81367ea92fdafa3726c909bee1 |
| SHA256 | 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0 |
| SHA512 | 60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_japanese.wnry
| MD5 | b77e1221f7ecd0b5d696cb66cda1609e |
| SHA1 | 51eb7a254a33d05edf188ded653005dc82de8a46 |
| SHA256 | 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e |
| SHA512 | f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\msg\m_italian.wnry
| MD5 | 30a200f78498990095b36f574b6e8690 |
| SHA1 | c4b1b3c087bd12b063e98bca464cd05f3f7b7882 |
| SHA256 | 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07 |
| SHA512 | c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\74851729221065.bat
| MD5 | ced7fce8e696c90240c2d78d7de187a2 |
| SHA1 | 6d09a5ddf980b3334835f426acb0de8edf81bb13 |
| SHA256 | de18e42781591eae5b9de7b5addfcbe991a75446f4ac71e3421a85f8b8bc3865 |
| SHA512 | a7372bfb437dbaef7862b4f678d79db17bd431a5f12fac534f8e2ff9cc36917efae829912feeef3b6b8628add4923fd3ba4273093efefeff47d07d7a30a9b3c5 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\m.vbs
| MD5 | d252d0e7f0cf0038366058608195d731 |
| SHA1 | 5ea37875524c002acdd2b8bf574ecea2304360c8 |
| SHA256 | 2354c512d78b5a72550662ea82a19f0cd494924416ee1bd9a85541ae7236ea88 |
| SHA512 | e93e39e99b1572b46f1590d0d4be676b2574771cc620001f9370e479c96da6187442d0b5af12807a963aa4e783f1877bc9871afa92a57850a80ea54203a8cd72 |
C:\Users\Admin\Documents\@[email protected]
| MD5 | f97d2e6f8d820dbd3b66f21137de4f09 |
| SHA1 | 596799b75b5d60aa9cd45646f68e9c0bd06df252 |
| SHA256 | 0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a |
| SHA512 | efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\@[email protected]
| MD5 | dd978acc83056f8714ac2de45ac0b294 |
| SHA1 | 2c33feea8e2e0d5130a4a08fb6eec10e6af46cd5 |
| SHA256 | 56ec8af6dec4169c13166172747ab2e81ec5817f67aeb929bbba56ec9fe57d44 |
| SHA512 | de2a1ca11e0c946c7765056f4f4b09fc3cfdc07d414dde187e5d50ce453531bc5bc8b58b53758f1a14963d662cf76be2dc93cfa20d48aeaaa4c4e844e6ce8b42 |
\??\pipe\crashpad_2464_EZTXKPVDJHAAGZLL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\00000000.res
| MD5 | 637f9da076e41c2b8b0733817afe63a2 |
| SHA1 | 64978258379f5f0d1c356cd2a9ea4ab038b5ccdc |
| SHA256 | a180f8dcf299aa5de22e7b28fd8b7ffe35ca8d49f3f47badb098c980c83aca1f |
| SHA512 | 62ac9b6303a108f453b067b339f8d5cb34bf999294fa61f6a931f53292573de162dfb96c4037cd927f5d08b9c956ec0ab019c4accea10c3015160e28b13ad511 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
\Users\Admin\AppData\Local\Temp\WannaCry-main\TaskData\Tor\taskhsvc.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\TaskData\Tor\libevent-2-0-5.dll
| MD5 | 90f50a285efa5dd9c7fddce786bdef25 |
| SHA1 | 54213da21542e11d656bb65db724105afe8be688 |
| SHA256 | 77a250e81fdaf9a075b1244a9434c30bf449012c9b647b265fa81a7b0db2513f |
| SHA512 | 746422be51031cfa44dd9a6f3569306c34bbe8abf9d2bd1df139d9c938d0cba095c0e05222fd08c8b6deaebef5d3f87569b08fb3261a2d123d983517fb9f43ae |
C:\Users\Admin\AppData\Local\Temp\WannaCry-main\TaskData\Tor\libssp-0.dll
| MD5 | 78581e243e2b41b17452da8d0b5b2a48 |
| SHA1 | eaefb59c31cf07e60a98af48c5348759586a61bb |
| SHA256 | f28caebe9bc6aa5a72635acb4f0e24500494e306d8e8b2279e7930981281683f |
| SHA512 | 332098113ce3f75cb20dc6e09f0d7ba03f13f5e26512d9f3bee3042c51fbb01a5e4426c5e9a5308f7f805b084efc94c28fc9426ce73ab8dfee16ab39b3efe02a |
memory/1512-954-0x0000000000E10000-0x000000000110E000-memory.dmp
memory/1512-953-0x0000000074260000-0x0000000074282000-memory.dmp
memory/1512-952-0x0000000074290000-0x0000000074312000-memory.dmp
memory/1512-951-0x0000000074320000-0x000000007453C000-memory.dmp
memory/1512-950-0x00000000745E0000-0x0000000074662000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab9272.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9284.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
memory/1512-1112-0x0000000000E10000-0x000000000110E000-memory.dmp
memory/1512-1118-0x0000000074260000-0x0000000074282000-memory.dmp
memory/1512-1117-0x0000000074290000-0x0000000074312000-memory.dmp
memory/1512-1116-0x0000000074320000-0x000000007453C000-memory.dmp
memory/1512-1114-0x00000000745C0000-0x00000000745DC000-memory.dmp
memory/1512-1113-0x00000000745E0000-0x0000000074662000-memory.dmp
memory/1512-1115-0x0000000074540000-0x00000000745B7000-memory.dmp
