Malware Analysis Report

2025-04-13 22:30

Sample ID 240324-yaq5ssad6y
Target http://youtube.com
Tags
wannacry discovery evasion persistence ransomware worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://youtube.com was found to be: Known bad.

Malicious Activity Summary

wannacry discovery evasion persistence ransomware worm

Wannacry

Deletes shadow copies

Modifies Windows Firewall

Downloads MZ/PE file

Sets file execution options in registry

Modifies file permissions

Loads dropped DLL

Executes dropped EXE

Drops startup file

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Sets desktop wallpaper using registry

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Modifies Internet Explorer settings

Uses Volume Shadow Copy service COM API

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Modifies registry key

Views/modifies file attributes

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-24 19:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-24 19:35

Reported

2024-03-24 19:43

Platform

win10v2004-20240226-en

Max time kernel

488s

Max time network

494s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com

Signatures

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\netsh.exe N/A
N/A N/A C:\Windows\SYSTEM32\netsh.exe N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat64.exe C:\Users\Admin\Downloads\idafree84_windows.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat64.exe\CWDIllegalInDllSearch = "4294967295" C:\Users\Admin\Downloads\idafree84_windows.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida64.exe\MitigationOptions = "256" C:\Users\Admin\Downloads\idafree84_windows.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat64.exe\MitigationOptions = "256" C:\Users\Admin\Downloads\idafree84_windows.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida64.exe\DisableExceptionChainValidation = "0" C:\Users\Admin\Downloads\idafree84_windows.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat64.exe\DisableExceptionChainValidation = "0" C:\Users\Admin\Downloads\idafree84_windows.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida64.exe C:\Users\Admin\Downloads\idafree84_windows.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida64.exe\CWDIllegalInDllSearch = "4294967295" C:\Users\Admin\Downloads\idafree84_windows.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD25A8.tmp C:\Users\Admin\Desktop\WannaCry.EXE N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD25CE.tmp C:\Users\Admin\Desktop\WannaCry.EXE N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\akgdoowspmymzqz517 = "\"C:\\Users\\Admin\\Desktop\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Desktop\WannaCry.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Desktop\@[email protected] N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Desktop\@[email protected] N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Desktop\@[email protected] N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\IDA Freeware 8.4\til\pc\bcb5win.til C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\sig\pc\win64unx.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\ida64.int C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc2.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\til\pc\mssdk.til C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\sig\pc\go_std_abi0.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\til\gnuunx64.til C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\qwingraph.exe C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\sig\pc\go_std_abi0.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\qt.conf C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\sig\pc\vcseh.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\plugins\win32_user64.dll C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\themes\_base\theme.css C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\plugins\imageformats\qsvg.dll C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\Qt5Svg.dll C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc64u.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\libdwarf.dll C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\libdwarf.dll C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\sig\pc\vc64_14.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\til\pc\ntapi64_win7.til C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\sig\pc\vc32mfce.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\idc\bds.idc C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\themes\dark\icons\expand.png C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\cfg\idagui.cfg C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\til\pc\vc10.til C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\ida64.exe C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\sig\pc\vc32mfc.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\til\macosx64.til C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\til\pc\vc6win.til C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\picture_decoder.exe C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc2d.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\Qt5Gui.dll C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc64.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\sig\pc\pe.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\sig\pc\vc32rtf.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\plugins\styles\qwindowsvistastyle.dll C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\sig\pc\elf64.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\Uninstall IDA Freeware 8.4.lnk C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\tclA72E.tmp C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\plugins\eh_parse64.dll C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\sig\pc\elf64.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\plugins\iconengines\qsvgicon.dll C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\til\pc\bc31.til C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\til\pc\w16dos.til C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\uninstall.exe C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\til\objc64.til C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\sig\pc\iclapp64.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\sig\pc\pe64.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\ida.hlp C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\til\pc\bcb5win.til C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\til\pc\mssdk64_win7.til C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\plugins\tds64.dll C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\sig\pc\mssdk64.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\til\pc\w32dos.til C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\idahelp.chm C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\idc\idc.idc C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\sig\pc\bcb5rt.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\cfg\exceptions.cfg C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\cfg\hexrays.cfg C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\themes\darcula\theme.css C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\themes\default\theme.css C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\ids\idsnames C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File created C:\Program Files\IDA Freeware 8.4\sig\pc\vc64mfc.sig C:\Users\Admin\Downloads\idafree84_windows.exe N/A
File opened for modification C:\Program Files\IDA Freeware 8.4\til\macosx64.til C:\Users\Admin\Downloads\idafree84_windows.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\system32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\system32\mspaint.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\idafree84_windows.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\Downloads\idafree84_windows.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\Downloads\idafree84_windows.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64\shell\open\command\ = "\"C:\\Program Files\\IDA Freeware 8.4\\ida64.exe\" \"%1\"" C:\Users\Admin\Downloads\idafree84_windows.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.i64\ = "IDApro.Database64" C:\Users\Admin\Downloads\idafree84_windows.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File\DefaultIcon\ = "C:\\Program Files\\IDA Freeware 8.4\\wingraph32.exe,0" C:\Users\Admin\Downloads\idafree84_windows.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = 00000000ffffffff C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\NodeSlot = "4" C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByDirection = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File C:\Users\Admin\Downloads\idafree84_windows.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File\DefaultIcon C:\Users\Admin\Downloads\idafree84_windows.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64 C:\Users\Admin\Downloads\idafree84_windows.exe N/A
Key created \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems." C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\IconSize = "48" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 00000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{D674391B-52D9-4E07-834E-67C98610F39D} C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption." C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials." C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File\shell\open\command C:\Users\Admin\Downloads\idafree84_windows.exe N/A
Key created \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64\DefaultIcon\ = "C:\\Program Files\\IDA Freeware 8.4\\ida64.exe,0" C:\Users\Admin\Downloads\idafree84_windows.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\MRUListEx = 00000000ffffffff C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Rev = "0" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0 = 1e007180000000000000000000006abe817b2bce7646a29eeb907a5126c50000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\IconSize = "16" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0 C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer." C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "6" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer." C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "2" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0 = 8c003100000000007858d69c110050524f4752417e310000740009000400efbe874fdb497858d69c2e0000003f0000000000010000000000000000004a0000000000a431e400500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts" C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 C:\Windows\explorer.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Users\Admin\Downloads\idafree84_windows.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\IDA Freeware 8.4\ida64.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Desktop\taskse.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3924 wrote to memory of 3812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 3812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3924 wrote to memory of 1908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1180 wrote to memory of 2588 N/A C:\Users\Admin\Downloads\idafree84_windows.exe C:\Windows\SYSTEM32\netsh.exe
PID 1180 wrote to memory of 2588 N/A C:\Users\Admin\Downloads\idafree84_windows.exe C:\Windows\SYSTEM32\netsh.exe
PID 1180 wrote to memory of 5140 N/A C:\Users\Admin\Downloads\idafree84_windows.exe C:\Windows\SYSTEM32\netsh.exe
PID 1180 wrote to memory of 5140 N/A C:\Users\Admin\Downloads\idafree84_windows.exe C:\Windows\SYSTEM32\netsh.exe
PID 3420 wrote to memory of 2036 N/A C:\Users\Admin\Desktop\WannaCry.EXE C:\Windows\SysWOW64\attrib.exe
PID 3420 wrote to memory of 2036 N/A C:\Users\Admin\Desktop\WannaCry.EXE C:\Windows\SysWOW64\attrib.exe
PID 3420 wrote to memory of 2036 N/A C:\Users\Admin\Desktop\WannaCry.EXE C:\Windows\SysWOW64\attrib.exe
PID 3420 wrote to memory of 2356 N/A C:\Users\Admin\Desktop\WannaCry.EXE C:\Windows\SysWOW64\icacls.exe
PID 3420 wrote to memory of 2356 N/A C:\Users\Admin\Desktop\WannaCry.EXE C:\Windows\SysWOW64\icacls.exe
PID 3420 wrote to memory of 2356 N/A C:\Users\Admin\Desktop\WannaCry.EXE C:\Windows\SysWOW64\icacls.exe
PID 3420 wrote to memory of 5804 N/A C:\Users\Admin\Desktop\WannaCry.EXE C:\Users\Admin\Desktop\taskdl.exe
PID 3420 wrote to memory of 5804 N/A C:\Users\Admin\Desktop\WannaCry.EXE C:\Users\Admin\Desktop\taskdl.exe
PID 3420 wrote to memory of 5804 N/A C:\Users\Admin\Desktop\WannaCry.EXE C:\Users\Admin\Desktop\taskdl.exe
PID 3420 wrote to memory of 5508 N/A C:\Users\Admin\Desktop\WannaCry.EXE C:\Windows\SysWOW64\cmd.exe
PID 3420 wrote to memory of 5508 N/A C:\Users\Admin\Desktop\WannaCry.EXE C:\Windows\SysWOW64\cmd.exe
PID 3420 wrote to memory of 5508 N/A C:\Users\Admin\Desktop\WannaCry.EXE C:\Windows\SysWOW64\cmd.exe
PID 5508 wrote to memory of 2108 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 5508 wrote to memory of 2108 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 5508 wrote to memory of 2108 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe
PID 3420 wrote to memory of 1804 N/A C:\Users\Admin\Desktop\WannaCry.EXE C:\Windows\SysWOW64\attrib.exe

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d13046f8,0x7ff9d1304708,0x7ff9d1304718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9d13046f8,0x7ff9d1304708,0x7ff9d1304718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17142316116035410806,5192612307888071038,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,17142316116035410806,5192612307888071038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7720 /prefetch:8

C:\Users\Admin\Downloads\idafree84_windows.exe

"C:\Users\Admin\Downloads\idafree84_windows.exe"

C:\Windows\SYSTEM32\netsh.exe

C:\Windows\SYSTEM32\netsh.exe advfirewall firewall show rule "name=\"IDA" Freeware\"

C:\Windows\SYSTEM32\netsh.exe

C:\Windows\SYSTEM32\netsh.exe advfirewall firewall add rule "name=\"IDA" Freeware\" "dir=in" "action=allow" "program=\"C:\Program" Files\IDA Freeware 8.4\ida64.exe\"

C:\Program Files\IDA Freeware 8.4\ida64.exe

"C:\Program Files\IDA Freeware 8.4\ida64.exe"

C:\Users\Admin\Desktop\WannaCry.EXE

"C:\Users\Admin\Desktop\WannaCry.EXE"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 111741711309228.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Users\Admin\Desktop\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Desktop\@[email protected]

@[email protected] vs

C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "akgdoowspmymzqz517" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "akgdoowspmymzqz517" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Public\Desktop\@[email protected]"

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Public\Desktop\@[email protected]"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Users\Admin\Desktop\taskse.exe

taskse.exe C:\Users\Admin\Desktop\@[email protected]

C:\Users\Admin\Desktop\@[email protected]

@[email protected]

