Analysis Overview
Threat Level: Known bad
The file http://youtube.com was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Modifies Windows Firewall
Downloads MZ/PE file
Sets file execution options in registry
Modifies file permissions
Loads dropped DLL
Executes dropped EXE
Drops startup file
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Sets desktop wallpaper using registry
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Modifies Internet Explorer settings
Uses Volume Shadow Copy service COM API
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Modifies registry key
Views/modifies file attributes
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-24 19:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-24 19:35
Reported
2024-03-24 19:43
Platform
win10v2004-20240226-en
Max time kernel
488s
Max time network
494s
Command Line
Signatures
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\netsh.exe | N/A |
Sets file execution options in registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat64.exe | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat64.exe\CWDIllegalInDllSearch = "4294967295" | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida64.exe\MitigationOptions = "256" | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat64.exe\MitigationOptions = "256" | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida64.exe\DisableExceptionChainValidation = "0" | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idat64.exe\DisableExceptionChainValidation = "0" | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida64.exe | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ida64.exe\CWDIllegalInDllSearch = "4294967295" | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD25A8.tmp | C:\Users\Admin\Desktop\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD25CE.tmp | C:\Users\Admin\Desktop\WannaCry.EXE | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\taskdl.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\akgdoowspmymzqz517 = "\"C:\\Users\\Admin\\Desktop\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Desktop\WannaCry.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Desktop\@[email protected] | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\IDA Freeware 8.4\til\pc\bcb5win.til | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\sig\pc\win64unx.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\ida64.int | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc2.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\til\pc\mssdk.til | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\sig\pc\go_std_abi0.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\til\gnuunx64.til | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\qwingraph.exe | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\sig\pc\go_std_abi0.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\qt.conf | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\sig\pc\vcseh.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\plugins\win32_user64.dll | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\themes\_base\theme.css | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\plugins\imageformats\qsvg.dll | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\Qt5Svg.dll | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc64u.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\libdwarf.dll | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\libdwarf.dll | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\sig\pc\vc64_14.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\til\pc\ntapi64_win7.til | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\sig\pc\vc32mfce.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\idc\bds.idc | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\themes\dark\icons\expand.png | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\cfg\idagui.cfg | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\til\pc\vc10.til | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\ida64.exe | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\sig\pc\vc32mfc.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\til\macosx64.til | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\til\pc\vc6win.til | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\picture_decoder.exe | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc2d.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\Qt5Gui.dll | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc64.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\sig\pc\pe.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\sig\pc\vc32rtf.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\plugins\styles\qwindowsvistastyle.dll | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\sig\pc\elf64.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\Uninstall IDA Freeware 8.4.lnk | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\tclA72E.tmp | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\plugins\eh_parse64.dll | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\sig\pc\elf64.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\plugins\iconengines\qsvgicon.dll | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\til\pc\bc31.til | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\til\pc\w16dos.til | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\uninstall.exe | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\til\objc64.til | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\sig\pc\iclapp64.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\sig\pc\pe64.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\ida.hlp | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\til\pc\bcb5win.til | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\til\pc\mssdk64_win7.til | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\plugins\tds64.dll | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\sig\pc\mssdk64.