Analysis Overview
Threat Level: Known bad
The file https://github.com/giabao4498/Hydra-Virus was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Drops startup file
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Modifies file permissions
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Sets desktop wallpaper using registry
Enumerates physical storage devices
Checks SCSI registry key(s)
Views/modifies file attributes
Suspicious behavior: EnumeratesProcesses
Modifies registry key
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Modifies registry class
Uses Volume Shadow Copy service COM API
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
NTFS ADS
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-24 19:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-24 19:13
Reported
2024-03-24 19:21
Platform
win10v2004-20240226-en
Max time kernel
429s
Max time network
435s
Command Line
Signatures
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD316C.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD3182.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Hydra.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Hydra.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\yzictsov605 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\@[email protected] | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-557049126-2506969350-2798870634-1000\{B1B73365-2CB4-4EA6-9726-5CE2A4AE8ADA} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 765470.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 407309.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/giabao4498/Hydra-Virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff967fa46f8,0x7ff967fa4708,0x7ff967fa4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9289326467502273321,10250744765772077992,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,9289326467502273321,10250744765772077992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,9289326467502273321,10250744765772077992,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9289326467502273321,10250744765772077992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9289326467502273321,10250744765772077992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9289326467502273321,10250744765772077992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9289326467502273321,10250744765772077992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9289326467502273321,10250744765772077992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9289326467502273321,10250744765772077992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9289326467502273321,10250744765772077992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9289326467502273321,10250744765772077992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,9289326467502273321,10250744765772077992,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9289326467502273321,10250744765772077992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,9289326467502273321,10250744765772077992,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6276 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,9289326467502273321,10250744765772077992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Hydra.exe
"C:\Users\Admin\Downloads\Hydra.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Users\Admin\Downloads\Hydra.exe
"C:\Users\Admin\Downloads\Hydra.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5132.0.1493223104\1823245755" -parentBuildID 20221007134813 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04462ce0-2ed4-4037-bf46-7c779865f6ae} 5132 "\\.\pipe\gecko-crash-server-pipe.5132" 1980 2561a8b9458 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5132.1.1027585982\1209856910" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {831c5ee3-0279-4f32-b0b5-6f3a2376f52b} 5132 "\\.\pipe\gecko-crash-server-pipe.5132" 2380 2560dd72b58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5132.2.791044853\1649863186" -childID 1 -isForBrowser -prefsHandle 3304 -prefMapHandle 3300 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8fb76d8-f334-40f6-9aef-8c7e922d67b3} 5132 "\\.\pipe\gecko-crash-server-pipe.5132" 2872 2561a85f558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5132.3.1689271194\1682570719" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3552 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f705bef-fda2-4bf3-88d8-bbdf3fb6182f} 5132 "\\.\pipe\gecko-crash-server-pipe.5132" 3564 2561cdfc258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5132.4.619277631\1050010024" -childID 3 -isForBrowser -prefsHandle 4516 -prefMapHandle 4408 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a044339a-2da5-4d4e-b637-de4b06552507} 5132 "\\.\pipe\gecko-crash-server-pipe.5132" 4600 256205a2258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5132.5.314345179\76543394" -childID 4 -isForBrowser -prefsHandle 5024 -prefMapHandle 5008 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45c0323f-fbaa-4cd0-b500-cf8a22029dd3} 5132 "\\.\pipe\gecko-crash-server-pipe.5132" 5032 2561f9e5d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5132.6.2038738890\1407442303" -childID 5 -isForBrowser -prefsHandle 5160 -prefMapHandle 5052 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81ad52bf-0bd0-4ac5-9c6a-882f43c88747} 5132 "\\.\pipe\gecko-crash-server-pipe.5132" 5152 25620c12758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5132.7.1559749397\1732927867" -childID 6 -isForBrowser -prefsHandle 5380 -prefMapHandle 5384 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {202bd255-789d-40be-8135-be6a851ac931} 5132 "\\.\pipe\gecko-crash-server-pipe.5132" 5376 25620c12d58 tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff967fa46f8,0x7ff967fa4708,0x7ff967fa4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,8838233209411970914,10311875103415768606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6764 /prefetch:8