C:\Users\Admin\Desktop\taskdl.exe

taskdl.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 142.250.187.238:80 youtube.com tcp
GB 142.250.187.238:80 youtube.com tcp
GB 142.250.187.238:443 youtube.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 178.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
GB 172.217.169.46:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.246:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 246.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 rr3---sn-5hnekn7k.googlevideo.com udp
NL 209.85.226.72:443 rr3---sn-5hnekn7k.googlevideo.com tcp
NL 209.85.226.72:443 rr3---sn-5hnekn7k.googlevideo.com tcp
NL 209.85.226.72:443 rr3---sn-5hnekn7k.googlevideo.com tcp
NL 209.85.226.72:443 rr3---sn-5hnekn7k.googlevideo.com tcp
NL 209.85.226.72:443 rr3---sn-5hnekn7k.googlevideo.com tcp
NL 209.85.226.72:443 rr3---sn-5hnekn7k.googlevideo.com tcp
NL 209.85.226.72:443 rr3---sn-5hnekn7k.googlevideo.com tcp
GB 92.123.128.174:443 www.bing.com tcp
GB 92.123.128.174:443 www.bing.com tcp
US 8.8.8.8:53 72.226.85.209.in-addr.arpa udp
US 8.8.8.8:53 174.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.154:443 r.bing.com tcp
GB 92.123.128.154:443 r.bing.com tcp
GB 92.123.128.143:443 th.bing.com tcp
GB 92.123.128.143:443 th.bing.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 154.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 143.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com tcp
GB 142.250.200.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 142.250.178.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 6.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 88.221.135.105:443 aefd.nelreports.net tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 105.135.221.88.in-addr.arpa udp
GB 88.221.135.105:443 aefd.nelreports.net udp
GB 142.250.187.238:443 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 206.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
GB 92.123.128.143:443 th.bing.com tcp
US 8.8.8.8:53 hex-rays.com udp
NL 85.17.15.247:443 hex-rays.com tcp
NL 85.17.15.247:443 hex-rays.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
NL 85.17.15.247:443 hex-rays.com tcp
NL 85.17.15.247:443 hex-rays.com tcp
NL 85.17.15.247:443 hex-rays.com tcp
NL 85.17.15.247:443 hex-rays.com tcp
US 8.8.8.8:53 use.typekit.net udp
US 8.8.8.8:53 s.w.org udp
GB 88.221.134.115:443 use.typekit.net tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.206.154:443 stats.g.doubleclick.net tcp
US 216.239.36.181:443 analytics.google.com tcp
US 8.8.8.8:53 p.typekit.net udp
US 8.8.8.8:53 247.15.17.85.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 115.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 181.36.239.216.in-addr.arpa udp
GB 88.221.134.122:443 p.typekit.net tcp
US 8.8.8.8:53 154.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 122.134.221.88.in-addr.arpa udp
GB 88.221.134.115:443 use.typekit.net tcp
NL 85.17.15.247:443 hex-rays.com tcp
US 216.239.36.181:443 analytics.google.com udp
US 8.8.8.8:53 205.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 out7.hex-rays.com udp
NL 95.211.2.228:443 out7.hex-rays.com tcp
NL 95.211.2.228:443 out7.hex-rays.com tcp
US 8.8.8.8:53 228.2.211.95.in-addr.arpa udp
GB 88.221.135.105:443 aefd.nelreports.net udp
US 8.8.8.8:53 213.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 216.239.36.181:443 analytics.google.com udp
N/A 127.0.0.1:9050 tcp
CH 46.28.207.141:443 tcp
US 128.31.0.39:9101 tcp
N/A 127.0.0.1:54902 tcp
FR 164.132.77.175:9001 tcp
CA 167.114.35.28:9001 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
CH 46.28.207.19:443 tcp
DE 193.23.244.244:443 tcp
US 8.8.8.8:53 244.244.23.193.in-addr.arpa udp
US 8.8.8.8:53 19.207.28.46.in-addr.arpa udp
DE 131.188.40.189:443 tcp
US 66.179.251.201:443 tcp
US 8.8.8.8:53 201.251.179.66.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1e3dc6a82a2cb341f7c9feeaf53f466f
SHA1 915decb72e1f86e14114f14ac9bfd9ba198fdfce
SHA256 a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c
SHA512 0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

\??\pipe\LOCAL\crashpad_3924_OCFSDCVPUGJZYBYD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e6e18e9e255df30302b18983af487aae
SHA1 41f8bdf11d91fe0770af19e6d9a5e084b2b6cb4d
SHA256 db5ec26a5f716db9103149e32d7433eb325dddd51f551a8cc2307e3929c5c34c
SHA512 5912611dd82526599c4d5eda627350a6236d25a8e96c2d7f0d9bf78ffa6e8c49d9131ff248a389a00188d21c9ce5ba15a14757c5ce93ed24ec8c51d592f21c7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f506186ebc16b7b077e1a1b49c4354b3
SHA1 6b43b8da5e3b2376f0de679d76db7154e6fd10dd
SHA256 4fe923e20f99cb5898a9d1b9fd6f159b1723aac28deb7072e2bcc44e291eee07
SHA512 0208de32e53afd57d453a18df352fde76601e619a6c801a49d1df04a4bce79719202258e7af4266a953e89982bd8c7aef05f9dae8ddd8792163d0c5282132e57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bb12.TMP

MD5 cf36421d44c7bc9ed90ae2f824449892
SHA1 5d2621110af17f81f0be217a26abeca537615ce7
SHA256 9ca7606dd1c56bb579c2aa7433e56f47353e8890591f77dd0c30cd17568aa8c7
SHA512 b84d746f4a4240967e1165d6d9c1c22c79df785772002a2babc70708be44c47c95c0db9aca03af0a827d45a00707654cb4e12b1885b818e9d0f98f0efe66d3f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 a127a49f49671771565e01d883a5e4fa
SHA1 09ec098e238b34c09406628c6bee1b81472fc003
SHA256 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6
SHA512 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 02214b097305a8302b21e630fa201576
SHA1 90c2a31521803b73e847f7a3e0cfceec84df9fa5
SHA256 1d98076cfae6a0a8f0b0b1c654270b900de83e633cc01d98ef63e6a8e485a3f4
SHA512 553c81eb51880f83b9918aef766ff0f41170895b1cda2589f0b69c3d1362de8e8decf14a413f6b5df1fb7ce07fc939211407b29046188b37c290133c9d5e1cd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 805392659850fdfa60226fd42ef81971
SHA1 10470407571d6def6de4f96c9a2b0c3f7a47cb18
SHA256 45ae0c1890c434bc0cb4cf2cba10a8dfcd7dcff7a40f653bece6f2c9f02da195
SHA512 f9ac02dd1b2448af61ada309de1cfd8d3c18e2d726b188c4d0ef088d2566256cfcab2b613357f3156c3d2d6d3763d7e70e95ecd61127d1e7ff8749a1b71b5023

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 173b04c98fc8511bfb2d73b5fbe09ba2
SHA1 c5c0d19dcc9dae25ad3c00c2edbef880d3c90cc9
SHA256 acc9250932acbce7060d92b828cca6029d80070aa9e5ce81d6e99a917b564b9e
SHA512 b823770501dbd53b24d969bf20f3765689497133f578047331e9b5dbdeb68ad89d77acd0a2fe0fc58e1a8867c2b100593a956f8db9eb6a0cbbba3e243e6203ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2071e38069fbbe349e7109602e0c5691
SHA1 b5ca7e06651b98f67b5002ea9749b8cb607c2982
SHA256 aca965ab0de701030706393eb8a033cf66d383e47e8c6bdef7a24df9c1daf3de
SHA512 4df9fc0ce82a8b12f25d543879854d7a16067f79766a682e39b97cca1a5fb979367f5921c20ab709399383c1becef4f4b6009f2a0d6e029632de405b9c4d3755

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 bc9faa8bb6aae687766b2db2e055a494
SHA1 34b2395d1b6908afcd60f92cdd8e7153939191e4
SHA256 4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed
SHA512 621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d512354f015dda818c079a954745dfd7
SHA1 1449ec216992d5f80cd769e5c4eedcba44ff1d0e
SHA256 67298afb53f76f6a138cc04ca72a8234d4a9c11c3e96b72b3af4a120db7e86a1
SHA512 65fbd026e8f09bd6bddf925c685773f233ad8b18930de7f76e71f0ecc697f2717ae2e76a00959c793c5754fde9174b940c998799235993872b13ef209d429b1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e56e99ddf600ffba7953482753d77dd4
SHA1 53e010675e2ebceecf7cc9f65fcff50af17bb9e3
SHA256 c7215021b6f6877f4b2ea000f07934139d9962bf39700fa78a71446b71aebee3
SHA512 07e0179b2198dbb1d686ce11d86990d83c3caff94cab6730c090c0fe144d9eafc8d248629c026b060c7ddd91ce0dfadd433a28d4274ab31c0c29dd5ae5c2169a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 13d80070357471541e0223a080d4a404
SHA1 c0f2af214621b31b7fce5b82778802c59526621b
SHA256 ffc24a1804fb1f50d1b87b34f3badd58b5adb1562eb94b988c5381e62f9bcddc
SHA512 1913ed73e2e6e053cde00abbdc81f0129d7948d243a12a3df933f2c1755711ce98a00370b2fa71658a78e31f8dff3f9c1d4f8baa852fbbdd5b9ece4e3d03d7e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 312d0d2d6f2fa23662f332247b4c2312
SHA1 295094e92446d523b9554d190a28f43ccde49df8
SHA256 0d26e1bf80bf6582ae87c4c20bd6253a64a3042b105c066e893cfc210f113c60
SHA512 def3825553b9362eeaf066382ab2787d88060009dfcb9bee280f1d5c738d8cfaa83958555adb9ee060f0f7bdddec6fb3d30ca5aee1bc3b5b4332be3757f0f293

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 478a8eb2524b322629223857cab04184
SHA1 383c9ca5bd7f0340809af015a5947fa3a8ba9ba0
SHA256 2d931132beb3a15f992d8f4b0c0e648e13391e18f58925daf9163933f04dc7b7
SHA512 189e8d1aaee1af045ad237568292a4d68e79d0af927fbe54fb8828130fc61ae7e3299131909279b0df933b96093471cda829acac5da740d29bc9bf949078d869

C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRF7C4.tmp

MD5 99b50db8d177a51b7077084bb75673b5
SHA1 ff68863631241c2159cecdd03f5101e628b25bf7
SHA256 09db806002dd23cf97d5b8057a792fc90d11fe5c595f63f92f5c4494b33cbc6f
SHA512 fc5b6d06f95fedfbd929ecb2ed5f86cd0fd797140b54be29b23c8096925c3025504d0613f85ea4c2f0e459b8cd59dba22395c8348801a332d6595bd83d87d4e0

C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRF871.tmp

MD5 122a3741699fb5c0950273245c9dea15
SHA1 811f9149e3310a8e6521da156f92f3aaab012145
SHA256 f675eba3b22e0a2238ec4961d99de3bacca0ab553ab26eecb49800a12a9371ab
SHA512 567c480f70fdc78769ae45bf83b6632f7ab380ebeb00689028d39ff03840c8b778149a3fafe1dab2ac77a1fd17a23b09f58774b1c5e791bfd33b99528225eccc

C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRF95C.tmp

MD5 08ad4cd2a940379f1dcdbdb9884a1375
SHA1 c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac
SHA256 78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8
SHA512 f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a

C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRF98C.tmp

MD5 2f427b95ab4d18e83f89a001c6b861ad
SHA1 56d10658f71f102961ebc334d277728025d01cdf
SHA256 00ec351fd1e77bcb5bf452b9e8dc5b386c65d74d02815b0adebb70fb57db5416
SHA512 ebe0b9ca89c2ac2e70d23043b495a21d5c29b5e22ee458641119b7394ac307ae50cc2f636fc409ddbb2039361547106961dabcae0c123055c315f8f900074d97

C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRF9AC.tmp

MD5 244b008f537c6cd46e5966239509f5eb
SHA1 0e7aed119aade535838f4f78cd2be2b3927eb6f1
SHA256 267b3751600d37b686619a06f83ae1e643f6a9d05892fe41ff18a04fca4aa8cb
SHA512 e48efcdb3f8efc4558ef7585d7a830ff48bfab5a9a72a02a6435909d550b7a5c1b2a2948a19a18473e0ce97f561f75e3e067d5ba4209125af1f0e305ce8931d7

C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRF9DC.tmp

MD5 c04970b55bcf614f24ca75b1de641ae2
SHA1 52b182caef513ed1c36f28eb45cedb257fa8ce40
SHA256 5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80
SHA512 a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40

C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRFA1C.tmp

MD5 77fe66d74901495f4b41a5918acd02ff
SHA1 ce5bbd53152cd5b03df8bcc232a1aea36a012764
SHA256 b017168c69ef40115141813e47122391602e1af28af342c56495b09f1c3c7522
SHA512 cc6e323d0076577a0a04dbe2c33d90dc616cb5ec3637d3df67cbf169766ca2e6de567fcff4f32938fd6118d98e4796642a3010b7264f0ae247fa8f0fe079bd70