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\til\pc\w32dos.til | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\idahelp.chm | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\idc\idc.idc | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\sig\pc\bcb5rt.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\cfg\exceptions.cfg | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\cfg\hexrays.cfg | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\themes\darcula\theme.css | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\themes\default\theme.css | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\ids\idsnames | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File created | C:\Program Files\IDA Freeware 8.4\sig\pc\vc64mfc.sig | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| File opened for modification | C:\Program Files\IDA Freeware 8.4\til\macosx64.til | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64\shell\open\command\ = "\"C:\\Program Files\\IDA Freeware 8.4\\ida64.exe\" \"%1\"" | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.i64\ = "IDApro.Database64" | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File\DefaultIcon\ = "C:\\Program Files\\IDA Freeware 8.4\\wingraph32.exe,0" | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = 00000000ffffffff | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\NodeSlot = "4" | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByDirection = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File\DefaultIcon | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64 | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems." | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\IconSize = "48" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 00000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{D674391B-52D9-4E07-834E-67C98610F39D} | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption." | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials." | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WinGraph.File\shell\open\command | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDApro.Database64\DefaultIcon\ = "C:\\Program Files\\IDA Freeware 8.4\\ida64.exe,0" | C:\Users\Admin\Downloads\idafree84_windows.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\MRUListEx = 00000000ffffffff | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Rev = "0" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0 = 1e007180000000000000000000006abe817b2bce7646a29eeb907a5126c50000 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{D674391B-52D9-4E07-834E-67C98610F39D}\IconSize = "16" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0 | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic" | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer." | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "6" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer." | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "2" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0 = 8c003100000000007858d69c110050524f4752417e310000740009000400efbe874fdb497858d69c2e0000003f0000000000010000000000000000004a0000000000a431e400500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts" | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 | C:\Windows\explorer.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\IDA Freeware 8.4\ida64.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d13046f8,0x7ff9d1304708,0x7ff9d1304718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9d13046f8,0x7ff9d1304708,0x7ff9d1304718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17142316116035410806,5192612307888071038,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,17142316116035410806,5192612307888071038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,18191900203768769283,1302812036968555164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7720 /prefetch:8
C:\Users\Admin\Downloads\idafree84_windows.exe
"C:\Users\Admin\Downloads\idafree84_windows.exe"
C:\Windows\SYSTEM32\netsh.exe
C:\Windows\SYSTEM32\netsh.exe advfirewall firewall show rule "name=\"IDA" Freeware\"
C:\Windows\SYSTEM32\netsh.exe
C:\Windows\SYSTEM32\netsh.exe advfirewall firewall add rule "name=\"IDA" Freeware\" "dir=in" "action=allow" "program=\"C:\Program" Files\IDA Freeware 8.4\ida64.exe\"
C:\Program Files\IDA Freeware 8.4\ida64.exe
"C:\Program Files\IDA Freeware 8.4\ida64.exe"
C:\Users\Admin\Desktop\WannaCry.EXE
"C:\Users\Admin\Desktop\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 111741711309228.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Users\Admin\Desktop\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "akgdoowspmymzqz517" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "akgdoowspmymzqz517" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Public\Desktop\@[email protected]"
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Public\Desktop\@[email protected]"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.187.238:80 | youtube.com | tcp |
| GB | 142.250.187.238:80 | youtube.com | tcp |
| GB | 142.250.187.238:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 178.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr3---sn-5hnekn7k.googlevideo.com | udp |
| NL | 209.85.226.72:443 | rr3---sn-5hnekn7k.googlevideo.com | tcp |
| NL | 209.85.226.72:443 | rr3---sn-5hnekn7k.googlevideo.com | tcp |
| NL | 209.85.226.72:443 | rr3---sn-5hnekn7k.googlevideo.com | tcp |
| NL | 209.85.226.72:443 | rr3---sn-5hnekn7k.googlevideo.com | tcp |
| NL | 209.85.226.72:443 | rr3---sn-5hnekn7k.googlevideo.com | tcp |
| NL | 209.85.226.72:443 | rr3---sn-5hnekn7k.googlevideo.com | tcp |
| NL | 209.85.226.72:443 | rr3---sn-5hnekn7k.googlevideo.com | tcp |
| GB | 92.123.128.174:443 | www.bing.com | tcp |
| GB | 92.123.128.174:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.226.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.154:443 | r.bing.com | tcp |
| GB | 92.123.128.154:443 | r.bing.com | tcp |
| GB | 92.123.128.143:443 | th.bing.com | tcp |