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 230421711308006.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "yzictsov605" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "yzictsov605" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.239.69.13.in-addr.arpa | udp |
| N/A | 127.0.0.1:54331 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 52.13.152.141:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 141.152.13.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:54337 | tcp | |
| GB | 92.123.128.140:443 | www.bing.com | tcp |
| GB | 92.123.128.140:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 140.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.161:443 | th.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | tcp |
| GB | 92.123.128.161:443 | th.bing.com | tcp |
| GB | 92.123.128.186:443 | r.bing.com | udp |
| GB | 92.123.128.186:443 | r.bing.com | udp |
| GB | 92.123.128.161:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 161.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.72:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.microsoft.com | udp |
| US | 13.107.246.64:443 | apps.microsoft.com | tcp |
| US | 13.107.246.64:443 | apps.microsoft.com | tcp |
| US | 8.8.8.8:53 | images-eds-ssl.xboxlive.com | udp |
| US | 8.8.8.8:53 | sparkcdneus2.azureedge.net | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | musicart.xboxlive.com | udp |
| GB | 96.16.108.10:443 | musicart.xboxlive.com | tcp |
| US | 8.8.8.8:53 | store-images.microsoft.com | udp |
| US | 152.199.19.161:443 | sparkcdneus2.azureedge.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| GB | 96.16.109.234:443 | store-images.microsoft.com | tcp |
| GB | 96.16.108.10:443 | musicart.xboxlive.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.108.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | northcentralus-0.in.applicationinsights.azure.com | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 52.240.245.68:443 | northcentralus-0.in.applicationinsights.azure.com | tcp |
| US | 8.8.8.8:53 | 34.31.224.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.42.65.88:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.65.88:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 68.245.240.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:63864 | tcp | |
| NL | 178.62.173.203:9001 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| US | 8.8.8.8:53 | 244.244.23.193.in-addr.arpa | udp |
| HU | 91.219.236.222:443 | tcp | |
| US | 8.8.8.8:53 | 222.236.219.91.in-addr.arpa | udp |
| FR | 62.210.92.11:9001 | tcp | |
| FR | 62.210.92.11:9001 | tcp | |
| US | 154.35.175.225:443 | tcp | |
| CA | 192.160.102.164:9001 | tcp | |
| US | 8.8.8.8:53 | 164.102.160.192.in-addr.arpa | udp |
| FR | 93.115.97.242:9001 | tcp | |
| US | 8.8.8.8:53 | 242.97.115.93.in-addr.arpa | udp |
| DE | 37.221.197.245:9100 | tcp | |
| US | 8.8.8.8:53 | 245.197.221.37.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a774512b00820b61a51258335097b2c9 |
| SHA1 | 38c28d1ea3907a1af6c0443255ab610dd9285095 |
| SHA256 | 01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4 |
| SHA512 | ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fd7944a4ff1be37517983ffaf5700b11 |
| SHA1 | c4287796d78e00969af85b7e16a2d04230961240 |
| SHA256 | b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74 |
| SHA512 | 28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c647e202b10c69ebf663f4de6bdd8337 |
| SHA1 | ecace2815f9b428c177b71f8759f3993aa774f99 |
| SHA256 | 9d5fd8bb5e64f46e4d158ce87a7eb2f0cc86d9f010f519878f2c10b9b54711b8 |
| SHA512 | 31bdf5d13d0a765bc0db57e2eaa775867b0d0254a374cd2aa14171ba29a433196fa331037221423f00ac48a25acbda8c89be8f051532fcefe3444fea1b8add8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 44ec76fb63eb042c8ca58b871dc52426 |
| SHA1 | 634d05c3c413423ee04e09ad5f73f8c367ad7209 |
| SHA256 | 7a88c2da36822538cdbe4c48000d020e94cc4a2ba1d472ad107f3f36f46a7b77 |
| SHA512 | 20faeb0e9625d6878529e213b0d7dad10456a08e3ac42f983502536b262d55cbb3f154a2e75a36690f549b42a068899158e6578b11796072b5c05da7df75ff98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c601351d-b8d6-41c1-a6bd-325c8c8cb9f6.tmp
| MD5 | 17cfc4e16b88dde9b7896010beb91ad0 |
| SHA1 | 9d701847f344b23a9f08edc812b049c6529203f2 |
| SHA256 | ac818baebdfcb101c1e53b6e24a42f84047ffaff09c0474fee1de8dd7ddf3fc8 |