C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRFBD2.tmp

MD5 d74aadd701bfacc474c431acab7b9265
SHA1 8a2b424d1f949430ddc1faddee3e9ccb79c95de2
SHA256 f1029f5cca3dabfeffe2c9db6ad84a9ff0f64f5b2fb85cb6ab348740f756e07d
SHA512 0ef85e311fb4843997fd5f87f0a2eec9715e26eae76bfb7bb701d8c043720aeaf7f4825d25187bf35e0a9f00def15ed071120128805445f1330c07c3e0ea5ced

C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRFF5D.tmp

MD5 924b90c3d9e645dfad53f61ea4e91942
SHA1 65d397199ff191e5078095036e49f08376f9ae4e
SHA256 41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322
SHA512 76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9

C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRFF6E.tmp

MD5 78de24eb7826b1338849ff0348a7e82b
SHA1 03080b8f1c9a7a46951d35f8623ed39c4ba4f722
SHA256 5101c472779b552f3ce044bc2542f726068d914c0d396c8dc1d99ec1aab80767
SHA512 f24ec06717cfbe0d2fcc4ce591b6b5161183c8f62a2db0a43512c676fa1345ddab397f7db6f612c4587ab431274d56bba58c71943afbf60276e45d404429ff64

C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRFFBD.tmp

MD5 4cf27e0747e5719a5478aa2624f6b996
SHA1 13df901e34f77e5ea11f36c0afedda7f86a2c003
SHA256 e69a9d06f2c17cc021ebf9b62ca110548facdc147b67dea4846e09865043d2d9
SHA512 4b0ddcbd7321128f977e1dbbe18cc76c7e489d4ee84b7775989e99778b5a60daa683c6063c5b700794b7f2070ae381fef20b19b3cb35c1babef9be79ff264941

C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRFFBE.tmp

MD5 124e89d0fcc409ede3595a253b788708
SHA1 bc88e037c3edea02dd20aeff10818105be9f4033
SHA256 27ea1b57a3024aec4a03188e80fdb2aa301fa5179c19be9c8b0dfc2aac73a114
SHA512 7cd0ca268a5dbd2aa22dbce1f253a2d067ca30c5195e059c3f431d546a20d1811592f8bd8fe88b6ad9cb5c6fdd6a4666ff451b84a5e790a9d5058865d48790b1

C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRFFCF.tmp

MD5 606f13d4d580b1f322b3f3d3df423bba
SHA1 02cb375e13b415edc8b5360dffdba531e47827ed
SHA256 c71a16b1056e522cd0365449448116d06f37a3273d77694d170340064511dd25
SHA512 867a45dc15e99148f24fc528fbc9255582e5534bb4696700292b70163fddb15f35ddf2acd0536a9cd78b4d8f9d827bf7530d2303bfd7e428f11573b381a0986c

memory/1180-378-0x0000000002BA0000-0x0000000002BB9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BR2D.tmp

MD5 145d5c49fe34a44662beaffe641d58c7
SHA1 95d5e92523990b614125d66fa3fa395170a73bfe
SHA256 59182f092b59a3005ada6b2f2855c7e860e53e8adf6e41cd8cd515578ae7815a
SHA512 48cb0048f4fcf460e791a5b0beca40dbf2399b70f1784236b6d1f17835201d70dfa64c498814b872f57e527793c58a5959230fe40ddf5ebdcb0b1de57e9c53ef

memory/1180-386-0x0000000002D10000-0x0000000002D1E000-memory.dmp

memory/1180-389-0x0000000000FC0000-0x0000000001293000-memory.dmp

memory/1180-390-0x0000000075580000-0x000000007558E000-memory.dmp

memory/1180-391-0x0000000066680000-0x000000006668E000-memory.dmp

memory/1180-392-0x00000000710C0000-0x00000000710DF000-memory.dmp

memory/1180-393-0x0000000067C80000-0x0000000067D0C000-memory.dmp

memory/1180-394-0x0000000075240000-0x000000007524B000-memory.dmp

memory/1180-395-0x0000000066C40000-0x0000000066C4B000-memory.dmp

memory/1180-397-0x0000000067E00000-0x0000000067E1B000-memory.dmp

memory/1180-396-0x0000000066C00000-0x0000000066C14000-memory.dmp

memory/1180-398-0x0000000000FC0000-0x0000000001293000-memory.dmp

C:\Program Files\IDA Freeware 8.4\ida.ico

MD5 b1edefe3c9be279b79f0811ff2a7ab5b
SHA1 cd09e97721fa94099f9d653fa5444002d032121f
SHA256 e52c2db28a2dc57cf49663ee089f4876d9c668b38151145bf4297568297c4772
SHA512 ad6509cf65ca51d37eea4ca6da3f686048a7e2dfbd62d52df3782c0ee13f0e15098236b8f342a77beef4bb10a788132cbe8b7572afe203dd99a6f69acfedc6c1

C:\Program Files\IDA Freeware 8.4\cfg\ida.cfg

MD5 b625cbf4d66bc28a036ca27cd8f74e91
SHA1 75efc9caa418fd9239de176a7ba259497049c20b
SHA256 a6f78af367a48f519fe6bc061f3c2bd9a39b2b8292f0eafa2728615bc0459ac3
SHA512 8f52a1203cf948ae84357008839e8c72fcf5bf34325fab610a4beec1371a655247cf0162746083970a3a2b2d312334993c07429864b868f633d38c5c2369ad0b

C:\Program Files\IDA Freeware 8.4\cfg\idagui.cfg

MD5 b728480b698d94fcbd717f66e30c859a
SHA1 55cf565d80530dcf9bed32cac94412eb03d66a2d
SHA256 2f9aade30a97e7114a886b643d3928fedd051edc418cd43f2e2b46cf41dc6efd
SHA512 f97244f7dc9b7eb3435fe7d09896c5d83da988eb36eaf7cf366e1b76d2bf3a62d4001b11171a19844173f566fb40266427ef0ee776e4b406d1d6e197a85e58a7

C:\Program Files\IDA Freeware 8.4\loaders\pe64.dll

MD5 fe9e929e0e8f62773b9d3a3960a0e04f
SHA1 6d92f8057c0fd2ffdaab1488f637f1797af3a391
SHA256 982078cc6a0ec98464b9ddb3ed697bd44e26607bcdeccb3a6b40e2f2d3f54275
SHA512 f14f0d12aec76668d9b8bc02c9395270729fb7e100e316e7f5211e95eca18755c8ba91895c60aab038664bfc483cab6b252f95c90645a887e6da5f936cec058a

C:\Program Files\IDA Freeware 8.4\plugins\dbg64.dll

MD5 5a3e83bba0be4f4c945ab94177f2ce92
SHA1 10dea10c42455395fe33f8c9878d457826929dbe
SHA256 e929446499ae4ac3c52023ec3a24d74776ab60943c0b5ccd1966653abec02a5f
SHA512 2b23cc5f42f3bd946b4d9d5a6ab69eeeb379ee006d54d3037ce21a624b66af07f5bbd03b904d68b19c40e14c0aa4c5f9fc33e47a00413c5d82129a9f03554424

C:\Program Files\IDA Freeware 8.4\plugins\eh_parse64.dll

MD5 499ef7cc7750a2b55f79c3e900b7c0de
SHA1 d0d9052592583195ed5fdf9d9351ae44f5994a3c
SHA256 263d60d029771ae18c8197b66e711f8e3a7839ce8d9a9cb0008c92866de14eb1
SHA512 311adc47f3d8085a3b736db3d8f4d0a529ea9fa00fcea16546c9ede9e520877502c92489a27f06054c55e6dc3859788eab56bdea88296d086639d35cc51afecd

C:\Program Files\IDA Freeware 8.4\plugins\golang64.dll

MD5 a511bd88ed6868f4f203fd008248b6e6
SHA1 f0006bf7446c8b38b25a2dc61dc48acae6ab5215
SHA256 99e4c2ebace2cd5db1060c9e991ef0156f66496fdc39df6c065b70da45993b9c
SHA512 274512b24ecd7e4606942d02857a6d656692e50571c829661379343043c10f8a3fd95459b00b30dd81ec6b457bb67f433a16b62970aec4b61cb6727f96a9c6b5

C:\Program Files\IDA Freeware 8.4\plugins\picture_search64.dll

MD5 83d24f9e9b3c9b6b7e2f4e7c78162dad
SHA1 df99c99fbfa0cdd1b7057e6e4c76f550e82daafa
SHA256 2e8cbb322bfc02f97e8e20de3bd7dff365ee5ae13fc77b1baed3a828adb48b0c
SHA512 cd1db5fd4932638f2ea0397cdbe53f6b501cfa971fdcb8cc0c1f610792f932933bcaae0585243f389cf055c1ceb7e0e83eb0304b6384641a123f2894701af398

C:\Program Files\IDA Freeware 8.4\plugins\objc64.dll

MD5 48e5b9715bc3704303abc6b0e1fd5c22
SHA1 e8361cbc039671e8ea137ca2109a01f45b8b41d6
SHA256 5f33e90c3bf5dcdc73cae31e3d5494f33420331373dd3dde5bb4955a73c1d0de
SHA512 fdbd65c575c8a57804ce5c9ac7fa52261379f27cd530654030b8995968c4f59a03c9b148faf11d423f9920f882386abab1a14dace0e36185468f7ae096ee15be

C:\Program Files\IDA Freeware 8.4\plugins\win32_user64.dll

MD5 da2b4680e29b9acde05b759be8df3d52
SHA1 a7bef83f81aab0d6e4182b1225422983215dc7a0
SHA256 1bc896cf61dfbe14d0de90dee1e3f96733d35ddc7ebf8ec015f497094bb1fa20
SHA512 febf76904fd086f34666491987fcd8812cdeff752f86396232d4e7ba87a91dc213c815b8325b74669f53859cf0be8ae0841b0f1c1e4435715bd1a242b24e459d

C:\Program Files\IDA Freeware 8.4\plugins\iconengines\qsvgicon.dll

MD5 ed973fa567bc9c2b14ce5be86679f08b
SHA1 31f66ade30fddb3be4bed51bec2358f52acedd03
SHA256 2766cf3d89a52b10b8b3432b3a0b991a9a4b36a127bf00ee7cde995a50c46fb0
SHA512 4392c9d8a941e7a4d99f76a7f4572da43808141e57c3cc09df32740c6cd947e58de74a2db8b2ce9923b11ffa961fa1eb792b830ada5d797ae0ea7e746668fda1

C:\Program Files\IDA Freeware 8.4\plugins\styles\qwindowsvistastyle.dll

MD5 32e85e3303bb5675747fef26fc744089
SHA1 f5b5a1c9834a244ca73368c3ffda1e7aeed1dd04
SHA256 b7bb8a6ce946cd9fd74644aac3152ee8130875201ff174662a7f5fc28d1588ef
SHA512 413c5cec9a198bc43769fa33da7843ebfa4e73d676132d08c8ba076c37477c2c4cdb2cf2ef73905bb805d5348577e61187bae6ef61227c104703f00a193e99f0

C:\Program Files\IDA Freeware 8.4\sig\pc\vc64atl.sig

MD5 abbab907a097ea6db9a868f9c209a956
SHA1 8eec6ac8b2a477258d8b4dd0b32c8eaa35290866
SHA256 3af82192edd3c7a8e9d4f69a74bb4d902947b68ab1d10a717f4099a39b56970b
SHA512 de6869e727d44dade9eeaa5d62244a2f7ec3add73e57d523de61c32e224ccd26b1b1822815e20297de0a3e30e8d262a8b6218baa1485a7e68d81b2a4d0304495