| GB | 92.123.128.143:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.178.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 88.221.135.105:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.135.221.88.in-addr.arpa | udp |
| GB | 88.221.135.105:443 | aefd.nelreports.net | udp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| GB | 92.123.128.143:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | hex-rays.com | udp |
| NL | 85.17.15.247:443 | hex-rays.com | tcp |
| NL | 85.17.15.247:443 | hex-rays.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| NL | 85.17.15.247:443 | hex-rays.com | tcp |
| NL | 85.17.15.247:443 | hex-rays.com | tcp |
| NL | 85.17.15.247:443 | hex-rays.com | tcp |
| NL | 85.17.15.247:443 | hex-rays.com | tcp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| GB | 88.221.134.115:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.206.154:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.36.181:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| US | 8.8.8.8:53 | 247.15.17.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.36.239.216.in-addr.arpa | udp |
| GB | 88.221.134.122:443 | p.typekit.net | tcp |
| US | 8.8.8.8:53 | 154.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.134.221.88.in-addr.arpa | udp |
| GB | 88.221.134.115:443 | use.typekit.net | tcp |
| NL | 85.17.15.247:443 | hex-rays.com | tcp |
| US | 216.239.36.181:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | 205.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | out7.hex-rays.com | udp |
| NL | 95.211.2.228:443 | out7.hex-rays.com | tcp |
| NL | 95.211.2.228:443 | out7.hex-rays.com | tcp |
| US | 8.8.8.8:53 | 228.2.211.95.in-addr.arpa | udp |
| GB | 88.221.135.105:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 216.239.36.181:443 | analytics.google.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| CH | 46.28.207.141:443 | tcp | |
| US | 128.31.0.39:9101 | tcp | |
| N/A | 127.0.0.1:54902 | tcp | |
| FR | 164.132.77.175:9001 | tcp | |
| CA | 167.114.35.28:9001 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| CH | 46.28.207.19:443 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| US | 8.8.8.8:53 | 244.244.23.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.207.28.46.in-addr.arpa | udp |
| DE | 131.188.40.189:443 | tcp | |
| US | 66.179.251.201:443 | tcp | |
| US | 8.8.8.8:53 | 201.251.179.66.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1e3dc6a82a2cb341f7c9feeaf53f466f |
| SHA1 | 915decb72e1f86e14114f14ac9bfd9ba198fdfce |
| SHA256 | a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c |
| SHA512 | 0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a |
\??\pipe\LOCAL\crashpad_3924_OCFSDCVPUGJZYBYD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e6e18e9e255df30302b18983af487aae |
| SHA1 | 41f8bdf11d91fe0770af19e6d9a5e084b2b6cb4d |
| SHA256 | db5ec26a5f716db9103149e32d7433eb325dddd51f551a8cc2307e3929c5c34c |
| SHA512 | 5912611dd82526599c4d5eda627350a6236d25a8e96c2d7f0d9bf78ffa6e8c49d9131ff248a389a00188d21c9ce5ba15a14757c5ce93ed24ec8c51d592f21c7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f506186ebc16b7b077e1a1b49c4354b3 |
| SHA1 | 6b43b8da5e3b2376f0de679d76db7154e6fd10dd |
| SHA256 | 4fe923e20f99cb5898a9d1b9fd6f159b1723aac28deb7072e2bcc44e291eee07 |
| SHA512 | 0208de32e53afd57d453a18df352fde76601e619a6c801a49d1df04a4bce79719202258e7af4266a953e89982bd8c7aef05f9dae8ddd8792163d0c5282132e57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bb12.TMP
| MD5 | cf36421d44c7bc9ed90ae2f824449892 |
| SHA1 | 5d2621110af17f81f0be217a26abeca537615ce7 |
| SHA256 | 9ca7606dd1c56bb579c2aa7433e56f47353e8890591f77dd0c30cd17568aa8c7 |
| SHA512 | b84d746f4a4240967e1165d6d9c1c22c79df785772002a2babc70708be44c47c95c0db9aca03af0a827d45a00707654cb4e12b1885b818e9d0f98f0efe66d3f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | a127a49f49671771565e01d883a5e4fa |
| SHA1 | 09ec098e238b34c09406628c6bee1b81472fc003 |
| SHA256 | 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6 |
| SHA512 | 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 02214b097305a8302b21e630fa201576 |
| SHA1 | 90c2a31521803b73e847f7a3e0cfceec84df9fa5 |
| SHA256 | 1d98076cfae6a0a8f0b0b1c654270b900de83e633cc01d98ef63e6a8e485a3f4 |
| SHA512 | 553c81eb51880f83b9918aef766ff0f41170895b1cda2589f0b69c3d1362de8e8decf14a413f6b5df1fb7ce07fc939211407b29046188b37c290133c9d5e1cd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 805392659850fdfa60226fd42ef81971 |
| SHA1 | 10470407571d6def6de4f96c9a2b0c3f7a47cb18 |
| SHA256 | 45ae0c1890c434bc0cb4cf2cba10a8dfcd7dcff7a40f653bece6f2c9f02da195 |
| SHA512 | f9ac02dd1b2448af61ada309de1cfd8d3c18e2d726b188c4d0ef088d2566256cfcab2b613357f3156c3d2d6d3763d7e70e95ecd61127d1e7ff8749a1b71b5023 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 173b04c98fc8511bfb2d73b5fbe09ba2 |
| SHA1 | c5c0d19dcc9dae25ad3c00c2edbef880d3c90cc9 |
| SHA256 | acc9250932acbce7060d92b828cca6029d80070aa9e5ce81d6e99a917b564b9e |
| SHA512 | b823770501dbd53b24d969bf20f3765689497133f578047331e9b5dbdeb68ad89d77acd0a2fe0fc58e1a8867c2b100593a956f8db9eb6a0cbbba3e243e6203ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2071e38069fbbe349e7109602e0c5691 |
| SHA1 | b5ca7e06651b98f67b5002ea9749b8cb607c2982 |
| SHA256 | aca965ab0de701030706393eb8a033cf66d383e47e8c6bdef7a24df9c1daf3de |
| SHA512 | 4df9fc0ce82a8b12f25d543879854d7a16067f79766a682e39b97cca1a5fb979367f5921c20ab709399383c1becef4f4b6009f2a0d6e029632de405b9c4d3755 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | bc9faa8bb6aae687766b2db2e055a494 |
| SHA1 | 34b2395d1b6908afcd60f92cdd8e7153939191e4 |
| SHA256 | 4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed |
| SHA512 | 621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d512354f015dda818c079a954745dfd7 |
| SHA1 | 1449ec216992d5f80cd769e5c4eedcba44ff1d0e |
| SHA256 | 67298afb53f76f6a138cc04ca72a8234d4a9c11c3e96b72b3af4a120db7e86a1 |
| SHA512 | 65fbd026e8f09bd6bddf925c685773f233ad8b18930de7f76e71f0ecc697f2717ae2e76a00959c793c5754fde9174b940c998799235993872b13ef209d429b1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e56e99ddf600ffba7953482753d77dd4 |