| SHA512 | de67584ab499f3295a776dab73012c3cffeb2961bc0d34e8101e22fc55ac6f24663162844b40c605f7875c8bf4053cf6dacdf48f6c8f18f82ff5b9e9c3d43133 |
C:\Users\Admin\Downloads\Unconfirmed 765470.crdownload
| MD5 | fa34de0a683eaac577465805b9c608f7 |
| SHA1 | 97e8aac39f57e1cc072ed5e1917453e659f7b375 |
| SHA256 | 966a9be6f6235887c533e14093673d7a7fd857536cd243a3f1193be1ab42c99a |
| SHA512 | 85497fafdc5f5a089f55a7fe057a7496aac7a941c8e4102dd1cc245cf98b58cf84c5de272bd8ed546e735214d54b7f083ee5db9d9e5928a56eafcfcba4f33135 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d7e1.TMP
| MD5 | ffeb2ab7ebcc5184204196a58372b0dc |
| SHA1 | 39835eda492420f722b346b20c42e46c99101806 |
| SHA256 | 816f675266818ffbd98aed5626ad6fda67148bcfe758724acdd2a3a007f832ba |
| SHA512 | 5d2242660dd15ba0c11d90fc4a20ba587680025dbed72765643b04936a623cf43a33c470c336f3a6024e37b20e34cf5d60cdff55e649878ad5032dee50ce4b97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 657190a241e4d506db6e31d1a1774a92 |
| SHA1 | 937b37c962b9732e2b2006e3d60aff5475cc77e2 |
| SHA256 | 5c224c5c65badc0596bb96df8aa3095162079204000bd37e17f219254f1dbca1 |
| SHA512 | f0206917ec792bd50fca124acbb1865c5e17c6f67a4b3de64a7f3be79843eb6789589c653aec2151bda404359cd16240f35e044270b6451db7652c6c8f077f01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cf7d9e4a08c4f43064e78f5b05dd0973 |
| SHA1 | 3db4d9865f12c96e4e16beee3f5ae43868069c89 |
| SHA256 | 0105124005a5760816421d76162ece818c50cb56180e60bfbcc22d0b734da4af |
| SHA512 | 9141fa152a3a1d1b1158798459e6f46105ad6e42ed3f833704320077eb161835f917a63b57d8b7336d729c8356bcab0e83e7470c5ba069589a8ce76d43675ee4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5380ccf884e9932140cf87c943ba1ace |
| SHA1 | 92816b2da15514ffbf8b399ff7209e943e8e2f80 |
| SHA256 | ff53945583c4a9dba0ca5cf7d6822997a5f7d8b0764e9862b18e74ceb8ddc84b |
| SHA512 | 45c4d7661d04744af161a7d079f8c92e7d2ded26a37b975955f73520640338c64bde90ddc0ae8f7545b0d95f70533a17f8c01a0bfa60526ee7d78b5ed8fba0c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8b06c26ce5d927bc4d821ba117364755 |
| SHA1 | 7aea739f204d28cfcb11af46508109eeb23bde31 |
| SHA256 | 44692e6395252cf47c3390550c26361a5c16b0acc3139bdea69d0fa440dec09b |
| SHA512 | 33c397e95b35051a30a2fcff49eebacd33b5b3eac114507073359bcfe629d25449d27221d6953fe228c711e83e3d4b7af51c89b0754c32adc1df6e25793473b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd644cddd751e01b874cf7a869476ce1 |
| SHA1 | 1c0ca4dd6692c4e03b5a83e47ad999839c45ad20 |
| SHA256 | 8dc1e669cce6f8ba9b34a54d18af404b15b744cd7ea14948ecf793dd2c469566 |
| SHA512 | 9f4c7ff118d80fba7c4f4d62aa98c33a0d702af288a1d4a55b080c76e85db73d1dff28637f0d1d80b039501f31a4df491582d89f928ca86cb1cd71a833698928 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ed5f4213c17629776cd75510648fc019 |
| SHA1 | ebfa685dca9b7c920cd5ad521c03e4ad0ce435b9 |
| SHA256 | e969795f0e63ec8a35cdf34d5bc43867ca0825bebfed9734943e69b34ed2ad87 |
| SHA512 | 71bcc166ae5a48f7a79aa5de7ecc7e10dce22c39240ca9ffe9d0f9340f40fc2a2429529cfee8b2b5d7082efe94921fa7df3454852d5313ff4093bfdffc189627 |
memory/5616-346-0x0000000000020000-0x0000000000046000-memory.dmp
memory/5616-347-0x0000000074660000-0x0000000074E10000-memory.dmp
memory/5616-348-0x0000000004A60000-0x0000000004AFC000-memory.dmp
memory/5616-349-0x00000000051C0000-0x0000000005764000-memory.dmp
memory/5616-350-0x0000000004B00000-0x0000000004B92000-memory.dmp
memory/5616-351-0x0000000004DF0000-0x0000000004E00000-memory.dmp
memory/5616-352-0x00000000025A0000-0x00000000025AA000-memory.dmp
memory/5616-353-0x0000000004BA0000-0x0000000004BF6000-memory.dmp
memory/5616-354-0x0000000004DF0000-0x0000000004E00000-memory.dmp
memory/5616-355-0x0000000074660000-0x0000000074E10000-memory.dmp
memory/5616-356-0x0000000004DF0000-0x0000000004E00000-memory.dmp
memory/5616-357-0x0000000004DF0000-0x0000000004E00000-memory.dmp
memory/4432-358-0x000001A410760000-0x000001A410761000-memory.dmp
memory/4432-359-0x000001A410760000-0x000001A410761000-memory.dmp
memory/4432-360-0x000001A410760000-0x000001A410761000-memory.dmp
memory/4432-364-0x000001A410760000-0x000001A410761000-memory.dmp
memory/4432-365-0x000001A410760000-0x000001A410761000-memory.dmp
memory/4432-367-0x000001A410760000-0x000001A410761000-memory.dmp
memory/4432-366-0x000001A410760000-0x000001A410761000-memory.dmp
memory/4432-368-0x000001A410760000-0x000001A410761000-memory.dmp
memory/4432-369-0x000001A410760000-0x000001A410761000-memory.dmp
memory/4432-370-0x000001A410760000-0x000001A410761000-memory.dmp
memory/5616-371-0x0000000004DF0000-0x0000000004E00000-memory.dmp
memory/5616-373-0x0000000004DF0000-0x0000000004E00000-memory.dmp
memory/5616-374-0x0000000004DF0000-0x0000000004E00000-memory.dmp
memory/5616-375-0x0000000004DF0000-0x0000000004E00000-memory.dmp
memory/5616-376-0x0000000074660000-0x0000000074E10000-memory.dmp
memory/4472-378-0x0000000074700000-0x0000000074EB0000-memory.dmp
memory/4472-379-0x0000000005280000-0x0000000005290000-memory.dmp
memory/4472-380-0x0000000005280000-0x0000000005290000-memory.dmp
memory/4472-381-0x0000000074700000-0x0000000074EB0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 241d783774f20ee39b32e93dc0f3f4e3 |
| SHA1 | 251a57c2eb9e75530dc469581f73e4e22ee8616e |
| SHA256 | 775668540b7bf3b462f44b683223bf553180997cf7a1655f9ce4da76bea70265 |