memory/1512-1416-0x0000000000E10000-0x000000000110E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3803b2b6c1a8f996d62ee8faefa08f1d |
| SHA1 | 753a39e415ef7a911bdbca17f8bb1e205738915c |
| SHA256 | f40605950a6818dfd72409e1126f0526e8ed72075534af57838839d88bd728b4 |
| SHA512 | fcd834ddb1431c341aace1727117d18d923af3fcc18dd4f8f054988e53137e0f349b6f14dc4d89a9e85ee2bc59a14545507a91bb14452658a1343f1e294aa1d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 501cfb4dfba7f88f8bc691ca40014672 |
| SHA1 | 2f3439842b6df3e1e1eb588c94af015342bd5b43 |
| SHA256 | 08552f3e8f946dc7c4e9b7602d7e84b38d3f2210272c94530d8fb0dfaa9b234a |
| SHA512 | ce21082d01aa61957c7c0f495165267888be6f4e6d3ac74df67451b76334af54703d3eb7a2adcfd421fd1ccadde20043f60f65544264a2a99f06f58bde469e6f |
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | 42b536fe720f4c4565034a4b78cb05ab |
| SHA1 | eeb186632670ed89df44afcbae403c3968eb12d0 |
| SHA256 | 4741ab558cc46f7593b5a6bb2e720d7f227f113b366b665216d5cde35bf3ecb7 |
| SHA512 | 8d986270f67b043fa070bb4b95f1a8048c6a11315d45ec2f5066d4b8156d20bbd9c56be3bcfe80f0a83c2a9802f98dbc6ab2a58440715d1866d9ce46f12d14d5 |
memory/1512-1468-0x0000000000E10000-0x000000000110E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 10b371005c8811bcefbd02cd9e50164e |
| SHA1 | 37afe0741b91dd7bbb04a2252c4b34b0528fdbf0 |
| SHA256 | cc155b2d0d7191032ffdabba731b654c0a413b801d8df3c837f7df7269131e60 |
| SHA512 | 62bb8a83ceaf941169cc936904827aa692f853fc36a9a75c676748861fff80889b2ef80bce29cd24512dd9f8e2631ac26a55572f546bf7a56202fb5a9cf2b4af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 737b45db08d1cb2eb0ccf27027f6ab57 |
| SHA1 | edc9c60583a2d087b08b0057bc2c96b530831545 |
| SHA256 | 6f46a4365e45a7144b3e9ce8e4a480ff67dc82275c3ca765ec3deded32919f7f |
| SHA512 | 0c7599b2d0f662d7759c569f0d0bda715d89e6457dbe6000514ed29357a8c5de04163d80b61b874c3415c1296eb457647e9e5633d2e187a9b13012dfd5ecbec7 |
memory/1512-1503-0x0000000074320000-0x000000007453C000-memory.dmp
memory/1512-1499-0x0000000000E10000-0x000000000110E000-memory.dmp
memory/1512-1512-0x0000000000E10000-0x000000000110E000-memory.dmp
memory/1512-1557-0x0000000000E10000-0x000000000110E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9658822b-480d-4b34-a8d5-e22f86041fbf.tmp
| MD5 | 8c1e206ef39949a60380cf10e340234f |
| SHA1 | 3527179d7bdf56882cf54fee4992499a11ee2b47 |
| SHA256 | 6862c480cbd2d7ba2c1dc3150870066c41cfb48fe930eac3bb55e089dcb54121 |
| SHA512 | 187623a89a4f22c30d816438696a6871cefd9c3d50bf301675bf9b83613a4f23f19f26c136f93766341e3235932a5a6f1a4edabf99217fe62b0c9b9bcbc4e781 |
memory/1512-1576-0x0000000074320000-0x000000007453C000-memory.dmp
memory/1512-1572-0x0000000000E10000-0x000000000110E000-memory.dmp
memory/1512-1584-0x0000000000E10000-0x000000000110E000-memory.dmp
memory/2868-1591-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2868-1592-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2868-1593-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2868-1616-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2868-1617-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2868-1626-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2868-1634-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2868-1643-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2868-1658-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2868-1674-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4cc37526dc355e850dfce3d74f648ac2 |
| SHA1 | a0dec9a5cb24f8324c5ad5a9aa9b220a91878b2a |
| SHA256 | 8f71ce5ce7bf1230747522fb9ea8e390692a51a19651de057ff119f853f88f96 |
| SHA512 | 1052689ef65611fd31e640188eb53f2390a0338dd513eb189d9a73faaa23111413fbf1e66955eafbdd0b900d0808d76c1ec1777e410dd65da54817a3c6d397af |
memory/2868-1704-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2868-1727-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2868-1736-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/2868-1744-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 59fd025a70d29691a2a5bb79f1608486 |
| SHA1 | 97ac0f45e341e31248540fbbffb845432ca28f08 |
| SHA256 | 2bcdea0fa4e0cbfca1355f8b820491a5e43cef47253e5ce8fb2522be31caaded |
| SHA512 | 32b5150da79513c158b7b1c584a0fc3d302d52546768734fde4d94ff84a1fd8e03972b55d9f06f55299a58f333dfca2950691b21217996af8c57e7b4736cd010 |