| SHA1 | 53e010675e2ebceecf7cc9f65fcff50af17bb9e3 |
| SHA256 | c7215021b6f6877f4b2ea000f07934139d9962bf39700fa78a71446b71aebee3 |
| SHA512 | 07e0179b2198dbb1d686ce11d86990d83c3caff94cab6730c090c0fe144d9eafc8d248629c026b060c7ddd91ce0dfadd433a28d4274ab31c0c29dd5ae5c2169a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 13d80070357471541e0223a080d4a404 |
| SHA1 | c0f2af214621b31b7fce5b82778802c59526621b |
| SHA256 | ffc24a1804fb1f50d1b87b34f3badd58b5adb1562eb94b988c5381e62f9bcddc |
| SHA512 | 1913ed73e2e6e053cde00abbdc81f0129d7948d243a12a3df933f2c1755711ce98a00370b2fa71658a78e31f8dff3f9c1d4f8baa852fbbdd5b9ece4e3d03d7e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 312d0d2d6f2fa23662f332247b4c2312 |
| SHA1 | 295094e92446d523b9554d190a28f43ccde49df8 |
| SHA256 | 0d26e1bf80bf6582ae87c4c20bd6253a64a3042b105c066e893cfc210f113c60 |
| SHA512 | def3825553b9362eeaf066382ab2787d88060009dfcb9bee280f1d5c738d8cfaa83958555adb9ee060f0f7bdddec6fb3d30ca5aee1bc3b5b4332be3757f0f293 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 478a8eb2524b322629223857cab04184 |
| SHA1 | 383c9ca5bd7f0340809af015a5947fa3a8ba9ba0 |
| SHA256 | 2d931132beb3a15f992d8f4b0c0e648e13391e18f58925daf9163933f04dc7b7 |
| SHA512 | 189e8d1aaee1af045ad237568292a4d68e79d0af927fbe54fb8828130fc61ae7e3299131909279b0df933b96093471cda829acac5da740d29bc9bf949078d869 |
C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRF7C4.tmp
| MD5 | 99b50db8d177a51b7077084bb75673b5 |
| SHA1 | ff68863631241c2159cecdd03f5101e628b25bf7 |
| SHA256 | 09db806002dd23cf97d5b8057a792fc90d11fe5c595f63f92f5c4494b33cbc6f |
| SHA512 | fc5b6d06f95fedfbd929ecb2ed5f86cd0fd797140b54be29b23c8096925c3025504d0613f85ea4c2f0e459b8cd59dba22395c8348801a332d6595bd83d87d4e0 |
C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRF871.tmp
| MD5 | 122a3741699fb5c0950273245c9dea15 |
| SHA1 | 811f9149e3310a8e6521da156f92f3aaab012145 |
| SHA256 | f675eba3b22e0a2238ec4961d99de3bacca0ab553ab26eecb49800a12a9371ab |
| SHA512 | 567c480f70fdc78769ae45bf83b6632f7ab380ebeb00689028d39ff03840c8b778149a3fafe1dab2ac77a1fd17a23b09f58774b1c5e791bfd33b99528225eccc |
C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRF95C.tmp
| MD5 | 08ad4cd2a940379f1dcdbdb9884a1375 |
| SHA1 | c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac |
| SHA256 | 78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8 |
| SHA512 | f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a |
C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRF98C.tmp
| MD5 | 2f427b95ab4d18e83f89a001c6b861ad |
| SHA1 | 56d10658f71f102961ebc334d277728025d01cdf |
| SHA256 | 00ec351fd1e77bcb5bf452b9e8dc5b386c65d74d02815b0adebb70fb57db5416 |
| SHA512 | ebe0b9ca89c2ac2e70d23043b495a21d5c29b5e22ee458641119b7394ac307ae50cc2f636fc409ddbb2039361547106961dabcae0c123055c315f8f900074d97 |
C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRF9AC.tmp
| MD5 | 244b008f537c6cd46e5966239509f5eb |
| SHA1 | 0e7aed119aade535838f4f78cd2be2b3927eb6f1 |
| SHA256 | 267b3751600d37b686619a06f83ae1e643f6a9d05892fe41ff18a04fca4aa8cb |
| SHA512 | e48efcdb3f8efc4558ef7585d7a830ff48bfab5a9a72a02a6435909d550b7a5c1b2a2948a19a18473e0ce97f561f75e3e067d5ba4209125af1f0e305ce8931d7 |
C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRF9DC.tmp
| MD5 | c04970b55bcf614f24ca75b1de641ae2 |
| SHA1 | 52b182caef513ed1c36f28eb45cedb257fa8ce40 |
| SHA256 | 5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80 |
| SHA512 | a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40 |
C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRFA1C.tmp
| MD5 | 77fe66d74901495f4b41a5918acd02ff |
| SHA1 | ce5bbd53152cd5b03df8bcc232a1aea36a012764 |
| SHA256 | b017168c69ef40115141813e47122391602e1af28af342c56495b09f1c3c7522 |
| SHA512 | cc6e323d0076577a0a04dbe2c33d90dc616cb5ec3637d3df67cbf169766ca2e6de567fcff4f32938fd6118d98e4796642a3010b7264f0ae247fa8f0fe079bd70 |
C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRFBD2.tmp
| MD5 | d74aadd701bfacc474c431acab7b9265 |
| SHA1 | 8a2b424d1f949430ddc1faddee3e9ccb79c95de2 |
| SHA256 | f1029f5cca3dabfeffe2c9db6ad84a9ff0f64f5b2fb85cb6ab348740f756e07d |
| SHA512 | 0ef85e311fb4843997fd5f87f0a2eec9715e26eae76bfb7bb701d8c043720aeaf7f4825d25187bf35e0a9f00def15ed071120128805445f1330c07c3e0ea5ced |
C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRFF5D.tmp
| MD5 | 924b90c3d9e645dfad53f61ea4e91942 |
| SHA1 | 65d397199ff191e5078095036e49f08376f9ae4e |
| SHA256 | 41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322 |
| SHA512 | 76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9 |
C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRFF6E.tmp
| MD5 | 78de24eb7826b1338849ff0348a7e82b |
| SHA1 | 03080b8f1c9a7a46951d35f8623ed39c4ba4f722 |
| SHA256 | 5101c472779b552f3ce044bc2542f726068d914c0d396c8dc1d99ec1aab80767 |
| SHA512 | f24ec06717cfbe0d2fcc4ce591b6b5161183c8f62a2db0a43512c676fa1345ddab397f7db6f612c4587ab431274d56bba58c71943afbf60276e45d404429ff64 |
C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRFFBD.tmp
| MD5 | 4cf27e0747e5719a5478aa2624f6b996 |
| SHA1 | 13df901e34f77e5ea11f36c0afedda7f86a2c003 |
| SHA256 | e69a9d06f2c17cc021ebf9b62ca110548facdc147b67dea4846e09865043d2d9 |
| SHA512 | 4b0ddcbd7321128f977e1dbbe18cc76c7e489d4ee84b7775989e99778b5a60daa683c6063c5b700794b7f2070ae381fef20b19b3cb35c1babef9be79ff264941 |
C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRFFBE.tmp
| MD5 | 124e89d0fcc409ede3595a253b788708 |
| SHA1 | bc88e037c3edea02dd20aeff10818105be9f4033 |
| SHA256 | 27ea1b57a3024aec4a03188e80fdb2aa301fa5179c19be9c8b0dfc2aac73a114 |
| SHA512 | 7cd0ca268a5dbd2aa22dbce1f253a2d067ca30c5195e059c3f431d546a20d1811592f8bd8fe88b6ad9cb5c6fdd6a4666ff451b84a5e790a9d5058865d48790b1 |
C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRFFCF.tmp
| MD5 | 606f13d4d580b1f322b3f3d3df423bba |
| SHA1 | 02cb375e13b415edc8b5360dffdba531e47827ed |
| SHA256 | c71a16b1056e522cd0365449448116d06f37a3273d77694d170340064511dd25 |
| SHA512 | 867a45dc15e99148f24fc528fbc9255582e5534bb4696700292b70163fddb15f35ddf2acd0536a9cd78b4d8f9d827bf7530d2303bfd7e428f11573b381a0986c |