| SHA512 | 0b6c0ad8eff311d602b06d393935ff341bab185c7ef61d57f407b4fd94b9ee1c39ecf93a969b034b4f278546603f9dee176ea5b7cf68e3fa91f4ba52eee48ef3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\a0270000-1f75-4616-baf2-18d729b98726
| MD5 | b5e22b4f3c6e7b61b77650b3530226f6 |
| SHA1 | d165c210a76b8b8bf87bab667228ea157add4880 |
| SHA256 | 79346e88c441f03058ae30241a537b1ed46d9cabea3c1bde7706579dbefbac1e |
| SHA512 | f5f81154f03d12291a0613b83a954709da03f5d4f1ed06ec18a81ebd171506e62109cf6d7c451118f73ea6cbac99afbcdc9684cd191c09e9de4205bed7051fe2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\1e0b1144-903f-4217-b3dd-dcb2318e6053
| MD5 | 7d419efc23b3e2a0d665276dc45446b4 |
| SHA1 | 875ca623c940992e8a248da67da1a7cdf98c7afd |
| SHA256 | 5263ec4ca588e9b8e142935a5586248de0f6fc4730401aa3b7da831140d79bc1 |
| SHA512 | 097e90e9229d323651e5879bfa0d136534c33e3ec5b5c4e45148c4cac3113e73f48105901b0b36cd899e263f184f5f3396b359a6edac71033aa0fda0372ce1e6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore.jsonlz4
| MD5 | a0df6e5dc9b12caec6d391920078575f |
| SHA1 | 0b67d1a8102c54c15a0d395621f0fa20c997eefa |
| SHA256 | 3576fc5012bceed8faae9d38ebcf572c738afb4917d728df34d3e7d03b08527c |
| SHA512 | 75abecf68d66fbfb27fc193334a12e7b8775f3eca29c04f4582e558e105d9e257a22dcd8bf7bf01c2fa23d6bd49772662f5a1e4c706326a2c75eaed6b4dd28ea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js
| MD5 | ff3f5b2f8f8c61d673d9acef2f6af663 |
| SHA1 | 47ade0b42d16e0f3542fbbdd7066624d0bf20439 |
| SHA256 | 4a3fcd810a038f9acb9b2d31d78af01b341d0bcdccec6bcd4bcd5f355c7035f6 |
| SHA512 | 9c622193cee27b6993a1979b3dc82b044819808b272d7b2477e38d4ad4376903a688b6fddef8bff6d160f5153ee642f89ccbd1487ff0c5fc23ae8bd52dbb164d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | af89932625523dbc750e3693c0ad7546 |
| SHA1 | 3ce9614269bfbcd86899c76dedd736531e662385 |
| SHA256 | 06c050115272d0e2f48455e4be239ac79de1abf6584fc73ec979369a8ae91170 |
| SHA512 | 6dadab7ea972dd98bd9c1f5e08df302c4a394206c6648a7a695dbaaa3cb4b966c909d92e2251ea4b87420fb048660956d76576f438381a5f6525d23aa7f30222 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | c1a97876d9170cc8c866e73c82891132 |
| SHA1 | 981ef2fe19a042ccd2fa09f9986a4fed1633e329 |
| SHA256 | ce65c3d121c495b59c99e10e3ec1dfe96de27ec52d889725129d9d4328a635dd |
| SHA512 | 8fb70e12418d93ca4ddf84b3403fa0cec2f356f0ccfba0e67edf257ba6a6612e410c7f4a45edae4876b990386817d99c34416aabcccb60c70917f464c22bc978 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 384e8a15aa6d251b82647de6d2a77682 |
| SHA1 | ce510c218150d2f96af39a787240f5274169363a |
| SHA256 | 6b5e2ba43f66eabcb1a42b6f772d2aef34408f5d8e8a572bcf1540d3e597c9a8 |
| SHA512 | d1ff1ba1a43630512986181f33cdb8c65d85de96124c83d0e0c526494032eaf01c55b5f84bf8e028ad24c879b415a20c87e0c9437ec18428854ba526ba0ba76e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | d5069d20820a3311aae89237b4f6c7ef |
| SHA1 | a156b7666c80d6c1c99ca638ccefbd5b02040d9a |
| SHA256 | 1a6ec929e09581dbcf3d2739dc9520c2cb5f245991dce41d84aa8b81ad81f346 |
| SHA512 | 065cd54c4aa23d35594250df56a4dea0b516383383ac852ee34075c557a68069a6b47db75070a2edc0e0afa5cae29aa63f84afe1b6b80d5ede48ed16e60e3473 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | dbbcdbf3a820685ac92882e48c5aa6f2 |
| SHA1 | 951d8b2724b73b2589fef618ac791fdb6ad255fa |
| SHA256 | 72cff93c9548b13fb8d3326585bf57a64f6d9a9496d45ab9b00916d55646cc85 |
| SHA512 | c3b7ca1e4ba74cdcedf5d4426098efdeaae2039b27b219fad09866fbb0ff585d92941d895e41f1ed2aae5d9e6f2e956053629e3d01ea791181342b94d5f1cf74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 588a24acb5188e7a36c2e12440a082ba |
| SHA1 | cc916d41b80d855b183b290f29d4f582cd15ba45 |
| SHA256 | 9f361d06f62c11c6bb06c8a70d5cefdd10faf3c2be733f0e027fdb9cdf2dfd16 |
| SHA512 | ac4f700f963f9db5a311b6f67def099315be0c463c8962de9e0e53d126bad6521a24c591c3c0afd8796b1bdb7638fb6bf62bd2f859da57afd17c603a97a40cf7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13355781239260859
| MD5 | 55ed70226222872b5a46a790e52af710 |
| SHA1 | 0abb13b8766bdf590bce421cb79f386de93cfc42 |
| SHA256 | 750a2b69e10dc67f36da36b317513c58fbc63858101e820edcd7e4f2ec9a2b6b |
| SHA512 | faa8d288d4e8fdbdf7989088ac04d675c70f71dfbcb0d181a2908c2c5450f8dc2ef07df2aca398ab8655358e2576faf81fa02e2c8e12a03e3187cc699de9cda3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 2091c9f2b5b20e817ac7302c3178f753 |
| SHA1 | 1c02864a9020d2b17eec43a83834607c579cdc27 |
| SHA256 | 374b6214071ab823f1b4aa35fd9dbe52319eb3529ff3131aa87b9229cdc51620 |
| SHA512 | 420597344faa14007062f32d77547583acf3f0640b389e7a0eac5a0f8414c3b1c0596138fabd46d438c42415289b243a19ca1b543bcbd47f0d55ff4388d72342 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 6f35a76f79f464569b1e71542cd29763 |
| SHA1 | ad1976df51b9ffe75a81cc3d3fbfde9436f2def2 |
| SHA256 | 86de26deac4cb74ffc1cd3fa5ef431a96be1821df5e8eb8f85925eb2fcfcbfce |
| SHA512 | 4f4b74c9e2e360fb7454d8829f46f305cd32c4f1715b4e1616d7346a71449f63f66bebf8ff0ee3c0324e945fb218503f7933bcfc65a65c7657da756d2ab02cb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 048987e3eb8c93e15fde02b5988e9e51 |
| SHA1 | 6bf29c964728a90686111a5ecb6f15b58b66ce23 |
| SHA256 | 9ed1db91f6e1cca71e0a6b03e3616f6f868bcad3ee2968031c09e67c09fdbe72 |