C:\Program Files\IDA Freeware 8.4\sig\pc\vc32mfce.sig

MD5 0fb109c73c899b482f4adcaac9b81154
SHA1 e22f11362622e021853ed9eb76bb4a869bc178ef
SHA256 04c7cdd2470bc63c89efbf4fed1281c31613bfd4612b51536f9cad6f5ca0b33d
SHA512 f832c6ff2424f8543fc723d82bc0cc4aea19a555a2af235ae45eb157fd73a7211055fd2469540bba78787c80c841733ae37099083b09e9da1ab17c838d1de9fd

C:\Program Files\IDA Freeware 8.4\sig\pc\win32unx.sig

MD5 803f49b221509dba553cea05346ff0aa
SHA1 9da5eec62e6b5d65cd5e427063b1192e31fa3e46
SHA256 661be014db25cbbc22e5b6da1dd5dd21b36a291cc5874b309dd784f0d0ab6abc
SHA512 e15c66de870a8e916ae5d159853723a55c5459804a3b353ec1b409bf71d6fd718df916c95f6eae4318faf9db011bc6170786a64f186403f87a55b85655deb464

C:\Program Files\IDA Freeware 8.4\sig\pc\win64unx.sig

MD5 7c792ef9cc9797ec4789794870812f4f
SHA1 2f395399a375661f98b4a2dccb7bc070741dcab8
SHA256 d99dbf87db845de36235f9b5f94816b5c6bba743dba6d850401a3610aa884aad
SHA512 5224f02c9737986f46c802cb07a7dcdb6734592c42e8558026b5c4433c142d511f15cfd48dce7c1a4da141248361441be8328aa156b9b017dc27ab681178f4af

C:\Program Files\IDA Freeware 8.4\til\objc64.til

MD5 43f4e4bde98bd870efa8aa8d90e006d5
SHA1 964a82557964908939127829cbdd2819c06c872d
SHA256 374a488ffd7f8694123d57c7a04d564528c9b585765bffcc4cbf9ec5b2cd9025
SHA512 ddf046a69f730126113db828c7cb59f46d3019f47da791d651a01f3da5cd82dd17b3ff833a32113d49301923b74621e279792a475bc25da73ae1352194c1d9a2

C:\Program Files\IDA Freeware 8.4\themes\_base\theme.css

MD5 8ffc5e0332c179b39ea97838267de499
SHA1 65f52e9e5495095f25ad8cc98833db3504475d88
SHA256 95d9db914e2134a71317f3114b8ef6d82d1adeb7ef8aac5c46c11d31d6642856
SHA512 ca5839baa5ef439613493a17bfa74d1e525eefc14ac496ccf5dd4e270d3a75746e5e74a8f2344fb22dba619b3ebe9f50afdcb23e6fba8a1835aaa69eb309c39b

C:\Program Files\IDA Freeware 8.4\til\pc\ms16win.til

MD5 64441c0f0059e12f77a0f0df560a12e7
SHA1 1e8d1aa8ba94ba98c9e794e5b7d63ca67a85a216
SHA256 3cf092e52069cc9d5bb2a010f7ba13203b910feecdf9936eb3617bf34e3742ab
SHA512 f4728610a78821a144ea88c8f92298da3aeea5bf7b1d1e90f6aa0607b1b0c232ef96d4f9bfc1b5a731714fa6c841095fb51064195dd0a271aeb66716ff09a9aa

C:\Program Files\IDA Freeware 8.4\til\pc\vc10.til

MD5 a612ed986a433af427fa63d7da58fbf6
SHA1 2da6a2690f2fe31785d87097d14235653bd2ef33
SHA256 2fa9585da69e05741692879ec616336064802e944211c0b4b9c01ceef8e728a1
SHA512 58230af8119ca6e07e867b23e41b1042a9d578755572364c76c85f70c10fe819ce066df9f49ad59fbf3f281d7cfc818b5cc45d1092501799b15a3f4458c9ed30

C:\Program Files\IDA Freeware 8.4\picture_decoder.exe

MD5 e0ff1bc6952de13207cb53fa7a3b4971
SHA1 26e7e2ec51174ab9573c53ad81245042c69087cb
SHA256 7556d9679ce327b9118f5425f86a490255dce9f7979882a3071732b138da4a14
SHA512 59acd3e64d02439d85245d2bd5622f92fc9d78c6bcc1c282e8b90b8a40ae6eedab175068dcdd6a4658e4762bab503c74aa11b3de41af5b585e6aa3461ceedcd6

C:\Program Files\IDA Freeware 8.4\qt.conf

MD5 b94a2770e638de7b863b8edf907e9b1b
SHA1 7ffa722fc4db9b413f9a2364ce8dfd4afcf678de
SHA256 2b946593df3a65ab7d2bc4d5ab26606a829260de2b2441299e1bbcebc33f4722
SHA512 fad27a4cf44b45e39fa2d03a5fd9ebb8c4119ee00d3d0b58cc712492a3b5d1fac31cfd02480b7e2249eddb9a3cf873c1fa84c531242d00266df69e7dcd15fa44

C:\Program Files\IDA Freeware 8.4\cfg\exceptions.cfg

MD5 b5a5da214ecc8c99731891d0578422c2
SHA1 fcc10f731f88c83cdbb48a1f74e0697270634609
SHA256 095a9959453b5aa6139f786aed1ec6c8676b357421fb293fa4481267a65242d6
SHA512 84ae27b2c404bb428bbd532eea7cd2a485730eb26b8e0ec8f345a6b2bf541d9efbf61251f96f73514fcba6413630aad616b5a76ec6ceb3d3c97090de8fd92b11

C:\Program Files\IDA Freeware 8.4\cfg\golang.cfg

MD5 898540748ae58a0abecace6bea231487
SHA1 e66a8e3b2d329def51499442d00ff20f06636a59
SHA256 e360af6b8da6c32186d9918fe962da681f6952d75832b5e37148e57ad27d66ba
SHA512 c5f85332b42343e4c6a774eb46818daf06edf241bf23f9a226ebfaa7fe8a39d62860e589e958da55508033c1e66a7d089f374c2aeb911ca31d16d1dfb45920b9

C:\Program Files\IDA Freeware 8.4\cfg\hexrays.cfg

MD5 b98594e407119672630a535c919bc54e
SHA1 0f9bad58ee7072f78f3376cfd19584ede68902ec
SHA256 494b55b67305f8b2dbba18088eb286fb244a4d2796eae79f3b9bd3360b61d3e0
SHA512 698196411a9e78ebc0b0d4554ed28766e10be8df6e5e41d8c614ee85b9d489dd7654fe4461602ffa232b451b7fc78b1be6393e7b2726bb7c705c66cb7b555fe5

C:\Program Files\IDA Freeware 8.4\idc\bds.idc

MD5 adf2707c1776ffba6a48923a41d1dae3
SHA1 4aae34c8d782ace4418fd4b92b9289fce2fb5387
SHA256 784b6288cecd998b396cba5048a9c75fa06982d86ebdb7a7988f7d51e62fc5cb
SHA512 66cbac7ef2515e633b91d62641fc23fba62271cc6fc9412659fecfda934f320759e83a4c983ba1934037246c7e3d15b2e1923dee8a21f2610c4d6f6bc12023cf

C:\Program Files\IDA Freeware 8.4\idc\golang.idc

MD5 7264a8f8bb4adafc524d5d9566cc7913
SHA1 1557589481bb6f7866bdef0f9b8963f4041949ef
SHA256 f5a46d1a64f104522754d9f0a69750330752d41a8d90ad46b0cfbf9a2eb97495
SHA512 5c2835a752e78b9a2848d3e31cb08834d3b8f04b20f6bfce7485274134524baaf8fd5b12f7d5c86b5bc8c81ad63800085a46015c8b8585ffe85c216e3eced8cd

C:\Program Files\IDA Freeware 8.4\plugins\imageformats\qsvg.dll

MD5 10be44153141b7f342a98371464e9327
SHA1 6d2b21d0a28382d85a1872ca964c0693a3caff0d
SHA256 9cc9cfb7db2cbd70e199c32456186e7ded266fe30e450207387494101a44a99b
SHA512 05c615b9866c63bf56270e844f83d0feb6483b38bdb1f6ad0b3f56070c6b29a118bf78711f9256d3b1c5ee20292d88332f00b89ec9a6e943ba2c80f108385f63

C:\Program Files\IDA Freeware 8.4\plugins\tds64.dll

MD5 2f3c6088692540d08381da6c2e0f2b8c
SHA1 d8401d7c0783fc615cf35ae1ff8eab75db74a85b
SHA256 616458053c4d8442f45c112ac7472d98ee35e71bbc3f99b2a9d8f4b13d5de55b
SHA512 94245892e5898a756fc2394863731387a70ea5db490b8d926c2459d5b39b8984eaa1f2806df1f7a29cb7fda4d778d1407923c459639c6251673ca05c3fe70731

C:\Program Files\IDA Freeware 8.4\sig\pc\elf.sig

MD5 f9ef7d055ab878e6e0d47bf8484af8ae
SHA1 e40f78dbe57f67f2ba9e6977d0ff9bbea087e4f2
SHA256 c017c54f899424f95c73b579fbe223d64aed7f383dedb23d143bcc3e70e2e901
SHA512 30f2e55dbd51d6173511fcc62a533a11bcc0ccad18a19520288e32004672dacfa17b10a34deb46073b9cfddb42294ec1ce6dda8ec13eb4bb8acd1b134e4b2624

C:\Program Files\IDA Freeware 8.4\sig\pc\elf64.sig

MD5 5ba8b5793f1be73ebaee566c9828c952
SHA1 2ef221a7dc80f9995be2acf1b0fc05d80f5e827c
SHA256 19960ab3168bd8e19bd44af7e3ba92ed006e086319f40f407d75af49e237e4ed
SHA512 8705cbd1cc427144110f5793144dea7dac849ff86783c7571611646eaa51224ae04285ca4993a91e444043cd9e1ef05af58d9abd5f45e477040876b50ef49596

C:\Program Files\IDA Freeware 8.4\plugins\plugins.cfg

MD5 f39ae2f72d5b94013c720a7f4e540fbe
SHA1 f5c006874adfcfd0e3862ef616b00af89ab59e37
SHA256 dd60b7374132ef1bdcddbedb06fa992168c351c7112b9cc6e65d8dcfebf08479
SHA512 f73fbef26809784a98989bdf5cb921b0de0a0489a1e65d1872f1fe59323136f4d4b1c04bef8d62f3e20d98634ea095e162e61b10d341d221587184bdfd837359

C:\Program Files\IDA Freeware 8.4\plugins\bdescr64.dll

MD5 8d8ea1d2ab0c6cc789304bbfa881a134
SHA1 f4c833547fb9ae9b401e02e744324c935bb41f9c
SHA256 f7151501fe135c5376e15d650b8c5dd67aaab8a564555c2012e6190576c266e4
SHA512 9a920091bebb9da683cbebf6126a1cfc2868eb3ee41eebd6e34346d4a35e5976febd451a8d7040a75677f7d9dbaac05dd5fd97b8286648631c6c9dbbd63079d3

C:\Program Files\IDA Freeware 8.4\sig\pc\iclapp64.sig

MD5 9e753a100822e348b3c95729837abf0c
SHA1 1a300c2a88122fe95f01f0f1892c7826e576486a
SHA256 e5cee88a05cad4f1772e6e9d30d362ba88e556222f986adaa6c78272368c5b77
SHA512 e267025d1d3c1cf83902453905a474323f90d9ba821777ddfe9684df132ca5c5c1e88741acafa0de86748625ec016c766eae17fcec17ce7f0f871b94cae94a0f

C:\Program Files\IDA Freeware 8.4\sig\pc\macho64.sig

MD5 ec7aee01061b384f4b1f4ee39c9b87b5
SHA1 46e7ac1e1d6f4b0d0df5a3354ae62b848910cc2d
SHA256 646102242e21bf3d58b687788e2090c2b6bbc1f5025eeb95b185c724f81e0332
SHA512 8420f85fd54b5778155378477db4e10ce37d310c9e4991090af023c201c0caeefd356567369927b709f606fc912c51b20071d7639d047044ed31646a319a5c09