memory/1180-378-0x0000000002BA0000-0x0000000002BB9000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BR2D.tmp
| MD5 | 145d5c49fe34a44662beaffe641d58c7 |
| SHA1 | 95d5e92523990b614125d66fa3fa395170a73bfe |
| SHA256 | 59182f092b59a3005ada6b2f2855c7e860e53e8adf6e41cd8cd515578ae7815a |
| SHA512 | 48cb0048f4fcf460e791a5b0beca40dbf2399b70f1784236b6d1f17835201d70dfa64c498814b872f57e527793c58a5959230fe40ddf5ebdcb0b1de57e9c53ef |
memory/1180-386-0x0000000002D10000-0x0000000002D1E000-memory.dmp
memory/1180-389-0x0000000000FC0000-0x0000000001293000-memory.dmp
memory/1180-390-0x0000000075580000-0x000000007558E000-memory.dmp
memory/1180-391-0x0000000066680000-0x000000006668E000-memory.dmp
memory/1180-392-0x00000000710C0000-0x00000000710DF000-memory.dmp
memory/1180-393-0x0000000067C80000-0x0000000067D0C000-memory.dmp
memory/1180-394-0x0000000075240000-0x000000007524B000-memory.dmp
memory/1180-395-0x0000000066C40000-0x0000000066C4B000-memory.dmp
memory/1180-397-0x0000000067E00000-0x0000000067E1B000-memory.dmp
memory/1180-396-0x0000000066C00000-0x0000000066C14000-memory.dmp
memory/1180-398-0x0000000000FC0000-0x0000000001293000-memory.dmp
C:\Program Files\IDA Freeware 8.4\ida.ico
| MD5 | b1edefe3c9be279b79f0811ff2a7ab5b |
| SHA1 | cd09e97721fa94099f9d653fa5444002d032121f |
| SHA256 | e52c2db28a2dc57cf49663ee089f4876d9c668b38151145bf4297568297c4772 |
| SHA512 | ad6509cf65ca51d37eea4ca6da3f686048a7e2dfbd62d52df3782c0ee13f0e15098236b8f342a77beef4bb10a788132cbe8b7572afe203dd99a6f69acfedc6c1 |
C:\Program Files\IDA Freeware 8.4\cfg\ida.cfg
| MD5 | b625cbf4d66bc28a036ca27cd8f74e91 |
| SHA1 | 75efc9caa418fd9239de176a7ba259497049c20b |
| SHA256 | a6f78af367a48f519fe6bc061f3c2bd9a39b2b8292f0eafa2728615bc0459ac3 |
| SHA512 | 8f52a1203cf948ae84357008839e8c72fcf5bf34325fab610a4beec1371a655247cf0162746083970a3a2b2d312334993c07429864b868f633d38c5c2369ad0b |
C:\Program Files\IDA Freeware 8.4\cfg\idagui.cfg
| MD5 | b728480b698d94fcbd717f66e30c859a |
| SHA1 | 55cf565d80530dcf9bed32cac94412eb03d66a2d |
| SHA256 | 2f9aade30a97e7114a886b643d3928fedd051edc418cd43f2e2b46cf41dc6efd |
| SHA512 | f97244f7dc9b7eb3435fe7d09896c5d83da988eb36eaf7cf366e1b76d2bf3a62d4001b11171a19844173f566fb40266427ef0ee776e4b406d1d6e197a85e58a7 |
C:\Program Files\IDA Freeware 8.4\loaders\pe64.dll
| MD5 | fe9e929e0e8f62773b9d3a3960a0e04f |
| SHA1 | 6d92f8057c0fd2ffdaab1488f637f1797af3a391 |
| SHA256 | 982078cc6a0ec98464b9ddb3ed697bd44e26607bcdeccb3a6b40e2f2d3f54275 |
| SHA512 | f14f0d12aec76668d9b8bc02c9395270729fb7e100e316e7f5211e95eca18755c8ba91895c60aab038664bfc483cab6b252f95c90645a887e6da5f936cec058a |
C:\Program Files\IDA Freeware 8.4\plugins\dbg64.dll
| MD5 | 5a3e83bba0be4f4c945ab94177f2ce92 |
| SHA1 | 10dea10c42455395fe33f8c9878d457826929dbe |
| SHA256 | e929446499ae4ac3c52023ec3a24d74776ab60943c0b5ccd1966653abec02a5f |
| SHA512 | 2b23cc5f42f3bd946b4d9d5a6ab69eeeb379ee006d54d3037ce21a624b66af07f5bbd03b904d68b19c40e14c0aa4c5f9fc33e47a00413c5d82129a9f03554424 |
C:\Program Files\IDA Freeware 8.4\plugins\eh_parse64.dll
| MD5 | 499ef7cc7750a2b55f79c3e900b7c0de |
| SHA1 | d0d9052592583195ed5fdf9d9351ae44f5994a3c |
| SHA256 | 263d60d029771ae18c8197b66e711f8e3a7839ce8d9a9cb0008c92866de14eb1 |
| SHA512 | 311adc47f3d8085a3b736db3d8f4d0a529ea9fa00fcea16546c9ede9e520877502c92489a27f06054c55e6dc3859788eab56bdea88296d086639d35cc51afecd |
C:\Program Files\IDA Freeware 8.4\plugins\golang64.dll
| MD5 | a511bd88ed6868f4f203fd008248b6e6 |
| SHA1 | f0006bf7446c8b38b25a2dc61dc48acae6ab5215 |
| SHA256 | 99e4c2ebace2cd5db1060c9e991ef0156f66496fdc39df6c065b70da45993b9c |
| SHA512 | 274512b24ecd7e4606942d02857a6d656692e50571c829661379343043c10f8a3fd95459b00b30dd81ec6b457bb67f433a16b62970aec4b61cb6727f96a9c6b5 |
C:\Program Files\IDA Freeware 8.4\plugins\picture_search64.dll
| MD5 | 83d24f9e9b3c9b6b7e2f4e7c78162dad |
| SHA1 | df99c99fbfa0cdd1b7057e6e4c76f550e82daafa |
| SHA256 | 2e8cbb322bfc02f97e8e20de3bd7dff365ee5ae13fc77b1baed3a828adb48b0c |
| SHA512 | cd1db5fd4932638f2ea0397cdbe53f6b501cfa971fdcb8cc0c1f610792f932933bcaae0585243f389cf055c1ceb7e0e83eb0304b6384641a123f2894701af398 |
C:\Program Files\IDA Freeware 8.4\plugins\objc64.dll
| MD5 | 48e5b9715bc3704303abc6b0e1fd5c22 |
| SHA1 | e8361cbc039671e8ea137ca2109a01f45b8b41d6 |
| SHA256 | 5f33e90c3bf5dcdc73cae31e3d5494f33420331373dd3dde5bb4955a73c1d0de |
| SHA512 | fdbd65c575c8a57804ce5c9ac7fa52261379f27cd530654030b8995968c4f59a03c9b148faf11d423f9920f882386abab1a14dace0e36185468f7ae096ee15be |
C:\Program Files\IDA Freeware 8.4\plugins\win32_user64.dll
| MD5 | da2b4680e29b9acde05b759be8df3d52 |
| SHA1 | a7bef83f81aab0d6e4182b1225422983215dc7a0 |
| SHA256 | 1bc896cf61dfbe14d0de90dee1e3f96733d35ddc7ebf8ec015f497094bb1fa20 |
| SHA512 | febf76904fd086f34666491987fcd8812cdeff752f86396232d4e7ba87a91dc213c815b8325b74669f53859cf0be8ae0841b0f1c1e4435715bd1a242b24e459d |
C:\Program Files\IDA Freeware 8.4\plugins\iconengines\qsvgicon.dll
| MD5 | ed973fa567bc9c2b14ce5be86679f08b |
| SHA1 | 31f66ade30fddb3be4bed51bec2358f52acedd03 |
| SHA256 | 2766cf3d89a52b10b8b3432b3a0b991a9a4b36a127bf00ee7cde995a50c46fb0 |
| SHA512 | 4392c9d8a941e7a4d99f76a7f4572da43808141e57c3cc09df32740c6cd947e58de74a2db8b2ce9923b11ffa961fa1eb792b830ada5d797ae0ea7e746668fda1 |
C:\Program Files\IDA Freeware 8.4\plugins\styles\qwindowsvistastyle.dll
| MD5 | 32e85e3303bb5675747fef26fc744089 |
| SHA1 | f5b5a1c9834a244ca73368c3ffda1e7aeed1dd04 |
| SHA256 | b7bb8a6ce946cd9fd74644aac3152ee8130875201ff174662a7f5fc28d1588ef |
| SHA512 | 413c5cec9a198bc43769fa33da7843ebfa4e73d676132d08c8ba076c37477c2c4cdb2cf2ef73905bb805d5348577e61187bae6ef61227c104703f00a193e99f0 |
C:\Program Files\IDA Freeware 8.4\sig\pc\vc64atl.sig
| MD5 | abbab907a097ea6db9a868f9c209a956 |
| SHA1 | 8eec6ac8b2a477258d8b4dd0b32c8eaa35290866 |
| SHA256 | 3af82192edd3c7a8e9d4f69a74bb4d902947b68ab1d10a717f4099a39b56970b |
| SHA512 | de6869e727d44dade9eeaa5d62244a2f7ec3add73e57d523de61c32e224ccd26b1b1822815e20297de0a3e30e8d262a8b6218baa1485a7e68d81b2a4d0304495 |
C:\Program Files\IDA Freeware 8.4\sig\pc\vc32mfce.sig