| SHA512 | e2d4142e9794559649e47c3b9585a0343f98ee9266d5a4731d38d873626a33e5a4f0c4b5624babc054dc100815bf097fd2872a314c73e5a284263a60d9ba1c6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 30d08c51088b2282507f5870be0ad269 |
| SHA1 | ab1d6fbf5ae712c42bfc2bbdc12c4ba17b653a81 |
| SHA256 | ace03015cdb1573ee13814eb954df33f57c94c699da6f0a2fab2ae1078daaf93 |
| SHA512 | 1426ae70bc2b78ff66163a33db316d0f1fb50158906e3acec04c7d64a8e41982d463222f1afc8422ef2f1a229f440716c8754a6613e54e2c1a698ec06c232aa4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 373468c7904a677946985a5148a818c7 |
| SHA1 | 94bd2c7252d23e7f9dc267d7a5f4e396eee5775d |
| SHA256 | 89ca6d120c8f0a9452f76e9edea781e67b96330008c67eb17d5aff00e739ebc2 |
| SHA512 | 1e778bec7d04d81dd6314912dc8ad7acf26c1aec71718a898a66240d52a4f4b03dd6745790b36ba53e8dace962e32a0c182c65e683257b12e398d09b045d95e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 878f92795b4d78c737f8e97bb3ce08a5 |
| SHA1 | 96f9ede5d4a196864625d0515737a390d3108922 |
| SHA256 | 1419688985dc2d3e075921d7276c54e4da458d4475cd641a153e05e757e6f2ec |
| SHA512 | 8e2f000321d09acc588b760803fa51a2e69fcba3a3aec00e4c18edd5c556cb8acea63095809fed7b151cf7987791623e1ebc9fd0f6c78b853882c09c7258d062 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 02227872c7a24771a3baa0443a112a73 |
| SHA1 | 347efc7f141014521ef9ff8287bd00d410ac8698 |
| SHA256 | 15eb755f1b1090b58b4f23073c037bbac01ccc75f61f5e28a32a16d46e27df86 |
| SHA512 | fec8472a4313d9c3f22430b1b0d85ebd5fe28789244bfc05792b50ee41c229496da6c9a380d12775df18ce286eb8e6b0b276b03694483f6ed15f64595555614e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | d196770fb8f1b9b55ad0de174e229bcc |
| SHA1 | 041d8eeb33edf59f7c5a69460daf0993f97d195f |
| SHA256 | cbdafd18d89514dd8dbcb5d8d6fe4a951442459719f1b28fe674b4bdc63b100b |
| SHA512 | f1d987162c3df9d6fcc1f6f5fb8dfebd9a202f524ece101940a25ff722d3304f023e72ca5e742e05bfdbc9f1e62aabf30bbef24bfd772548439acba8e6897520 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 76e545e605ad2b10f576a080e4a93b96 |
| SHA1 | 75a0ef82bb4b0e4964bad8c7907a08aaf3ad24c7 |
| SHA256 | a61af8ada479392d27e8579ae1b43c083773e4c7da3fb66533f0cb360cc0d634 |
| SHA512 | 4ad317462f0c9233e77405fb3468d31d761de9c041f4379e74006c0b56af0b6992086921a031d173d8406da085c1032d89f7272fe278ceeb7a5890e06698cb97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | ff2d3fc76967987d3f99e8ae34d22bef |
| SHA1 | 87df9d4061441726a6c9d0141cf84b428d70de59 |
| SHA256 | ed636029ff2efaf3395fa4e61111d2a9c37cdd0efa5bd4ec3fdee4e1eebd9c41 |
| SHA512 | e90768651110df2347dd421b29b6b9d83477a003a200013ab585bcafd934e06fa2c24773a4649935fc795c14ce6138971dcdabb9e998c19df82a738435deba20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | ea7b2ce42d3abde694017ab9f40b21bb |
| SHA1 | 91e28312986602f40df69122525d8923ee4ee92a |
| SHA256 | 58f0cd50ff74b4261f60986bcbdde2ee33f598d61be1973db3129bc19abc2298 |
| SHA512 | a563fbbfc78dcce42842ca0e5a3b0135395d7cf1a1824354a9b1b246ca65478d9b2a15dcf358342afa6a70cd1aa98f5ac41628b4826177d3a64ecbeea8d2dc71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | e8c033e57a769a7c5ec850533ae23b50 |
| SHA1 | 568b8849b2f556e30854afe5396cdcb8d57470e7 |
| SHA256 | 805054cb8ed070d1cedcb4dba5c204a5d51b3df77e7cce77a0b43d6a36b470b8 |
| SHA512 | 017a2a836e50250ffcde3b975e8f4278fdf6ab1ed66664fde3463a236c385b0b64ab3d60add94c67744bb0770e84316a4f2600296961ee7f2068ec781b4b9a3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | cadf98f721c57a53f5423e3f9b5edfb6 |
| SHA1 | 1b1ed161ac45d2bdf0cf84eaf1ae9164641f7799 |
| SHA256 | 53a30727f057b248e750d9bedee28ebb01fb7044b618c2440ab672d711f69514 |
| SHA512 | d58e2b17619f9dc6eb3812229f9f086b2853b71fc0348c84d55dea837f47d6140cfedd41164455d237b8700067e6e23fe7f1b7942a7789205b341a71180a0e30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | e8acf60b0371b9f5e262ad0cde5723d1 |
| SHA1 | 3abf2ee8b6ba665e987c75e3b08e09fc06ee98a0 |
| SHA256 | 49ce4cf725705d703782f92bbcc51bc4ab67e40ea449a934fa562065e219e341 |
| SHA512 | c9a50a51a5a0fe100191b961e481590a7ea3c244b28f98691dbeb23d9ad941aa64a33a0a5196152a2d1ad265e146c40075a8f8b617d7253497950055f422d9f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 98132de37995bd232def714912e53695 |
| SHA1 | 2bbba94fdd814b5db283a43323d76ccffc236ddd |
| SHA256 | 5d27f9c230d3591d6d4389c1c8d990c54f41c73bffe8be4137e2230ebfa2ef3d |
| SHA512 | 167c9cb8818ddfa361e87bd432f39c450e1e81eeeb519d2d715c56a4a66540481de312d60ae9f4bb442f1bf00cc2d8986dc7478eb4be39c29d295e74f10c16e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 848a814b6b55a5de31cd5a893226c143 |
| SHA1 | bbd161963dca8b97c239ab6684ded996ce809454 |
| SHA256 | 16eeee86fef2603d4a5f8badcb9876935d0dcc95ecdd1eec0b859692a7173270 |
| SHA512 | 3192c8a1bb627641237df00cb7724acbe2d2d374664ed5e7de779411005ba5d892cbbc169472c5a54f309cc5ff67772cb2bc09c3c311787d4dcf98efa13f5cef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 03a93d3a0a662a6eb2f6aa81ab5d6204 |
| SHA1 | 94cd467dffa863fce5abe0cc854ea762385266e9 |
| SHA256 | c42bf5fa91fa639947f616e6c630459c268e4189cc6741cc7e6266e08e51744f |
| SHA512 | 22eecc27803d08b3f06e7a92f0d136519dc7f0bcf949dc19c0f9a615513bb4f462958daea9b44cfc7c92a99bba9cc9bbdbe435c4f06b8777537fc784ddfe5c19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 042960597c8fb8c6aca468a810c8197f |