C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc2u.sig

MD5 21775ef05bf903f156dc23514494b457
SHA1 179c92f4c224366a36d7a6d5b4d28e3de4e46229
SHA256 0aa228ac89590fd96e4ced1578def8439eed390b9852d1ba5f6c701bcae1535e
SHA512 d96b72045143648e267aab954493356cd79a5e1a8a408459eb8c9e4e5a007175fe0a49c938cbcd720c3bc883e883044126437d46c64dae90529a3536d1f9490a

C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc2d.sig

MD5 09ec67b9153e1e4d2ee0484433be75f9
SHA1 4c3c821cf8072dcdfae08a493183db7b3b5c4ac5
SHA256 6e00566af5311c35e93c5f89278519c1afd6508ad2bca0473f4a9e0f44792c12
SHA512 c5bf531f70b4548211d3cee977bc84449a0959c6915c2dec0153d5e1354dc2c78214996f3c85595d551277c948581c84b36be770253d23f70d843f1f33efedee

C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc2.sig

MD5 d699c676db603eb5ab38db8577be9679
SHA1 8759595eea903594eb978f46c3ee31ae2f9667b8
SHA256 9f5be3dfadc89139c9447d12b25ca7e1e8d318753bded8e954d466699500b021
SHA512 cb7bea4bdb72e746fc5ffe5d85bb37caa2f403aeec546f138ce66ee6be17d2e0746f7bd07fd7f6f51475c8e362ade9d639f3d878619fa1d7c6f7077f2b0e9e58

C:\Program Files\IDA Freeware 8.4\sig\pc\mssdk64.sig

MD5 cc5df08d76da71a1f79fe55007b30ee3
SHA1 d62c1681ef1577dbfbd4a3f74c78d84b7d1864f9
SHA256 24726d7f5de409e6b6ecedd8070cd01f3806bd5184505d7469186904ed6855ec
SHA512 bd5ff0fc4d6ac0101615ee0eb349215fba8cd2cbaa451784b3f024b337bca97b3755bac6ac92d9e62c171356bd6e6112ffc62e0b28edc1779037d84349cfec21

C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc64u.sig

MD5 e22423f726b91e0e1621318222e3dd40
SHA1 13d4c1db150ca7f0bd48b81b7808acbf886194ea
SHA256 8b80af011101e9138a0f785a67b05de2e80a703f9f2d463c25114089ceb55c20
SHA512 89cd7a0ef6afcd52c6ba1fb38a4253e0c9fb179d039de36b2092771cb3b18d25861194c975a3bb1ce66075d9d741187cc4bed6ed38012ac431454b3adc35dedd

C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc64d.sig

MD5 447d5ca3fe46301778d9eda0ed8c43d5
SHA1 db552c16d972cebc86e08920e10a2acb0134bfe5
SHA256 6e76be99b59f36d8048483efb64b095590c5c7bd3e753d2f4ba2aac29461bfc1
SHA512 05a21b29299da5dd1a4d060d89e9907ed55db75de75f667228a471fae544981e7d4ef5f66369112ee49bf2c08c3968f242acb93a027bc182016026b41fe8ff62

C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc64.sig

MD5 de7877722be080e13f58ed4534d6de3a
SHA1 235291be811f55f0fe36a8540b912f46ec847bdb
SHA256 3cbd4645d965e60d589e56335a868aa25e89dfda149fc0105ef56806730b6f10
SHA512 a755ef6cabbf154fc1b3d36b44f383832a4cfa228a0998899962e6798715594226176210d82acf9cd91f455684780be39f0852b8ca9d933741ec948bdc5f2e48

C:\Program Files\IDA Freeware 8.4\sig\pc\pe.sig

MD5 4131fb5d17ced8d70c1878e172585f1f
SHA1 1311bdc7e13eab4e2ef89ed5fe8dd812d6cd7830
SHA256 714909ae09b1aac3f40bbcfdf01b628e02a6e162019d1ef4a8c1d7ec517a702c
SHA512 92daabbe06cf7245d23b114c1cd3bd84615d2eb4b520d491be5043577492596690b33555ba271d5a3654e5768f0d2f0a1e7dad9185c3de42965ed89baf476b33

C:\Program Files\IDA Freeware 8.4\sig\pc\vc64extra.sig

MD5 4c4888594b9277a355aea2251a41ef20
SHA1 4b001980f73f786fdca90d9f3ebfa6af803f4a45
SHA256 a87ceaa9f68569c902fd9f535fc7677c27100b1d48cc4fa8b615335879e4c7cc
SHA512 dd932e119447ed4d3261f8ef9b18e6b2a6f63235881df25067fa383c334f9c4bf9efe09ed71d308aaf7ff59486775e5176898e924f759121ae482e68c7bfa659

C:\Program Files\IDA Freeware 8.4\sig\pc\pe64.sig

MD5 b15e0f165448a172d2914faff4bfe163
SHA1 dea870863079c54d12f1a7f5fe6ad7078ebebd7d
SHA256 9cfbf91b2b3ed80665d0637fbf621d4e082fb29e129bb60c2a271d9b21123a4e
SHA512 c24b2aad3e65cee3adbb2d46438f840ceb5e46c7dff2d4560adadcbd788f97ee932cc0c928b248effe99d26809ad259e0aa61941de17a3cc9048607f48df15f3

C:\Program Files\IDA Freeware 8.4\sig\pc\vc64seh.sig

MD5 d450fa792ec5161fc160fa54736778b3
SHA1 47a7f5ab55df1987ec2dcb2824e1e7c5b532ef7e
SHA256 71ea518f3a5823f1345667168157e6782a70bc1d4d712a1f736cfa5ded89c357
SHA512 2623279d23a419c37667ed496e180bcb63189dbe57fbd95ff357a558ad749e7dcf6d1185fd334efbfa78e66db46705cefd89566ac08705b7eefc0f208c15d8da

C:\Program Files\IDA Freeware 8.4\sig\pc\vcseh.sig

MD5 f659ed744a583cebe8a9defb24d7deaa
SHA1 8b645042c421d4fa354dc2ec53898a309cebf6f7
SHA256 eb5c3515a7ad72a0436f6df8f45e02fd817a38bfdea783bb5897b85539789688
SHA512 8857002ff3a3c3467fd4d6f27ad7d818091432a0950816bef0e6db1c8207c84ee1e71b40a4217e0d0cf63c855a27d70bcdf5548801a2e93552a6ad2d0f3a9505

C:\Program Files\IDA Freeware 8.4\themes\dark\theme.css

MD5 2ab203d1d8f513cd42656457eaa3d874
SHA1 34c3e380535d3fc51a2301da6bb88a30660b3e2b
SHA256 c841c3475a471ae608669b8dd2ad0bc0cbe27fa7038775b82e51efdc5d0fe195
SHA512 e15990b3ef9a4c53e4e5753682336499eda0dd581ebe0145423446110f124992a4326bfc6f042cf65564765a30abc21e018e98442c73912b27af1cd78918322a

C:\Program Files\IDA Freeware 8.4\themes\dark\icons\expand.png

MD5 88d318482b3de1a8ada927e659956549
SHA1 379322d9c42b9b9e1a3aee41b92122db8642901d
SHA256 98f79ce976eb484581ca168fa01679a40cdfc513f19479e6aaad9b078fc1d456
SHA512 cd224d454f58b33feee4e04a3156e61c75d42e670de6dbf015028045edb1f30029e2b44709e8459e3dd5934966bc83488940cb42b08becb23881107d63358526

C:\Program Files\IDA Freeware 8.4\themes\default\theme.css

MD5 b6cae5b360c999ccc6de5039d4e9f14f
SHA1 5a4cadddc06b09b785ac95143598671b0a015e33
SHA256 57b025b6bd38c0b574988ef04267367428239c782b0d408da8bf787cd01186e2
SHA512 88502cfe60e7d564ef68318a310e5c923eef1865737e723cb281cf960bbb999accd1bebb27509fee2c0a6960397df10e46afec1f31a6d8257bc3c4b833c3a5cc

C:\Program Files\IDA Freeware 8.4\themes\dark\icons\spacer.png

MD5 fa8ec07db9e8bd0a335ab244ed005724
SHA1 8de58a612454551c1bdb6f126932add3be0f9013
SHA256 627a73dec6ba1569b2bbd1ef41ecc3dab437afd470bbafc45609b3fb019f5525
SHA512 e3c3f932bead75b7f1c4b71d5409a932bb79e0fa537321591d4aa3a9667ffdfc194bc0bdb6d1261f676678fee7f3acf110847316c30848f5cd9c87e9ac51b230

C:\Program Files\IDA Freeware 8.4\themes\darcula\theme.css

MD5 18b5d9118dbde48b5a74d15415f53451
SHA1 162f114427288069f893e223505d9d4a1f4ed6df
SHA256 4e6b181cfc27a98ea6b829a84869579b6d44dc94ce2975bf5cfe58cbbb06e070
SHA512 6982daddaf6aa849d8918c10bb2dbc26a046b0d187b42a51759214619c6a77044374d31920d8a817328426ffc1939e4d659cb8d1410f1991d96c31f45764dec5

C:\Program Files\IDA Freeware 8.4\license.txt

MD5 df5e2be4386b169b08d1ac3389b2b5e0
SHA1 f7e14267007726cbc57f681ed862ea5a586c417f
SHA256 dbdcefa857b851eca2ad05ad6f7f871ecaabd35c7af98ed052307f0ddeb87e6a
SHA512 37d8463ce6cd19e91f02f7d9ab3c1f3b9ecad428117b0330d3b88aa9a6aff67b260d76f9bd5e64202816baf0d5650b2ff32712addbecdaee8b476dc20f92ab3d

C:\Program Files\IDA Freeware 8.4\ids\idsnames

MD5 1bdd9d9a7191da1296c61a00c769b590
SHA1 77b524b1f31e8593a9674d4029acb246d277daf2
SHA256 46d70cdaa37b223d3183e5f0084201085fb68a3e0c4a4e2995f54bdfb7a338cd
SHA512 7cd79348147e82b499e19fc32c1614db20b41931573c7730a4af9c1b7bef12fdfe0377558a2f623e6b844d9d4993567d556ae1fe53f9fba963dd4af3231a376f

C:\Program Files\IDA Freeware 8.4\til\pc\bc31.til

MD5 daf82a4c4a93f0714bddb6512cfc11b1
SHA1 9aca16b26768ffda924b137d073366ac8e0de71e
SHA256 abd2d82ac9c253f67465d6f82bf16bc7146357cc2c0532d90b8fdb0a0a0afdfa
SHA512 941912b205561f048a1f4e44cb0cd166a55b9efbc9461da5e14646abe220ebeb665ae5403a4e3ecbc47c4fc58708b98a6d6b92311ff8b49d6fcf18accd18ddda

C:\Program Files\IDA Freeware 8.4\til\pc\gnulnx_x64.til

MD5 36ead1da435276ca39c17a95ee6e9089
SHA1 85d87870d2a57a58527bf29d062e15a833617f8f
SHA256 731d8faf79ab3875338d7d9d03f8fc583f89fdaf92f5c484ba79e902cfc2b0f2
SHA512 bac31ddab91cbb500553b878cfa2c87090758dc4539a6c0af77aa3d79554824151be6e4e6ca8dd0ff3a5cd2bd860a5207d74acba899bd05facba0eb00ed07ba0

C:\Program Files\IDA Freeware 8.4\til\pc\gnulnx_x86.til

MD5 a032c62c57acec17547b4fda7950cacd
SHA1 35b3c06a1b53dedd27e6279fb0b83bf944fe1c7f
SHA256 d2e2a613f9317b498d591cf9c7f4f634f8bef14a21a5870fc75c4545831074c2
SHA512 83e71a52e8ecd1459b4fbaaea777f6ccd1ba90c8a1fb0fab5189e5181bef781200c1f8a5d9dd1d76a7ce81a7f5eb5cd75f0d9c3c3beaf61b66b63bea9ec1daa3