| MD5 | 0fb109c73c899b482f4adcaac9b81154 |
| SHA1 | e22f11362622e021853ed9eb76bb4a869bc178ef |
| SHA256 | 04c7cdd2470bc63c89efbf4fed1281c31613bfd4612b51536f9cad6f5ca0b33d |
| SHA512 | f832c6ff2424f8543fc723d82bc0cc4aea19a555a2af235ae45eb157fd73a7211055fd2469540bba78787c80c841733ae37099083b09e9da1ab17c838d1de9fd |
C:\Program Files\IDA Freeware 8.4\sig\pc\win32unx.sig
| MD5 | 803f49b221509dba553cea05346ff0aa |
| SHA1 | 9da5eec62e6b5d65cd5e427063b1192e31fa3e46 |
| SHA256 | 661be014db25cbbc22e5b6da1dd5dd21b36a291cc5874b309dd784f0d0ab6abc |
| SHA512 | e15c66de870a8e916ae5d159853723a55c5459804a3b353ec1b409bf71d6fd718df916c95f6eae4318faf9db011bc6170786a64f186403f87a55b85655deb464 |
C:\Program Files\IDA Freeware 8.4\sig\pc\win64unx.sig
| MD5 | 7c792ef9cc9797ec4789794870812f4f |
| SHA1 | 2f395399a375661f98b4a2dccb7bc070741dcab8 |
| SHA256 | d99dbf87db845de36235f9b5f94816b5c6bba743dba6d850401a3610aa884aad |
| SHA512 | 5224f02c9737986f46c802cb07a7dcdb6734592c42e8558026b5c4433c142d511f15cfd48dce7c1a4da141248361441be8328aa156b9b017dc27ab681178f4af |
C:\Program Files\IDA Freeware 8.4\til\objc64.til
| MD5 | 43f4e4bde98bd870efa8aa8d90e006d5 |
| SHA1 | 964a82557964908939127829cbdd2819c06c872d |
| SHA256 | 374a488ffd7f8694123d57c7a04d564528c9b585765bffcc4cbf9ec5b2cd9025 |
| SHA512 | ddf046a69f730126113db828c7cb59f46d3019f47da791d651a01f3da5cd82dd17b3ff833a32113d49301923b74621e279792a475bc25da73ae1352194c1d9a2 |
C:\Program Files\IDA Freeware 8.4\themes\_base\theme.css
| MD5 | 8ffc5e0332c179b39ea97838267de499 |
| SHA1 | 65f52e9e5495095f25ad8cc98833db3504475d88 |
| SHA256 | 95d9db914e2134a71317f3114b8ef6d82d1adeb7ef8aac5c46c11d31d6642856 |
| SHA512 | ca5839baa5ef439613493a17bfa74d1e525eefc14ac496ccf5dd4e270d3a75746e5e74a8f2344fb22dba619b3ebe9f50afdcb23e6fba8a1835aaa69eb309c39b |
C:\Program Files\IDA Freeware 8.4\til\pc\ms16win.til
| MD5 | 64441c0f0059e12f77a0f0df560a12e7 |
| SHA1 | 1e8d1aa8ba94ba98c9e794e5b7d63ca67a85a216 |
| SHA256 | 3cf092e52069cc9d5bb2a010f7ba13203b910feecdf9936eb3617bf34e3742ab |
| SHA512 | f4728610a78821a144ea88c8f92298da3aeea5bf7b1d1e90f6aa0607b1b0c232ef96d4f9bfc1b5a731714fa6c841095fb51064195dd0a271aeb66716ff09a9aa |
C:\Program Files\IDA Freeware 8.4\til\pc\vc10.til
| MD5 | a612ed986a433af427fa63d7da58fbf6 |
| SHA1 | 2da6a2690f2fe31785d87097d14235653bd2ef33 |
| SHA256 | 2fa9585da69e05741692879ec616336064802e944211c0b4b9c01ceef8e728a1 |
| SHA512 | 58230af8119ca6e07e867b23e41b1042a9d578755572364c76c85f70c10fe819ce066df9f49ad59fbf3f281d7cfc818b5cc45d1092501799b15a3f4458c9ed30 |
C:\Program Files\IDA Freeware 8.4\picture_decoder.exe
| MD5 | e0ff1bc6952de13207cb53fa7a3b4971 |
| SHA1 | 26e7e2ec51174ab9573c53ad81245042c69087cb |
| SHA256 | 7556d9679ce327b9118f5425f86a490255dce9f7979882a3071732b138da4a14 |
| SHA512 | 59acd3e64d02439d85245d2bd5622f92fc9d78c6bcc1c282e8b90b8a40ae6eedab175068dcdd6a4658e4762bab503c74aa11b3de41af5b585e6aa3461ceedcd6 |
C:\Program Files\IDA Freeware 8.4\qt.conf
| MD5 | b94a2770e638de7b863b8edf907e9b1b |
| SHA1 | 7ffa722fc4db9b413f9a2364ce8dfd4afcf678de |
| SHA256 | 2b946593df3a65ab7d2bc4d5ab26606a829260de2b2441299e1bbcebc33f4722 |
| SHA512 | fad27a4cf44b45e39fa2d03a5fd9ebb8c4119ee00d3d0b58cc712492a3b5d1fac31cfd02480b7e2249eddb9a3cf873c1fa84c531242d00266df69e7dcd15fa44 |
C:\Program Files\IDA Freeware 8.4\cfg\exceptions.cfg
| MD5 | b5a5da214ecc8c99731891d0578422c2 |
| SHA1 | fcc10f731f88c83cdbb48a1f74e0697270634609 |
| SHA256 | 095a9959453b5aa6139f786aed1ec6c8676b357421fb293fa4481267a65242d6 |
| SHA512 | 84ae27b2c404bb428bbd532eea7cd2a485730eb26b8e0ec8f345a6b2bf541d9efbf61251f96f73514fcba6413630aad616b5a76ec6ceb3d3c97090de8fd92b11 |
C:\Program Files\IDA Freeware 8.4\cfg\golang.cfg
| MD5 | 898540748ae58a0abecace6bea231487 |
| SHA1 | e66a8e3b2d329def51499442d00ff20f06636a59 |
| SHA256 | e360af6b8da6c32186d9918fe962da681f6952d75832b5e37148e57ad27d66ba |
| SHA512 | c5f85332b42343e4c6a774eb46818daf06edf241bf23f9a226ebfaa7fe8a39d62860e589e958da55508033c1e66a7d089f374c2aeb911ca31d16d1dfb45920b9 |
C:\Program Files\IDA Freeware 8.4\cfg\hexrays.cfg
| MD5 | b98594e407119672630a535c919bc54e |
| SHA1 | 0f9bad58ee7072f78f3376cfd19584ede68902ec |
| SHA256 | 494b55b67305f8b2dbba18088eb286fb244a4d2796eae79f3b9bd3360b61d3e0 |
| SHA512 | 698196411a9e78ebc0b0d4554ed28766e10be8df6e5e41d8c614ee85b9d489dd7654fe4461602ffa232b451b7fc78b1be6393e7b2726bb7c705c66cb7b555fe5 |
C:\Program Files\IDA Freeware 8.4\idc\bds.idc
| MD5 | adf2707c1776ffba6a48923a41d1dae3 |
| SHA1 | 4aae34c8d782ace4418fd4b92b9289fce2fb5387 |
| SHA256 | 784b6288cecd998b396cba5048a9c75fa06982d86ebdb7a7988f7d51e62fc5cb |
| SHA512 | 66cbac7ef2515e633b91d62641fc23fba62271cc6fc9412659fecfda934f320759e83a4c983ba1934037246c7e3d15b2e1923dee8a21f2610c4d6f6bc12023cf |
C:\Program Files\IDA Freeware 8.4\idc\golang.idc
| MD5 | 7264a8f8bb4adafc524d5d9566cc7913 |
| SHA1 | 1557589481bb6f7866bdef0f9b8963f4041949ef |
| SHA256 | f5a46d1a64f104522754d9f0a69750330752d41a8d90ad46b0cfbf9a2eb97495 |
| SHA512 | 5c2835a752e78b9a2848d3e31cb08834d3b8f04b20f6bfce7485274134524baaf8fd5b12f7d5c86b5bc8c81ad63800085a46015c8b8585ffe85c216e3eced8cd |
C:\Program Files\IDA Freeware 8.4\plugins\imageformats\qsvg.dll
| MD5 | 10be44153141b7f342a98371464e9327 |
| SHA1 | 6d2b21d0a28382d85a1872ca964c0693a3caff0d |
| SHA256 | 9cc9cfb7db2cbd70e199c32456186e7ded266fe30e450207387494101a44a99b |
| SHA512 | 05c615b9866c63bf56270e844f83d0feb6483b38bdb1f6ad0b3f56070c6b29a118bf78711f9256d3b1c5ee20292d88332f00b89ec9a6e943ba2c80f108385f63 |
C:\Program Files\IDA Freeware 8.4\plugins\tds64.dll
| MD5 | 2f3c6088692540d08381da6c2e0f2b8c |
| SHA1 | d8401d7c0783fc615cf35ae1ff8eab75db74a85b |
| SHA256 | 616458053c4d8442f45c112ac7472d98ee35e71bbc3f99b2a9d8f4b13d5de55b |
| SHA512 | 94245892e5898a756fc2394863731387a70ea5db490b8d926c2459d5b39b8984eaa1f2806df1f7a29cb7fda4d778d1407923c459639c6251673ca05c3fe70731 |
C:\Program Files\IDA Freeware 8.4\sig\pc\elf.sig
| MD5 | f9ef7d055ab878e6e0d47bf8484af8ae |
| SHA1 | e40f78dbe57f67f2ba9e6977d0ff9bbea087e4f2 |
| SHA256 | c017c54f899424f95c73b579fbe223d64aed7f383dedb23d143bcc3e70e2e901 |