| SHA1 | 568e796199d33f0c0a7785b60fa899a86a886028 |
| SHA256 | 45a54243a97da0b08476abf98215f6e135c69d0627595d5c2dbc38375d6bd84a |
| SHA512 | c76678a39c59462ff56db0e7f5a876558dd05ca7e7163377f23be2b413f055ba939f187b33aad9749ea4f381b52f76b35969e589e763abb821b857cda5d7fb3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 12b60b279997c1124343dc14bd796029 |
| SHA1 | 60b70494adff74fd093ebcf548ddb7576e8a4ceb |
| SHA256 | 3f784b46a6e1d31f46a22f4765b4cb4ce34cd3c048094cd653e8b1658f56c805 |
| SHA512 | d376e34b053809d7f960dd8ee9f90afa84387cc431562898d09e86943a2d1660c2e3013df400e0c0370cb25239092699da91ab266f55634b9d0120266891712d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | c941e28284a8b52d7ed2bb4373ae9733 |
| SHA1 | abcd2b70111c98fe78dc5bce1adf4a9c900c0006 |
| SHA256 | 28c4a27c3e5bbd6b5c2720f33cb0c496afa1f3ca4f41e3dbf69d1f7e47ff94f8 |
| SHA512 | 7df9d6afec34c30285f2e937340693fe6a4ee9234b1f4ef62adc6efab5a52a5f2c9bece6b884aca08025eeedd11312716e2e380e2501e3ce58279e1917aef05e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 100eb691bad0eeb833fd7180cb289110 |
| SHA1 | 04f18ee804518e9a09f99edcfdec9ef9d1148974 |
| SHA256 | 36f524b9338916883acd852c027464bc473e0d961be967e2e1e9aac0fc557880 |
| SHA512 | 9a2c001e8bcfb55304514ac49a3bee4bf164074b4f9b56cd59915671d56e9a765094d12dcf09a6b47c3ea9879294bfefe1bd8edc7310258300d1ced2b24f02d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | df1ccaeb21bc7565017724b711828d21 |
| SHA1 | c87576e7a36a036d3781ee76670366609b8dbb3d |
| SHA256 | 24513e84e71b634f1ad61d3ecd40a59fb45381b00c7dcd628eebf0b3ba1cca01 |
| SHA512 | 06dd338a213a7b9c84031e0afbacc822216ca301371a5950b7ecea2c9286da5598d55e2018c6b69ff6b2fe2c8703730cce4c7381a38d64b032e151e3d1c26a3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 11c704f624d02b9a4c8a2f405a985eaa |
| SHA1 | a5bb61c927419d532e853b8307456e41da7c33ab |
| SHA256 | 5770b0c897b9f998402adbb3e8ce476c545afd6581853526de0b8f87ee5b2767 |
| SHA512 | 7dabb541a3952c8850364b80959cf40c940d8a05d1b54fac3aab22b4b7453d8313f30592471cbc8cbdead8cef1dc1aded6736e53a49d1bdbc00068c96a254a92 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | 5240cbf21efd4e8f2c967301eccd7980 |
| SHA1 | d5c9dccf1b14e0052e49d685a72a5a29bf7501dd |
| SHA256 | 45ee46eb493e1b7d21e793ecff97306bf3ea046a11c63bb8109fc25cc3587eec |
| SHA512 | a719cacfa74785b80758be61e66ac1ae2cfbfad8d643699dff66af204fe49b80bac57b5cdf27f139d2e47a9a4569948cbce0fbee01f0612cb6b1ea8f68a432e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13355781239058859
| MD5 | b1946f8230051cb5664d5e33d5cbd6d6 |
| SHA1 | 6c212029d19ab1fd2474b48f5ade8786959315f2 |
| SHA256 | cb003662c76d49a7bff0fd63ae51a7bd3597e82681bee94bb04a50ee635ad151 |
| SHA512 | f67b7e09f051f5ab684124907274c6fe1e23cd0659ba67bc4974eb69941fdcb589130dfa4e4c9b4739c6fb447cfa701e922b92baf61fac570cdd2e41b863156e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | 549ec5e072f8130d3a9d43292f85c21b |
| SHA1 | adf1a937dd56706bf893fbc3966930a2d5eaeff6 |
| SHA256 | eb5091f43d76b78c9304a5b3a43de7e16f74c6a4108cf7cf0ebc0618427c88b3 |
| SHA512 | da72990d0f33648eb07ca4aa94cf75726c0ade3eb8a1ab4864ffcc22f7646a9482da333274307384ba4b0434dd0f6ab0e0b9a324fd0d20249077eafd7de261a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
| MD5 | 96b018a64cbb1153212768899564a463 |
| SHA1 | c8f6d17e805ddb6a4f3ee67f2609063b82682352 |
| SHA256 | a9be8af721f49b95ebf91c57f3b25034841d9d69ff5dbcb095b10c444dfae77b |
| SHA512 | bdf8da1853beca4733b9d0c1ab600c2ab28b759462642f5d1e7e477c4181182ca59adca3209345f0c663a8334ba3eda8f132a699a5589cc4f9b588ad6cf73e24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 339aa0273aeda92bbe2fe9516ac9b869 |
| SHA1 | 151fbeeb4d8ac6a84da4dd5132e688fee27201c2 |
| SHA256 | 2832284e521e109de6ae2094c53801988fe688fe8df97ff7b9cc9ac9e295eb1c |
| SHA512 | 70240bcbf51952c926ad042a4ba44ad43d5ba87c73c7c0345e3f359c2eb10bae083ba80276164d68d4d860e2a620cf66ef99c0bb2e21a8cba2b266f2aa41f58c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7938721473b38fa217064f7f40a57c73 |
| SHA1 | cfe4f061534adbda8cfa0b1ca2345abc0e5d3109 |
| SHA256 | 20302ec6744497c305e24ab2a56fb3b64d16db4c6bf434a50d283bdd4f893db1 |
| SHA512 | 205cadd9a62c38a4d18fe22cfeda643b069fd201abd2cd7c2ed22d268f02ff72e45b523deeabb79ad6ae378c8ff0701c3529532a8054653f172913f8f8edf1ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f84c595404a8741d4ec204367bcef656 |
| SHA1 | ee193a48da305d8d5c780ec9c9a74acfdcf18681 |
| SHA256 | 16a3d6c366bd422de793d113c9f40cd67e37a7cfc33ec13fa8bd197664e568cc |
| SHA512 | ad988cc7a35f868da9a8246c08518065d655ffa2ba62f1f78b5550147949962101c4cf7f2ee41d45cbdaa5b127d99c89a69038720d82ddd9db6a4eaa11c84d3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt
| MD5 | 05006792ec0590cca473137344015297 |
| SHA1 | 462990fd3ecc26639ca7e5ce7a2a762c7684d407 |
| SHA256 | 2633350faf25ce77aad8ce8926f4c369b2a38eec4336d7d59c23b4cacdbbf08c |
| SHA512 | 6c3d647eccd36dcf524939e2af6348df2c35d3a11a06a3156fa8b6071137fd2d85e23ae07e0b38e9450dc43dff96ce4f699b1cb0faa1e0b07ccca8b57668b47b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt~RFe5c5403.TMP
| MD5 | 6875f8416d47a045b88a4bdfe6669b39 |