C:\Program Files\IDA Freeware 8.4\til\pc\w16dos.til

MD5 ad17b4450c74ecd0dffe3cc5c956609e
SHA1 13145357126049648a474afcdb9db8729587ed21
SHA256 66c0aaebd27a21c93ba89a98a92ce570605ff6a7a1706a76ca5f105c0f0b85f5
SHA512 ffb2f71cbaf4e12c3c4b17bda6cac0caf188b9ea394e0dc04b6aa918b2cc612fa7f750f484c3e816747a7dadf50c5b7093e79ea9f474497dd053e6e845a29780

C:\Program Files\IDA Freeware 8.4\til\pc\w32dos.til

MD5 c670af6b1aa85ec91d2f3ad00dc5769a
SHA1 be01e6c68c59103a99584f65967e38574fa36f35
SHA256 6fd1573de926ad737231341e805bee87a8c4692be10612b9460266d60b9da213
SHA512 6f977991e75eb84dfc5670329d664b3f3235a32868ac87e2f5b41c0887d4c5e9ccf363c674ac502ad9d52b6c054916bdb773120a5babc4fe40a6f3c3e6bff445

C:\Program Files\IDA Freeware 8.4\clp64.dll

MD5 65807fa497110d0659bf52df1a138036
SHA1 4508a7e1621259550dad6a4f99b72844d54fad80
SHA256 5c5149827d567ad41597921ce6d9ba4bf4b89abd04af1529094ff74c68f7bbc1
SHA512 ba3de631b3e780a0a9ff73701f1cf2a52c4a024fa0f68a2871ba56b38025d56dc14c2cd18ff760c48f4f8068f390bd5fb850b3608fdd17c580b0b59ec53da311

C:\Program Files\IDA Freeware 8.4\ida.hlp

MD5 96f343155005fd34df1a881168f810b0
SHA1 3127bdf37da091580d65e083e1d36da2d9a1212f
SHA256 b8619a56b2684440b2ee6743c6536da04a7ad84199d2f898d41a009d9d76cef1
SHA512 1b7c71e9511856a6c98eb9a02fdff8361f20f440b9b61fdc8a50bc6bb524e3ef27cc3d76b68ce5b5555b14c6537c777bcb4e00ebe950d1fbe5f5822f963230a5

C:\Program Files\IDA Freeware 8.4\ida64.dll

MD5 3dbb5e8e495640fc1806d030efbc40bb
SHA1 70b5df3a6ba6ea7107ccb22da6c9f12fefa45e56
SHA256 56ec1c00d29b4ccc93e26b8ccc1e24a267fcb75d3d684fc94cd50c691ed178b1
SHA512 805d698b644db24e1238e27daa20a2a6f593adb11bf26fa9d722a9a307e832b44677a3461691ad10eca09023fba47e6a6465031c7dad2767d420a1f9ee3e65cd

C:\Program Files\IDA Freeware 8.4\ida64.exe

MD5 952de315a3b1a8d730290a12a20f3e15
SHA1 8e648db75da7574bbe908608e3c36ca10000aa3f
SHA256 f097c381fd0ab539dea496c8874b275731737b289fcd1b3142c8ef89d5355cdd
SHA512 d92428bb9965f77a94c266dd4a1dd4d114d3f4cab97749416779ef844315e04d558d9d0c2e41ef369e597e31912833b108ab904ed49387f60654f936cefb927d

C:\Program Files\IDA Freeware 8.4\libdwarf.dll

MD5 c52f1c57c12424bf36b9a5922653d92f
SHA1 90b6ff23cf50ea271d0e26deb8f32fae0684d00d
SHA256 50df0a2c54670fc0a803035cb4a2b25d422e58cc725ff7aecc4683459df7a696
SHA512 0c7295301d8c155afd23a3d137c62664ceb75e10bb4e2952784f22b02f7cdc79150d8201566d4995b0b4c3eb341a9ff321285011cef703d52877acbac0493013

C:\Program Files\IDA Freeware 8.4\idahelp.chm

MD5 73d7ac4c2a8d2235d9091083fb6bedce
SHA1 4f6e870b6280bd2893c310ad1254c0ea44891221
SHA256 3afa977f16f389b2deaf3da6479c1e002742b11887e38421405c313f47088b17
SHA512 a449e3063cbfbbcec4a8189594691674129a7b4f92e3ce2adead00351ec6d9d1d39a0736b766cd3c7459cb6f26710457c0993867165c005bec97704376c2c8fb

C:\Program Files\IDA Freeware 8.4\ida64.int

MD5 e8dceb9031003f600305d15f05745897
SHA1 61cc634fa24beee3b1edc191e2300f843b24f6b2
SHA256 2fcebd5b2cedb7cb41f96280df1d087c5c74ed1382d37ba0f62e2cd9ec8e84db
SHA512 1b8f9bc0f64db8110f00c03a19e08230e96e74d4555dd900731dda5cce9e24fc7313b9037c675f92e95d75277cf905a1c7d322edb7d5a83dcf5618ac72933448

C:\Program Files\IDA Freeware 8.4\Qt5Core.dll

MD5 af65b981ef1a3223ea6406b3231525aa
SHA1 1f468eb743b2b461155cfd956d3de332920daa6f
SHA256 d9e3a0b5e5a2cd294dfd68c7c1953659626a7ece4a5cf302818d0e0617af6c19
SHA512 9b64290d0070a162fbf43c000693ac1928d7cae543ac42753f640ff840ad9c9cd872afbaaec953a8794b383de7483fb35489c86ae6980a4d188dc3d25dfb645f

C:\Program Files\IDA Freeware 8.4\Qt5Gui.dll

MD5 d4a3c4aa316fa3bb06dbe0418398a130
SHA1 ebe88a4af0d23d1b8c0d9a0b27069404d9d98781
SHA256 02ea8df01224763e7cb71ec50801cf8dddf40b25eb7d52552e71adf7d6ceb529
SHA512 a28441dd1abeae970e2beb74b9b363d274eaffd630ddd1573574c47f5d5b317d870d6efd02a2313e4a1c1c7c8eaee0cbb036e2587a1929391fc1935efe7c0992

C:\Program Files\IDA Freeware 8.4\Qt5Svg.dll

MD5 e32684e01838b69a94136384ec408e0d
SHA1 5245c0fe994ef7a8c34fc9ddaa6464b7aee1e8bc
SHA256 67d8dba0e845a3b331ef50d2d83c210a0f8ad3399e55b2b1b61e7b0fa2d28dae
SHA512 058a90b407a8d15344b45d1560ed69b7baa468bb42944b0a9cfbbd09f89b57c14cd619f47b32a2c00197470425424b202711dbc2745866a644aba2bf40d051c0

C:\Program Files\IDA Freeware 8.4\Qt5PrintSupport.dll

MD5 0071c8b417763bcd06b05a68be8f0cc7
SHA1 3dadbbf5be4799d2ad83bdd3d556178300953216
SHA256 72527a335ce5c52d687b27201a56b5136e1b65fe8101000e3a8dd01c7a9ba077
SHA512 d420005f0807adb69d4582f01e5902181fe4ee61fbab1f10ba300f1f489ea820b6347549c413b064bb3143a74b89f49d3249c2b7a644faa12479b60387d7806c

C:\Program Files\IDA Freeware 8.4\Qt5Widgets.dll

MD5 b6643ebdec3cd874331c8781de2cc731
SHA1 625e49a4b074d8a8548f12be9407f5298fa61e75
SHA256 161bfb0f15b663b48f75b91d93d8bc1f6292c7b71ee3bf43426891d43af22f38
SHA512 60e90a9b2a23ae113d75b2001c4cb641b401e37853af37057e2133fd5d89a65a286864f7a24054d0ecbb83009ae7b82c03da1ab336bea1f97acf04ae4414108c

C:\Program Files\IDA Freeware 8.4\idc\idc.idc

MD5 e0b0b37ae499dc3f390d2ee966c36429
SHA1 d99b73385dd4d29c01735bcd837fd758e65f910a
SHA256 61fe5fbb4499ad3b0ab46279cd63e873c00c1d021ecd63ce657f02d53fa8aba8
SHA512 5973d9d04c1ce84305e3282ded953697bf644e9cc36e5e90b3057bec616856d00073aa51a32a02ec3cd3a430c0a6af550519b845767eae6d0fab2e907125fe74

C:\Program Files\IDA Freeware 8.4\qwingraph.exe

MD5 cc2c84f13a8f3597ab0464accc6c4016
SHA1 d334372315897ae5e0cf4b16bc580b8a0e6d0f4d
SHA256 a7ade5698086c0dc63ce910e8eb324671a5b7182d04827f18781be21b1d6680c
SHA512 7e29ccde3be1312d6cd44f71d06264700e9e231b7ed7b293671cc3b1e231f78e6a30d03b8f7ce423cdeffd7987f478dd860a8e0a90a480b0ca470a9982590f08

C:\Program Files\IDA Freeware 8.4\ids\win7.zip

MD5 217af687cf399699e9e3a46c681513f6
SHA1 50bd304b07afe02f4735c1128c65175bec576ef0
SHA256 7ab3868b91c6d71db3905db13f1f8a93f85af14ef33ecace2fec989e39c6ad51
SHA512 72c5f9a00026c106eddfcd7b0b63961e1a99b301406f2d435ac42aa3c74b50e45ccfba1691dba6d2c5aa655c29b2a061a081f253e0bc36ad7d7c9260a37697e5

C:\Program Files\IDA Freeware 8.4\plugins\pdb64.dll

MD5 946f0445efa866f983d125da119e3886
SHA1 d00939afcd163e3b9e3cbd3c0fb529d3f00dda52
SHA256 8f5b6d32db06a7fe95befa475daff764354f4f35006497206e1f47c5ab472103
SHA512 22a2febbd94a0aecc08e0f224ec10b07bea629a893471246d7da1a62da6377fedb0963df1997426d17fbc900f92066a97543d0732009ef17878ad0d68657d936

C:\Program Files\IDA Freeware 8.4\plugins\hexx64.dll

MD5 7d32d27e23558f7e9190e220a6b10787
SHA1 c9d9a3d71298d543f3e70fe249cc6bdd25d180f8
SHA256 ed3be686f259445fbeaa01b43b7690956fb08ce9a28a943abe2c75b69f283a9d
SHA512 596248c8c099ee191cd9174ff34b394f26c0ce9ef1676ce36803001f6b7f9482e4de9d000e4fd0a56760b35dd3193c4cd3865b1bbfb138a8e7e3e4df9f67e0a7

C:\Program Files\IDA Freeware 8.4\plugins\dwarf64.dll

MD5 50909e736f1eda91490c9e76e22b165d
SHA1 f41b9848ef850b9ffb2b6028a514ab8d29ab985a
SHA256 a7db1b614932913029b4446432929538c46e08abaa6865d1e7e745bb0ba87659
SHA512 78cf7e255141475d96d8cdf6bf871e4567294434c360e6a4581a1f82b8aafc4d530e12a9327bc6dfbf74b1eba83575fad90ea3dbc88218dbb31cd32a1847f59c

C:\Program Files\IDA Freeware 8.4\loaders\macho64.dll

MD5 ff88b998c4ac722cc37dd562db5f54ca
SHA1 d88a9a13f842c08f3e6f6cd2b991b25bf7d44f23
SHA256 8deefacdca596711df448c2a9ec6b5dd3f8e74381e1de7484e4219232437e349
SHA512 e7e8dc9bf852abcf488d8e48e2d91c13b8cc6a768856d1bdab74701ce42b3d46bf193dcc01fa2de2fbb1276eed991441ba8501a4e2fd098534f5f729f7b442ae

C:\Program Files\IDA Freeware 8.4\loaders\elf64.dll

MD5 db65e7735786a9dea756d976ee680f8a
SHA1 955c0d9d5360ad6382b27b3c871efe688da16657
SHA256 1281161a60f180e04a17e63b008db615d533b5322139b964a9944d7d76502d4d
SHA512 8c7cce31bd955b69895d717ba8354ecd861ddfa38c927733971064845bbcee2ed0c44474d7b1b162a3fb12fd7c723d50ce5af44ec20923836dbd73a648a3c6de