| SHA512 | 30f2e55dbd51d6173511fcc62a533a11bcc0ccad18a19520288e32004672dacfa17b10a34deb46073b9cfddb42294ec1ce6dda8ec13eb4bb8acd1b134e4b2624 |
C:\Program Files\IDA Freeware 8.4\sig\pc\elf64.sig
| MD5 | 5ba8b5793f1be73ebaee566c9828c952 |
| SHA1 | 2ef221a7dc80f9995be2acf1b0fc05d80f5e827c |
| SHA256 | 19960ab3168bd8e19bd44af7e3ba92ed006e086319f40f407d75af49e237e4ed |
| SHA512 | 8705cbd1cc427144110f5793144dea7dac849ff86783c7571611646eaa51224ae04285ca4993a91e444043cd9e1ef05af58d9abd5f45e477040876b50ef49596 |
C:\Program Files\IDA Freeware 8.4\plugins\plugins.cfg
| MD5 | f39ae2f72d5b94013c720a7f4e540fbe |
| SHA1 | f5c006874adfcfd0e3862ef616b00af89ab59e37 |
| SHA256 | dd60b7374132ef1bdcddbedb06fa992168c351c7112b9cc6e65d8dcfebf08479 |
| SHA512 | f73fbef26809784a98989bdf5cb921b0de0a0489a1e65d1872f1fe59323136f4d4b1c04bef8d62f3e20d98634ea095e162e61b10d341d221587184bdfd837359 |
C:\Program Files\IDA Freeware 8.4\plugins\bdescr64.dll
| MD5 | 8d8ea1d2ab0c6cc789304bbfa881a134 |
| SHA1 | f4c833547fb9ae9b401e02e744324c935bb41f9c |
| SHA256 | f7151501fe135c5376e15d650b8c5dd67aaab8a564555c2012e6190576c266e4 |
| SHA512 | 9a920091bebb9da683cbebf6126a1cfc2868eb3ee41eebd6e34346d4a35e5976febd451a8d7040a75677f7d9dbaac05dd5fd97b8286648631c6c9dbbd63079d3 |
C:\Program Files\IDA Freeware 8.4\sig\pc\iclapp64.sig
| MD5 | 9e753a100822e348b3c95729837abf0c |
| SHA1 | 1a300c2a88122fe95f01f0f1892c7826e576486a |
| SHA256 | e5cee88a05cad4f1772e6e9d30d362ba88e556222f986adaa6c78272368c5b77 |
| SHA512 | e267025d1d3c1cf83902453905a474323f90d9ba821777ddfe9684df132ca5c5c1e88741acafa0de86748625ec016c766eae17fcec17ce7f0f871b94cae94a0f |
C:\Program Files\IDA Freeware 8.4\sig\pc\macho64.sig
| MD5 | ec7aee01061b384f4b1f4ee39c9b87b5 |
| SHA1 | 46e7ac1e1d6f4b0d0df5a3354ae62b848910cc2d |
| SHA256 | 646102242e21bf3d58b687788e2090c2b6bbc1f5025eeb95b185c724f81e0332 |
| SHA512 | 8420f85fd54b5778155378477db4e10ce37d310c9e4991090af023c201c0caeefd356567369927b709f606fc912c51b20071d7639d047044ed31646a319a5c09 |
C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc2u.sig
| MD5 | 21775ef05bf903f156dc23514494b457 |
| SHA1 | 179c92f4c224366a36d7a6d5b4d28e3de4e46229 |
| SHA256 | 0aa228ac89590fd96e4ced1578def8439eed390b9852d1ba5f6c701bcae1535e |
| SHA512 | d96b72045143648e267aab954493356cd79a5e1a8a408459eb8c9e4e5a007175fe0a49c938cbcd720c3bc883e883044126437d46c64dae90529a3536d1f9490a |
C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc2d.sig
| MD5 | 09ec67b9153e1e4d2ee0484433be75f9 |
| SHA1 | 4c3c821cf8072dcdfae08a493183db7b3b5c4ac5 |
| SHA256 | 6e00566af5311c35e93c5f89278519c1afd6508ad2bca0473f4a9e0f44792c12 |
| SHA512 | c5bf531f70b4548211d3cee977bc84449a0959c6915c2dec0153d5e1354dc2c78214996f3c85595d551277c948581c84b36be770253d23f70d843f1f33efedee |
C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc2.sig
| MD5 | d699c676db603eb5ab38db8577be9679 |
| SHA1 | 8759595eea903594eb978f46c3ee31ae2f9667b8 |
| SHA256 | 9f5be3dfadc89139c9447d12b25ca7e1e8d318753bded8e954d466699500b021 |
| SHA512 | cb7bea4bdb72e746fc5ffe5d85bb37caa2f403aeec546f138ce66ee6be17d2e0746f7bd07fd7f6f51475c8e362ade9d639f3d878619fa1d7c6f7077f2b0e9e58 |
C:\Program Files\IDA Freeware 8.4\sig\pc\mssdk64.sig
| MD5 | cc5df08d76da71a1f79fe55007b30ee3 |
| SHA1 | d62c1681ef1577dbfbd4a3f74c78d84b7d1864f9 |
| SHA256 | 24726d7f5de409e6b6ecedd8070cd01f3806bd5184505d7469186904ed6855ec |
| SHA512 | bd5ff0fc4d6ac0101615ee0eb349215fba8cd2cbaa451784b3f024b337bca97b3755bac6ac92d9e62c171356bd6e6112ffc62e0b28edc1779037d84349cfec21 |
C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc64u.sig
| MD5 | e22423f726b91e0e1621318222e3dd40 |
| SHA1 | 13d4c1db150ca7f0bd48b81b7808acbf886194ea |
| SHA256 | 8b80af011101e9138a0f785a67b05de2e80a703f9f2d463c25114089ceb55c20 |
| SHA512 | 89cd7a0ef6afcd52c6ba1fb38a4253e0c9fb179d039de36b2092771cb3b18d25861194c975a3bb1ce66075d9d741187cc4bed6ed38012ac431454b3adc35dedd |
C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc64d.sig
| MD5 | 447d5ca3fe46301778d9eda0ed8c43d5 |
| SHA1 | db552c16d972cebc86e08920e10a2acb0134bfe5 |
| SHA256 | 6e76be99b59f36d8048483efb64b095590c5c7bd3e753d2f4ba2aac29461bfc1 |
| SHA512 | 05a21b29299da5dd1a4d060d89e9907ed55db75de75f667228a471fae544981e7d4ef5f66369112ee49bf2c08c3968f242acb93a027bc182016026b41fe8ff62 |
C:\Program Files\IDA Freeware 8.4\sig\pc\msmfc64.sig
| MD5 | de7877722be080e13f58ed4534d6de3a |
| SHA1 | 235291be811f55f0fe36a8540b912f46ec847bdb |
| SHA256 | 3cbd4645d965e60d589e56335a868aa25e89dfda149fc0105ef56806730b6f10 |
| SHA512 | a755ef6cabbf154fc1b3d36b44f383832a4cfa228a0998899962e6798715594226176210d82acf9cd91f455684780be39f0852b8ca9d933741ec948bdc5f2e48 |
C:\Program Files\IDA Freeware 8.4\sig\pc\pe.sig
| MD5 | 4131fb5d17ced8d70c1878e172585f1f |
| SHA1 | 1311bdc7e13eab4e2ef89ed5fe8dd812d6cd7830 |
| SHA256 | 714909ae09b1aac3f40bbcfdf01b628e02a6e162019d1ef4a8c1d7ec517a702c |
| SHA512 | 92daabbe06cf7245d23b114c1cd3bd84615d2eb4b520d491be5043577492596690b33555ba271d5a3654e5768f0d2f0a1e7dad9185c3de42965ed89baf476b33 |
C:\Program Files\IDA Freeware 8.4\sig\pc\vc64extra.sig
| MD5 | 4c4888594b9277a355aea2251a41ef20 |
| SHA1 | 4b001980f73f786fdca90d9f3ebfa6af803f4a45 |
| SHA256 | a87ceaa9f68569c902fd9f535fc7677c27100b1d48cc4fa8b615335879e4c7cc |
| SHA512 | dd932e119447ed4d3261f8ef9b18e6b2a6f63235881df25067fa383c334f9c4bf9efe09ed71d308aaf7ff59486775e5176898e924f759121ae482e68c7bfa659 |
C:\Program Files\IDA Freeware 8.4\sig\pc\pe64.sig
| MD5 | b15e0f165448a172d2914faff4bfe163 |
| SHA1 | dea870863079c54d12f1a7f5fe6ad7078ebebd7d |
| SHA256 | 9cfbf91b2b3ed80665d0637fbf621d4e082fb29e129bb60c2a271d9b21123a4e |
| SHA512 | c24b2aad3e65cee3adbb2d46438f840ceb5e46c7dff2d4560adadcbd788f97ee932cc0c928b248effe99d26809ad259e0aa61941de17a3cc9048607f48df15f3 |
C:\Program Files\IDA Freeware 8.4\sig\pc\vc64seh.sig
| MD5 | d450fa792ec5161fc160fa54736778b3 |
| SHA1 | 47a7f5ab55df1987ec2dcb2824e1e7c5b532ef7e |
| SHA256 | 71ea518f3a5823f1345667168157e6782a70bc1d4d712a1f736cfa5ded89c357 |
| SHA512 | 2623279d23a419c37667ed496e180bcb63189dbe57fbd95ff357a558ad749e7dcf6d1185fd334efbfa78e66db46705cefd89566ac08705b7eefc0f208c15d8da |