| SHA1 | 318c8f883398d37465cc749802c9465af4ff8eda |
| SHA256 | c916a2b8ca49c755a553167e4999191aac0a23046c71eb894d9a8a2fd59458d9 |
| SHA512 | 0b31e9487e05075f31b854500748ee7ccb37feaae770034868c810f2144936ed84a0b6292ad32a6832216b180006f56ece57e16c0977d1044a6369a9eb292b9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f6a1264db692be83dba59903f153d31f |
| SHA1 | 3878f851105ee15c6d993136c5d5e1ab350689bd |
| SHA256 | 15dcd532707b220b52eb09e87509f61f367c39b4419cd5266ca78c957e3ef96e |
| SHA512 | 401c8763b8969299768ebeb0e50e53985117c3e211c2deac5c67323a6035132eaf9bd6e16729d36d5334ea44681125546db81c7c4223e06ab2674049cba09fe0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 407e70e029f25554224a7cfaf164973c |
| SHA1 | 9588d84be455389b34f997c30970e8258a4e72d2 |
| SHA256 | 08f8c26c0e7c468affeea64bc68aae9650a1ce426f0ccc86021bdc9867f23ee4 |
| SHA512 | 79395eb1e45e36cd1320846fa2064505fd57a23f1c396803e06948c8eaf701c5a29e63a13e2328696fdae4b9b32370b00bb3d4ac13e60d1ecc9ff733e8e03ba1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8f8c8a33cc080fdbfcf652a0b947efda |
| SHA1 | c7a7480cb1aeb959062a51c2f367d294999086a2 |
| SHA256 | 232e7f975b80f59f20da7c453ddb817398cd2a8a4f60a57011a54953c85b6f72 |
| SHA512 | 9bcb7cdbddd7f8023aacc96d108facc8b8f63c4c6b4391e2acd39fa7307faa333e2c0968293d07d333e216b7d4a5117d24e5d84b992aa332bdcdf3ed9e5561a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | f971c65d1ee4cf81b21d8fe0b785bb99 |
| SHA1 | 37a153da84cd7f43fc85757d973f16e2e18fb86e |
| SHA256 | 0eda7cbb7eb0b043a05d3d8cc0870ce0b4605af0388955d32b171c01c8e82245 |
| SHA512 | a591ab1bccfaec8082d8a82376004fa562544b96cadd25b5ed71c4ea87b4cc32ac0a3370f062c9ef4b8908061356bb23b202c1f5ac64866704c2ea24d3fbceb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c9f55.TMP
| MD5 | 0584f032be52830b4c4e928017505110 |
| SHA1 | 30313f563fdc640eef95a9e860d5cfdce3923618 |
| SHA256 | 1a0370d27e8b374f6895e08d782fbe606b813d712855a7ae1768722245d65c2d |
| SHA512 | 22c0ac8303311bfdaee0a6bd0e555e8288fab7582ee11b806e4ce1fcb5462cfd1c76e468c8f20cb785d901547dc032752c8f8a2238bf15cde6dfc9bd9804fcbb |
C:\Users\Admin\Downloads\Unconfirmed 407309.crdownload
| MD5 | 2008ee1ec2ad3e394dce5d8e8d166d17 |
| SHA1 | e8ff26a5c249ac02cc3f0855d55b001351fa1162 |
| SHA256 | b46f41e816feccfaf986d1a22fef15911d8ef16282c7a42296bb3c94bf7613c1 |
| SHA512 | 7ea082a9252c09e94950a68de06e7314ff3156b476afa081279082b18764a26f627e6fd2ec97263ecc4a557f51eaaac07f950e30ccab5ae13203703dde0ec3eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\4dcd454a-3b99-462a-b4e9-792c4de319e6\index-dir\the-real-index
| MD5 | 089584da867642cfca69371d377f8e09 |
| SHA1 | 99b85641028b9d6d9b50b61f8eeb9e485150974a |
| SHA256 | fed18c5f636db335211cb0ead41c8331076fd184447321a7716a602aa6a99680 |
| SHA512 | c87bdffbac30b298f7b8a12432082909750b0e3a4c16f901e3af291185a0e6e53f85d7b44ad1687f75ec3b7d4a2bd8eee1efeded9bd08bb2803351b86d964bb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\4dcd454a-3b99-462a-b4e9-792c4de319e6\index-dir\the-real-index~RFe5caa22.TMP
| MD5 | 9381d0baa4c84d3da75f05898181f7f7 |
| SHA1 | cd2658bb88b727a8ce9907007df91190a4d4bdca |
| SHA256 | d1b384752d15d1265ef757b90c04320ce2bf3181b749464d5b273a7f14d07a47 |
| SHA512 | 7b766d701d36fa8b9bc69ecf0278d7ecb8bef11eac2e3c4d3edcc45aacb65cfc5ed4909ffc1c0f09187571df8dc34047e8e262a0115392d2bc6593d5dafa03f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\10d0102d-1907-42ed-b5bb-33998a313833\index-dir\the-real-index~RFe5cbcc0.TMP
| MD5 | 55247477a2aa37779fcf1e0d0b9907b0 |
| SHA1 | 9a430c451f0f3486bb2c843dac89206a23b76abb |
| SHA256 | be0dcb94a5177b0e6fd60a20f73ba488c6a95ebe19e35d0fb42c5c3afdcdd7d8 |
| SHA512 | bb4daf39334939d4ed526c18c57fddc6434a3d7e8920eccbef1e0991d27f7c684b0f7a4d5d6efc6a33674fceaa1e038879523eabcd4910e20fd9b22229b1e733 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\10d0102d-1907-42ed-b5bb-33998a313833\index-dir\the-real-index
| MD5 | 2584830f2867917f4116cd692406d979 |
| SHA1 | 1a93965d2362388e227bf6e55c2958b4ccee2e80 |
| SHA256 | 24ec5ca032371ac94c18f5dd2e0c988208b59a77fccd5ad1a160944ae9d1a444 |
| SHA512 | 870d0455212fbde75f62cdadad3d51cb2332806b133a949e284845a42744276249df1830c1727af1089014f76bf872f53e4e94b16290fdf05172a4c40640fc2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt
| MD5 | ab324942f217c3a1000ca21465edee23 |
| SHA1 | 7a1acc9f920464554d2c887178d0b993b29ffba0 |
| SHA256 | d311594b5adc78b181c0cc70b9f2ed8b7fcd9201b494789becd8b463fddc4039 |
| SHA512 | b1b4e47a57989121e88d3bf35a2dd49d27eda9f5474780c727e4e39bcc8ef0fceced46e26f67458fc8a8c1fd1c0adb0e3899c52dbcbeafe20dc08f8c3e454216 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 87433cda432e8cd4757186be248868e2 |
| SHA1 | 2a74ca23804b1b3f4ddb4abf86d84bec9675f183 |
| SHA256 | ec23553625f6bf91d078f53ea880c3e7b810ffb4bc91ad6014b12ab0c71d1c6f |
| SHA512 | 87b1ddaec2c0407831dc25f9d8b0a9bb07064fa7141343f34f4866000960fe397978d7dcaba7c55098b523b77400bc2049a47f1e39b2ba4bb4e345a5de3731cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a923f7aa01745140eed8c852a25a3569 |
| SHA1 | a4f7f14873eacc0a8990d588fd315865724e585c |
| SHA256 | 06ffacfb78deaca492ebc32a94806ba3e3055ffa1f7400506c9b8b649af3e22f |