C:\Program Files\IDA Freeware 8.4\plugins\platforms\qwindows.dll

MD5 d806c1f1e1ae1f2a4481d15d57035d19
SHA1 bd3b915558020550736946de5c06cb635a706a0c
SHA256 49f621f2e5a8b3907099ec0ecc65f3519a5105b8446d7ac451a0ad7359fb7d22
SHA512 8df43f5da8dbf6961b2f592e2a1fb2b5ee279b44129a6f732e932d00e41eb7ffd083e5013a33860a791a769282011d23e86196e0a85a207b46afe2d7ed07a341

C:\Program Files\IDA Freeware 8.4\procs\pc64.dll

MD5 9928d89f43c343a5be139367b3f0d534
SHA1 d780de8892bdb0dfd6c83c7cbbff50b1ac9392b5
SHA256 2b88e61d8e5a0b1db0e4a97b5566ee56b8fbdaac095b2714d4540b018963d9ba
SHA512 2c63e7cf68b54d8ad5fa5b2f65310cef3b4ab189d285acfa4c74abf547c83e9440e38ee1f9d2d8dd4effada3c7b893e7a283b8f119cc620675482696cfa8d220

C:\Program Files\IDA Freeware 8.4\sig\pc\bcb5rt.sig

MD5 571b3d43ccc68cf427abf4e1718cb834
SHA1 3dbad91dbaa8a09b403da2cc417ba715dd10cb0e
SHA256 9a88fa04d34f6a91f35870996dccd037edf73f6551dea8a00949aa89d1492856
SHA512 82da2706b21a233463d3bfd3cb36345800796af21551616677bb576c1cefcdb798033ffc3ba7776eba41fae27bfd2a3a5fee45985593743ccc53254468e59a73

C:\Program Files\IDA Freeware 8.4\sig\pc\go_std_abi0.sig

MD5 50ce6d57951f39048999521cd2ed8991
SHA1 fb3d7ee1a5effba17b6aaa99abfaa46c33594594
SHA256 bea187d7215bfbc2e78d5dcbcb366711920aed21faa852554768964468ff81f1
SHA512 5987c758026e7f0345cf550dacfe75a4313da360698e7e5d903dc14a31a57eee563c3b1719cbebbce31b57c9c2599b6112e215b385e2d972f716914b6d7939ff

C:\Program Files\IDA Freeware 8.4\sig\pc\vc32mfc.sig

MD5 70a593cf81d143717c21fe75a1869356
SHA1 38de1275c5d744e3a0e1a272f06c1b056ef13169
SHA256 06a42a2809b5bc79e3b1e24e6fc589685023190845b8a6fa42627ca2c37a7d40
SHA512 ec488578fd5a219473b3b6290d40e0abdef1bf0d549979f2c865fc3f850f8fc4e063b7b08e3c1cb41f3c2c98a76acaaecfb2d89a53fb387659a95f4de07be8d5

C:\Program Files\IDA Freeware 8.4\sig\pc\ms64wdk.sig

MD5 8e929dd786b49de3cbbafcda0f1a1450
SHA1 71bf969732c559345be9c6f698cc6d24e7b165d8
SHA256 6ea0b621471d3675d22da42206fd897d6c95af693c6a262376e31b53e93e6356
SHA512 9c2111a07a50c440b13cbbf6f7bb93784c3d845184b3b416fdc4e423b72df1371e91ebee4a769fa91c9926d70e78d4338fbfd28106f9e41ec01f2c73c6d6c876

C:\Program Files\IDA Freeware 8.4\sig\pc\go_std_abiinternal.sig

MD5 b65a2e7d62284fee77a7fbcd65b4e841
SHA1 f3e5d07d7da4c0c24ff601caf161a2f6a04f8df2
SHA256 c05fa9e1fdbd89904ce633efec933892e94776e825ba7a91459df78bc6bafc5e
SHA512 1b1dd242816bc79dda7e03ba1bf638f4ac5459c6244403d9f83a0ebe5068cf9f514add9fffc86245cc5639e2b0762af37d7ee2c8aea762fe6a5625d735f4fabc

C:\Program Files\IDA Freeware 8.4\sig\pc\vc64mfc.sig

MD5 6dfe9afc8e9061040baf0303cf2d3d46
SHA1 95e7ee683f486043f288851bd23f7d59700b5838
SHA256 b49b860347b6800e35a3b7f3252397011635d35ab0e173a68545011900953112
SHA512 2cc35c6bbc49c8af5c454d22c99503db383d470e0a4111f1df382326f016450b77d793a7af3ea5d8c06ca674c4d1eaba8bf72ff7240f6e892b07c92e1761706e

memory/1180-1194-0x0000000000FC0000-0x0000000001293000-memory.dmp

C:\Program Files\IDA Freeware 8.4\til\pc\mssdk.til

MD5 2a76100ee46976a28d19a44564c369c1
SHA1 82ee9e4bd9592f11ada181ce5d495d57de263538
SHA256 7062cc77ba12737c8a4b549e08b1fcb57ee96d0d7614f7ea2b877979cfd3642c
SHA512 6a1eb5e4d0a9a9a7713e8172f14bdad161b04b4f6abbbc79aef3b43e975640094b87fc05ae3996f0bb5689598b51a7978b6d881259c40fefd9953891ca3e2f29

C:\Program Files\IDA Freeware 8.4\til\pc\mssdk64_win7.til

MD5 6b4e2556ce8af514fbeacc75017b6721
SHA1 5ded8e86357cea4146f82e82c638a2d7d75fb535
SHA256 1ca166e142e76da60209871a8554af0565e5fe0e2223435f04136696ed400bd2
SHA512 b02e7201c079ba058890b14733497b8bbadc9d346122d3f5206c27e8391f644453768bdcd37e802972c8ae45571d4c5e384eb536f69f809e329b8da04adb9cab

C:\Program Files\IDA Freeware 8.4\til\pc\mssdk_win7.til

MD5 0b82479898006be3e9eae6bebe9a2149
SHA1 a6ee094f542e27cd59d3d0922d99fff0eacbc565
SHA256 a336f00140d01367a6bf13840dc046ef6310297d4dc348b08bfa3a29064327f3
SHA512 f879e80d405b2c3bc3b8437196278bb54ad3b4abffd0a2dd1abd410f8269c5916d688bf0b0f8a7da8f61294cd25f75cdd28e9f2e084be2d96de191010de4ee62

C:\Program Files\IDA Freeware 8.4\til\pc\ntddk64.til

MD5 e7381ac16348f9f7665797f47c09f2e8
SHA1 b2d8f5033e2033f390a7fe2c955fb8dcf9e67667
SHA256 b6cabb8a1fbba7ee66482d56ad515057f22d57dc36476424b442bed90e7d1720
SHA512 c30c18a9e6eea11f4b5f2088fce01376f7616588f02812f77bd9515d745dede60c76f37553333740a72a7f975086be2beb3ccb09022d4e5e5f2a5763a52a31b5

C:\Program Files\IDA Freeware 8.4\til\pc\vc6win.til

MD5 7d0ab6db8ed3a7e543966d210bb8bfc5
SHA1 e92ae9da4b92673b0711d6deac6fcc9430fbf36a
SHA256 78784ab42882b3428b66c551e1ead875f6ae26d312cab0c42bbfaa4493098af7
SHA512 ea149b7929a60f29bff345ab0f47804d4b60abc45d27b26a701bfcd831fae2b8361b988c10b47361bc7d8cbb84f0f28d410f2a4540920e788ce82c29767af0a7

C:\Program Files\IDA Freeware 8.4\til\pc\vc8amd64.til

MD5 0e16ad7c1eef051ed2dad7b6e52de39d
SHA1 869f42ac094b4414c0c77c7759099f6ddc29dd6a
SHA256 7367b6a4be13bd61039a29af156d7bc4930cce82429fc82e79d878fde91da930
SHA512 a141d8ef39eae8b9bae42e48a52f4101d3183ea8d1798b614262fbc632d8f205e12d349865eb6f4354635b175f018588a7780a572b4e29f5136093414c45bece

memory/1180-1357-0x0000000066C00000-0x0000000066C14000-memory.dmp

C:\Program Files\IDA Freeware 8.4\til\pc\vc10_64.til

MD5 1f79963690f5156877f2cb97137ed7d4
SHA1 6d68db13b6b517c8cbce2411ba9adf5a2a0b45d2
SHA256 45a7262b729f0d72d994f9eac889d0fe8adb3db1d1210919b6a82b7888337910
SHA512 43d0f937dfbeb4df2bd8a9bd287d05071a08c72c61b834bc98d755c954b8d124062468ff22318d42a2f7195e8ece56f174a6e11eef629f90743f405e0077c371

C:\Program Files\IDA Freeware 8.4\til\pc\ntddk.til

MD5 6f54d44cbfaccdd0dfaa3b0bb1f7bcae
SHA1 90f527cca7756b1b5f2dd30166bbe96b596c1873
SHA256 5579bee913c9431c9f4a01fd8bb97c91df3d68baad1be69e3200e61e880ab63e
SHA512 6889aa1c1f0b773b1212969727131361cad7b7721b7c640a41725934da9746d13cb64715e8c40f5852ddaa86f83688c0846e010442fedb756288a051ef38a7b0

C:\Program Files\IDA Freeware 8.4\til\pc\ntapi64_win7.til

MD5 89a256a3132bfe81f787185e6aad0266
SHA1 c0782b4583b5219c0451d0653e5275ca9fd5ddfd
SHA256 0ca660bc68815fdde6d704d134c476345be5140c8ca6563fc1c2aaf351a83d3a
SHA512 e521816f4c678ad1781a0010d2922e34b57d1510f9570fb57740b47a962b21340d42dab32ef643239c18fdc85e31d3f911fcb0d66cb2df5143008382cda93c65

C:\Program Files\IDA Freeware 8.4\til\pc\ntapi_win7.til

MD5 8e91154d1e168ee0951e0efc7700aca1
SHA1 e21a16637e0d31c4c40121beb531930e2ccfb29b
SHA256 c77ba2060c537d048a9b852c611c4bb7b3ea50b905248d0514417e2f0bb82fef
SHA512 abe0f68acd8cce707a56fe9dfdd2623e4bfd0debb53f850c968d34250f617cfd461a6eac5990e14881d01514886cf1081aafb8fd508fb909af055189259c90de

C:\Program Files\IDA Freeware 8.4\til\pc\bcb5win.til

MD5 b6555c2acaeb0cc9181c33221038a37f
SHA1 225158997869ade3d1bd72def0617ae6739c50a6
SHA256 e0e5d36346d2e31f9cf19681a6fee41fe7953898fc2055264dcb74d6f0887eb7
SHA512 17f98b1e4988d11e8f4a3fe1e2295b0cc0132e23202ac85c4bede526e63b57affec3f2a63f5b40ecf85fd9cf78979ec5a887cb3e6cb1671c930f3e35d2226063

C:\Program Files\IDA Freeware 8.4\til\macosx64.til

MD5 e1d68f757af176cd69a3fd1fd6808baf
SHA1 541d224f35e01ba372dfe0ada68e3610091e92c3
SHA256 a301d8bf8406857f5a6406e3738ba36367d1c720b7beeb87786dedf5ef602596
SHA512 aceb7f72c5a015a887d19bad7d27df35f7222ffcf2eec564d6ed7fa215246854a9f026d69bcbb46f38831b7e05f95203a091e0dabea09b0a283e2027c540eaea

C:\Program Files\IDA Freeware 8.4\til\gnuunx64.til

MD5 f11e6d89664e9e95c1e8117e092c415e
SHA1 0b4c89cd427fe166855b5b893cc44ac7abb1fd6e
SHA256 b01bfd7226efc80ef711ad57137f89a8a7adc4ff14acea9709c5aaaf9bb6a7bf
SHA512 f06ba3510135ab1f51b40f3155fd50c5e087d44c397664b6268dfd7bbae4fea15d347e89d80e4cff81fdd4e55c991352c9b572b8ccc40f16eb18e1a9f88b362b