| SHA512 | e6f25b96801301ade958635cca88524bc629912f77176e59d1dee6deeec200e6663544cfd0615026e6fe82ea34b7651d076270a045f6d1318bfd2c37386f51ee |
C:\Users\Admin\Downloads\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/1164-1236-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 52b3b962dcf1a7db5185646152876dc0 |
| SHA1 | 53c7f83ad5c0e0c28de1ed85614becaa621fca7a |
| SHA256 | e7d3d296a59cdcaad729e6fd81f356c60003b4e1b6bada6eb878534188e1b301 |
| SHA512 | 51b577a13c2929e6d3ccc46b5624670af35c7d132f0da6f561c114a2c76ebc29f2f5e71e4ca1dd357c1868b55cd794011ba84d7c8db0ce7fcf1648c509dcde2c |
C:\Users\Admin\Downloads\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Downloads\@[email protected]
| MD5 | 7a2726bb6e6a79fb1d092b7f2b688af0 |
| SHA1 | b3effadce8b76aee8cd6ce2eccbb8701797468a2 |
| SHA256 | 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5 |
| SHA512 | 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54 |
C:\Users\Admin\Downloads\msg\m_filipino.wnry
| MD5 | 08b9e69b57e4c9b966664f8e1c27ab09 |
| SHA1 | 2da1025bbbfb3cd308070765fc0893a48e5a85fa |
| SHA256 | d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324 |
| SHA512 | 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4 |
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
| MD5 | 028a5dffcd8b27d990cb11e1b4777baa |
| SHA1 | 01fbdf344162e9219bcaaefecd56219e0f9f0cec |
| SHA256 | 3a0083d8293801eda588e401238945b5a76f539d3ba2c68d9ac20d0a4c9b3789 |
| SHA512 | c061ddbc879acc250e2b88c3034427d08d275b26b58a3b447ff71fd3249223d0ea00365c4a84522d01c9ff5ef08409e61ab2b4d83904246c4ef19a704fb391b3 |
C:\Users\Admin\Downloads\c.wnry
| MD5 | 8124a611153cd3aceb85a7ac58eaa25d |
| SHA1 | c1d5cd8774261d810dca9b6a8e478d01cd4995d6 |
| SHA256 | 0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e |
| SHA512 | b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17 |
C:\Users\Admin\Downloads\t.wnry
| MD5 | 5dcaac857e695a65f5c3ef1441a73a8f |
| SHA1 | 7b10aaeee05e7a1efb43d9f837e9356ad55c07dd |
| SHA256 | 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6 |
| SHA512 | 06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dcda8b707ed2a9bc1854d2d7819fa28a |
| SHA1 | 2f736011c66fa9e26af6c0b2dec96238753e5bca |
| SHA256 | 31842a5f7de5079c3fc41219455ec67a3c086e33af44861ac84c44ff4a91b4ed |
| SHA512 | f894123917b0e85f65631ad0e605451878e9a86855a7569961ad6c149ada0fc5210e14246154d790788638d4b40be6908195d797ebc67f3f26581d00ab296cfa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cd8c6bcf452d7588f7ce5cf8b145affe |
| SHA1 | 322f87830695b3482ae3024982ddcabbde9fae61 |
| SHA256 | 225860e43fa9c81d248a3ae06804f835b7eca5832f49e3c31885c5e8edcaab1d |
| SHA512 | 1f672b1137d91e712327a155bce82f8859d94414aa2255643eb7adb447d018172e020ae305d1f06bce9805f074da0b1c52235676754562169991c424e14ab4c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e9f32dc1e77da9e965cfceb4d0044b9e |
| SHA1 | 584c61649592a18863c161a0a46d72dbc3990742 |
| SHA256 | 6847c3d3fb81bb8714e8331a1e62b0bba1a87c088410fa788f34378b34e73f40 |
| SHA512 | 5bc2d6ae816cc783a7cf98cf451ed9a040466d82decd449e61aa4efda34d8fa6715831f8bf5ca7ac3e30329c81f7c2c32101c6c7a73d8846375761c29e00e856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 03fb5cfe8a29fd11826df981ebbba221 |
| SHA1 | c8fbe4831c4a27eab9c30ce854a8cd0fa7e7d303 |
| SHA256 | 6071382b276f1c82d6b9e85a0c6f887056be0a73a040a4f94bf221371f20aa67 |
| SHA512 | 156aa6c971188eae0f13f7a9a270d5a38133fb63aa2fe8b76ffe2d2a8726fe64f305ea1e1598ee9edfb8d6d15826b876d1b9e68a13c46aa106f69c31ee676a23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 74840397e0ea06faba5b5a2d951dcdff |
| SHA1 | 2a3d67ea3a6d05f0d1c3e54d42bc97870d320132 |
| SHA256 | 64db361df5f212a17d7a9602f671fe65d001bce4f4622f99daff8acf08179174 |
| SHA512 | 297383d63724fd586125aa861d3bc23a69ee3efdb393c743a726ca5c98c8835d5b65eb0c7b2b91904a9e6ba107d3b313f923a80f274c41ba363214f93f6549e0 |
C:\Users\Public\Desktop\@[email protected]
| MD5 | 3f462c6a769958dd87c747cefc0b8458 |
| SHA1 | 041ae8d63cc6785667e297a4acffb5ffbddf9155 |
| SHA256 | 8ecc4734b8a022e91ce4865c364fe3e7e1408ce92ab3ff3a743f5be3228dedec |
| SHA512 | 23b9417eb60829668a2dcb6580372efc39e72ecb127220b3fa4d9f7a52256a9702d7273ea2bada8c95b6c13f5ddbd2b6862f61e326cd53e8f72a858554326cd1 |
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/4696-2755-0x00000000739B0000-0x0000000073A32000-memory.dmp
memory/4696-2757-0x00000000739B0000-0x0000000073A32000-memory.dmp
memory/4696-2759-0x00000000730C0000-0x0000000073142000-memory.dmp
memory/4696-2756-0x0000000073200000-0x000000007341C000-memory.dmp
memory/4696-2760-0x00000000731D0000-0x00000000731F2000-memory.dmp
memory/4696-2761-0x00000000009A0000-0x0000000000C9E000-memory.dmp
memory/4696-2764-0x00000000009A0000-0x0000000000C9E000-memory.dmp
memory/4696-2765-0x00000000739B0000-0x0000000073A32000-memory.dmp
memory/4696-2766-0x0000000073420000-0x000000007343C000-memory.dmp
memory/4696-2767-0x0000000073200000-0x000000007341C000-memory.dmp
memory/4696-2768-0x00000000731D0000-0x00000000731F2000-memory.dmp
memory/4696-2769-0x0000000073150000-0x00000000731C7000-memory.dmp
memory/4696-2770-0x00000000730C0000-0x0000000073142000-memory.dmp
memory/4696-2783-0x0000000073200000-0x000000007341C000-memory.dmp
memory/4696-2784-0x00000000009A0000-0x0000000000C9E000-memory.dmp