C:\Program Files\IDA Freeware 8.4\sig\pc\vc64_14.sig

MD5 bcf87bad343481765668a5c18ad26851
SHA1 8d1e1a1d2949873d8b00214f6693ea83fc856017
SHA256 d12ed9165120fea1fa6c7fb7d5000f681ddf72d20d9f5267a68214218b17038b
SHA512 1a24087bdf2ecb9d0e067ce76f14cb030aa6058935e337d4faf6b1f09b09aafa2b55f5c6121a109bc689c3bc8c4480d487ceb3687ab70b5d34e7c61b300ae2ea

C:\Program Files\IDA Freeware 8.4\sig\pc\vc64ucrt.sig

MD5 652fe6563451a19a8272cd80170cb83b
SHA1 f2c6eaa8601ed6531d6b41aa03e805bac5c4d683
SHA256 ea23153132d9d78aa8a5766eaabc027bb9aee8c8f3d8f57e9411229c5c232649
SHA512 1e9844c640256fa11c0ebcf07fa75a4a0bf7548e8e1129df12e9d2dbf03a0445c29deaa5248e988ccb3044116d3efa97a443abf691963b62609e4b0bd85d5b8f

C:\Program Files\IDA Freeware 8.4\sig\pc\vc64rtf.sig

MD5 b33f23e6a0d530acb93ddba3ede74cc1
SHA1 7ea898b3f26a905b60da9071898d6e1af9c93901
SHA256 e40da366fec56742d80b606b57a37dac66f70326381a6185bfbda2a162290ddc
SHA512 b86ef3db13c906e4fa78d19560e973198925818b507144530b623da9380bc8eada79a3c9b97d941ee66f6fc6771b14de330430f9d3ac5e69447f6b831888f253

C:\Program Files\IDA Freeware 8.4\sig\pc\vc32rtf.sig

MD5 d809eec564ab0abfc77c421dbefe84ab
SHA1 8b96b296f82ae8ab238391f947fe1234ad4f2717
SHA256 af4854783e9805d3ffcdd77527d1f88f11a43df4435d48a23a7452c26d91fe27
SHA512 3187c8d61fc7f8ad930aea13d1c7271e9d37a2d1e372087df032e6b30d24ab4363091b335bd0810214b40b5c5b68f9c0c5770641c05547f46b85d09c5d7c1a62

memory/1180-1359-0x0000000000FC0000-0x0000000001293000-memory.dmp

C:\Program Files\IDA Freeware 8.4\uninstbr.000

MD5 1103640a2963f0b7b9cb5e2690025558
SHA1 324fee43f236679dc66373b3ebbaf353e5882280
SHA256 4efad6573c23f222c4317b8b809f96e4dd26689e3be77d0387fb1c6e1fe55470
SHA512 5fa2c29b11b51da46f626a9225950caa59d5653dbc7344d6203eb120192c48a55bb33cccfcee34dfdbfce84d57c616cb254031af014cf217a9fcb77c9c2f5393

C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRF9AC.tmp

MD5 a6f7a08b0676f0564a51b5c47973e635
SHA1 d56f5f9e2580b81717317da6582da9d379426d5b
SHA256 5dd27e845af9333ad7b907a37ab3d239b75be6ccc1f51ef4b21e59b037ce778c
SHA512 1101813034db327af1c16d069a4dfa91ab97ee8188f9ed1a6da9d25558866e7e9af59102e58127e64441d3e4a768b2ad788fd0e5a16db994a14637bfbade2954

memory/1180-1433-0x0000000000FC0000-0x0000000001293000-memory.dmp

memory/1180-1435-0x0000000066680000-0x000000006668E000-memory.dmp

memory/1180-1434-0x0000000075580000-0x000000007558E000-memory.dmp

memory/1180-1437-0x0000000067C80000-0x0000000067D0C000-memory.dmp

memory/1180-1436-0x00000000710C0000-0x00000000710DF000-memory.dmp

memory/1180-1438-0x0000000075240000-0x000000007524B000-memory.dmp

memory/1180-1439-0x0000000066C40000-0x0000000066C4B000-memory.dmp

memory/1180-1440-0x0000000066C00000-0x0000000066C14000-memory.dmp

memory/1180-1441-0x0000000067E00000-0x0000000067E1B000-memory.dmp

C:\Program Files\IDA Freeware 8.4\ida64.exe

MD5 cbfb49db16ef270f210c6d940cc19f36
SHA1 d08586d526ee3a006f6053568b2dc3a0464f9182
SHA256 78f1856ec1595ea687a102ece7cef166b674e47cda9dafce3d5b23bd1e99eef9
SHA512 7568fe9efc4ddd626bd2a2a7776243d66c424b0b91414d3595c1bc999a9466217c22063fe4b715c874e847caf59912525aceefad904f0234236739cd6fe52438

C:\Program Files\IDA Freeware 8.4\ida64.exe

MD5 aa9e181ed3050218018b66aac4520f61
SHA1 0848298bca9c8fdccda72e46bd248b25e8e3185a
SHA256 39bfe76cc1d10f3e5f07e0e05e15dec96843049af41e73dffbb6b4ddc2940c27
SHA512 36eeb86b52c56ce8f6171b54925b7403c683e7687dec2c80e599ccdcb3478fd6f3ac7a810064ee409634c45d00291c4d27892fa59c6be139ecefc30ccd38a686

C:\Program Files\IDA Freeware 8.4\Qt5Gui.dll

MD5 ca5c94d52bffc3abe768e788a72e9314
SHA1 423bbbde2ca477f2a9c22d100af048556b55e486
SHA256 445c39af2a647b4318d8a796d73d774b787d28131043b5cbfc58c09e56e0ce6d
SHA512 f14d1742eb4ff21cd1f3b4e809590f7d668892a76a12ed03868106aa4366127eab45e84e65bb0f33dd32373e2dc74b8878ae3bd2b67131b303dfa7980bca0500

memory/3792-1452-0x00007FF6E4C90000-0x00007FF6E5100000-memory.dmp

C:\Program Files\IDA Freeware 8.4\Qt5Gui.dll

MD5 94caca3a996b51f0cafbe0083d8c0a4a
SHA1 43452678f6f0abc02816ab16961c55b199710768
SHA256 31c79a8ebbfcd5c20ec19ede957fd2e7285acb977afef84b6d42de0cf78a6ae8
SHA512 fc92d069c158eb9984138540e1be5d0fa84c105109301ad11858e9e1e144b7b5ad3cf7912f66c04a59b3bb442cc60bf6c4f9dea0ee67ab93aff7077ed5620f8f

C:\Program Files\IDA Freeware 8.4\Qt5Widgets.dll

MD5 6f3c7a55ca7e5024fd49799d0740f118
SHA1 3c050684c12319880d7c195c29b5e675ac61514c
SHA256 4e80b5b60f8b8543c6cd1f3769030c1a365016c40f78e9311defe562f135f275
SHA512 68ee0d599c2f51edf0918db9851c0fda63fd252cc737297f1d82a9ef32d675b21b6696d3330ac962dcf48ecd040bb2296c4427fab7b4b19f72e99ee16dcc006a

C:\Program Files\IDA Freeware 8.4\Qt5Widgets.dll

MD5 e6873b3413da20e47b7b82c7bb205024
SHA1 1d4184635cbd44f19b3104461ea6372a3e9eed23
SHA256 a67564b5247ca3a0b178145b24b5b7bf23f0bb5ce62aa5904dc3b5ac4f7b990b
SHA512 3b907bcf600106f227bdc7aa1dcdae0b5fd9f56b13446e9b87ed2c3c721cccb29d6c643744854f172c85fe84b398e955de3c92df2449196075f09589e0c1d4f6

memory/3792-1453-0x00007FF9BDD50000-0x00007FF9BE2A8000-memory.dmp

memory/3792-1454-0x00007FF6E4C90000-0x00007FF6E5100000-memory.dmp

memory/3792-1455-0x000001F6C20F0000-0x000001F6C2100000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7202f1758f550ab75e25f1fbddb7f494
SHA1 73134d1f8e2bd8ec7200cf1e89421c6f428b577b
SHA256 dd5c6b10d6f2f0ba38f1b48d4a994db2691889479e0bcfd514d397ccaa6cd5f7
SHA512 9e8e6e563423e699321a9c3e5ea225edba0db206ee7beff37350d1688c7b8942502c3922dd1c3e42ff4cb22d14fc42d47b94314083b060166e2eafa2aa2bef73

memory/3792-1487-0x000001F6C20F0000-0x000001F6C2100000-memory.dmp

C:\Users\Admin\Downloads\WannaCry.EXE.id0

MD5 586cb6bf13ad05c7667e71b626fc7b68
SHA1 7e153c34285f3f2da429180d63d4e52cde924d2d
SHA256 590c47de8260264861741e7d1d459c0ebd43fb23c9a2328c40f701d29aeedf5e
SHA512 5b66909f5ba2757ccb7dbf96702e697acfd0fca2ba5a2df576fe350325f313d8aa5d967861d4e4af52c5877329b665243ee680a285f5eda33d685578f6e5bd7b

C:\Users\Admin\Desktop\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

memory/3420-1553-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\Desktop\@[email protected]

MD5 7a2726bb6e6a79fb1d092b7f2b688af0
SHA1 b3effadce8b76aee8cd6ce2eccbb8701797468a2
SHA256 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5
SHA512 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

C:\@[email protected]

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

MD5 1c980549a1684d50494e3813965efc63
SHA1 6282a474ae8672967fc3d271fa7fc6c33659a78e
SHA256 3fa6dd3cf4033fd155300b5e5017239f105103fc0afe74e45c4b9162c04b316e
SHA512 97241ebe20372d0506000db6d8f4d1ee1a560f4dd143d03d499065525422387aba10527946050bf1c759132a745936b898cbdd29730e61c0c0c5f4ab72722910

memory/5892-2884-0x0000020A757D0000-0x0000020A757D1000-memory.dmp

memory/5892-2885-0x0000020A757D0000-0x0000020A757D1000-memory.dmp

memory/5892-2886-0x0000020A757D0000-0x0000020A757D1000-memory.dmp

memory/5892-2890-0x0000020A757D0000-0x0000020A757D1000-memory.dmp

memory/5892-2891-0x0000020A757D0000-0x0000020A757D1000-memory.dmp

memory/5892-2892-0x0000020A757D0000-0x0000020A757D1000-memory.dmp

memory/5892-2893-0x0000020A757D0000-0x0000020A757D1000-memory.dmp

memory/5892-2895-0x0000020A757D0000-0x0000020A757D1000-memory.dmp

memory/5892-2894-0x0000020A757D0000-0x0000020A757D1000-memory.dmp

memory/5892-2896-0x0000020A757D0000-0x0000020A757D1000-memory.dmp

C:\Users\Default\Desktop\@[email protected]

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\Desktop\TaskData\Tor\tor.exe

MD5 fe7eb54691ad6e6af77f8a9a0b6de26d
SHA1 53912d33bec3375153b7e4e68b78d66dab62671a
SHA256 e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA512 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

memory/2364-2953-0x00000000741F0000-0x0000000074272000-memory.dmp

memory/2364-2956-0x0000000073E80000-0x000000007409C000-memory.dmp

memory/2364-2958-0x00000000002D0000-0x00000000005CE000-memory.dmp

memory/2364-2959-0x0000000074160000-0x00000000741E2000-memory.dmp

memory/2364-2972-0x0000000074130000-0x0000000074152000-memory.dmp

memory/2364-3006-0x00000000741F0000-0x0000000074272000-memory.dmp

memory/2364-3007-0x0000000073E80000-0x000000007409C000-memory.dmp

memory/2364-3008-0x00000000002D0000-0x00000000005CE000-memory.dmp

memory/2364-3009-0x0000000074160000-0x00000000741E2000-memory.dmp