C:\Program Files\IDA Freeware 8.4\sig\pc\vcseh.sig
| MD5 | f659ed744a583cebe8a9defb24d7deaa |
| SHA1 | 8b645042c421d4fa354dc2ec53898a309cebf6f7 |
| SHA256 | eb5c3515a7ad72a0436f6df8f45e02fd817a38bfdea783bb5897b85539789688 |
| SHA512 | 8857002ff3a3c3467fd4d6f27ad7d818091432a0950816bef0e6db1c8207c84ee1e71b40a4217e0d0cf63c855a27d70bcdf5548801a2e93552a6ad2d0f3a9505 |
C:\Program Files\IDA Freeware 8.4\themes\dark\theme.css
| MD5 | 2ab203d1d8f513cd42656457eaa3d874 |
| SHA1 | 34c3e380535d3fc51a2301da6bb88a30660b3e2b |
| SHA256 | c841c3475a471ae608669b8dd2ad0bc0cbe27fa7038775b82e51efdc5d0fe195 |
| SHA512 | e15990b3ef9a4c53e4e5753682336499eda0dd581ebe0145423446110f124992a4326bfc6f042cf65564765a30abc21e018e98442c73912b27af1cd78918322a |
C:\Program Files\IDA Freeware 8.4\themes\dark\icons\expand.png
| MD5 | 88d318482b3de1a8ada927e659956549 |
| SHA1 | 379322d9c42b9b9e1a3aee41b92122db8642901d |
| SHA256 | 98f79ce976eb484581ca168fa01679a40cdfc513f19479e6aaad9b078fc1d456 |
| SHA512 | cd224d454f58b33feee4e04a3156e61c75d42e670de6dbf015028045edb1f30029e2b44709e8459e3dd5934966bc83488940cb42b08becb23881107d63358526 |
C:\Program Files\IDA Freeware 8.4\themes\default\theme.css
| MD5 | b6cae5b360c999ccc6de5039d4e9f14f |
| SHA1 | 5a4cadddc06b09b785ac95143598671b0a015e33 |
| SHA256 | 57b025b6bd38c0b574988ef04267367428239c782b0d408da8bf787cd01186e2 |
| SHA512 | 88502cfe60e7d564ef68318a310e5c923eef1865737e723cb281cf960bbb999accd1bebb27509fee2c0a6960397df10e46afec1f31a6d8257bc3c4b833c3a5cc |
C:\Program Files\IDA Freeware 8.4\themes\dark\icons\spacer.png
| MD5 | fa8ec07db9e8bd0a335ab244ed005724 |
| SHA1 | 8de58a612454551c1bdb6f126932add3be0f9013 |
| SHA256 | 627a73dec6ba1569b2bbd1ef41ecc3dab437afd470bbafc45609b3fb019f5525 |
| SHA512 | e3c3f932bead75b7f1c4b71d5409a932bb79e0fa537321591d4aa3a9667ffdfc194bc0bdb6d1261f676678fee7f3acf110847316c30848f5cd9c87e9ac51b230 |
C:\Program Files\IDA Freeware 8.4\themes\darcula\theme.css
| MD5 | 18b5d9118dbde48b5a74d15415f53451 |
| SHA1 | 162f114427288069f893e223505d9d4a1f4ed6df |
| SHA256 | 4e6b181cfc27a98ea6b829a84869579b6d44dc94ce2975bf5cfe58cbbb06e070 |
| SHA512 | 6982daddaf6aa849d8918c10bb2dbc26a046b0d187b42a51759214619c6a77044374d31920d8a817328426ffc1939e4d659cb8d1410f1991d96c31f45764dec5 |
C:\Program Files\IDA Freeware 8.4\license.txt
| MD5 | df5e2be4386b169b08d1ac3389b2b5e0 |
| SHA1 | f7e14267007726cbc57f681ed862ea5a586c417f |
| SHA256 | dbdcefa857b851eca2ad05ad6f7f871ecaabd35c7af98ed052307f0ddeb87e6a |
| SHA512 | 37d8463ce6cd19e91f02f7d9ab3c1f3b9ecad428117b0330d3b88aa9a6aff67b260d76f9bd5e64202816baf0d5650b2ff32712addbecdaee8b476dc20f92ab3d |
C:\Program Files\IDA Freeware 8.4\ids\idsnames
| MD5 | 1bdd9d9a7191da1296c61a00c769b590 |
| SHA1 | 77b524b1f31e8593a9674d4029acb246d277daf2 |
| SHA256 | 46d70cdaa37b223d3183e5f0084201085fb68a3e0c4a4e2995f54bdfb7a338cd |
| SHA512 | 7cd79348147e82b499e19fc32c1614db20b41931573c7730a4af9c1b7bef12fdfe0377558a2f623e6b844d9d4993567d556ae1fe53f9fba963dd4af3231a376f |
C:\Program Files\IDA Freeware 8.4\til\pc\bc31.til
| MD5 | daf82a4c4a93f0714bddb6512cfc11b1 |
| SHA1 | 9aca16b26768ffda924b137d073366ac8e0de71e |
| SHA256 | abd2d82ac9c253f67465d6f82bf16bc7146357cc2c0532d90b8fdb0a0a0afdfa |
| SHA512 | 941912b205561f048a1f4e44cb0cd166a55b9efbc9461da5e14646abe220ebeb665ae5403a4e3ecbc47c4fc58708b98a6d6b92311ff8b49d6fcf18accd18ddda |
C:\Program Files\IDA Freeware 8.4\til\pc\gnulnx_x64.til
| MD5 | 36ead1da435276ca39c17a95ee6e9089 |
| SHA1 | 85d87870d2a57a58527bf29d062e15a833617f8f |
| SHA256 | 731d8faf79ab3875338d7d9d03f8fc583f89fdaf92f5c484ba79e902cfc2b0f2 |
| SHA512 | bac31ddab91cbb500553b878cfa2c87090758dc4539a6c0af77aa3d79554824151be6e4e6ca8dd0ff3a5cd2bd860a5207d74acba899bd05facba0eb00ed07ba0 |
C:\Program Files\IDA Freeware 8.4\til\pc\gnulnx_x86.til
| MD5 | a032c62c57acec17547b4fda7950cacd |
| SHA1 | 35b3c06a1b53dedd27e6279fb0b83bf944fe1c7f |
| SHA256 | d2e2a613f9317b498d591cf9c7f4f634f8bef14a21a5870fc75c4545831074c2 |
| SHA512 | 83e71a52e8ecd1459b4fbaaea777f6ccd1ba90c8a1fb0fab5189e5181bef781200c1f8a5d9dd1d76a7ce81a7f5eb5cd75f0d9c3c3beaf61b66b63bea9ec1daa3 |
C:\Program Files\IDA Freeware 8.4\til\pc\w16dos.til
| MD5 | ad17b4450c74ecd0dffe3cc5c956609e |
| SHA1 | 13145357126049648a474afcdb9db8729587ed21 |
| SHA256 | 66c0aaebd27a21c93ba89a98a92ce570605ff6a7a1706a76ca5f105c0f0b85f5 |
| SHA512 | ffb2f71cbaf4e12c3c4b17bda6cac0caf188b9ea394e0dc04b6aa918b2cc612fa7f750f484c3e816747a7dadf50c5b7093e79ea9f474497dd053e6e845a29780 |
C:\Program Files\IDA Freeware 8.4\til\pc\w32dos.til
| MD5 | c670af6b1aa85ec91d2f3ad00dc5769a |
| SHA1 | be01e6c68c59103a99584f65967e38574fa36f35 |
| SHA256 | 6fd1573de926ad737231341e805bee87a8c4692be10612b9460266d60b9da213 |
| SHA512 | 6f977991e75eb84dfc5670329d664b3f3235a32868ac87e2f5b41c0887d4c5e9ccf363c674ac502ad9d52b6c054916bdb773120a5babc4fe40a6f3c3e6bff445 |
C:\Program Files\IDA Freeware 8.4\clp64.dll
| MD5 | 65807fa497110d0659bf52df1a138036 |
| SHA1 | 4508a7e1621259550dad6a4f99b72844d54fad80 |
| SHA256 | 5c5149827d567ad41597921ce6d9ba4bf4b89abd04af1529094ff74c68f7bbc1 |
| SHA512 | ba3de631b3e780a0a9ff73701f1cf2a52c4a024fa0f68a2871ba56b38025d56dc14c2cd18ff760c48f4f8068f390bd5fb850b3608fdd17c580b0b59ec53da311 |
C:\Program Files\IDA Freeware 8.4\ida.hlp
| MD5 | 96f343155005fd34df1a881168f810b0 |
| SHA1 | 3127bdf37da091580d65e083e1d36da2d9a1212f |
| SHA256 | b8619a56b2684440b2ee6743c6536da04a7ad84199d2f898d41a009d9d76cef1 |
| SHA512 | 1b7c71e9511856a6c98eb9a02fdff8361f20f440b9b61fdc8a50bc6bb524e3ef27cc3d76b68ce5b5555b14c6537c777bcb4e00ebe950d1fbe5f5822f963230a5 |
C:\Program Files\IDA Freeware 8.4\ida64.dll
| MD5 | 3dbb5e8e495640fc1806d030efbc40bb |
| SHA1 | 70b5df3a6ba6ea7107ccb22da6c9f12fefa45e56 |
| SHA256 | 56ec1c00d29b4ccc93e26b8ccc1e24a267fcb75d3d684fc94cd50c691ed178b1 |
| SHA512 | 805d698b644db24e1238e27daa20a2a6f593adb11bf26fa9d722a9a307e832b44677a3461691ad10eca09023fba47e6a6465031c7dad2767d420a1f9ee3e65cd |
C:\Program Files\IDA Freeware 8.4\ida64.exe
| MD5 | 952de315a3b1a8d730290a12a20f3e15 |
| SHA1 | 8e648db75da7574bbe908608e3c36ca10000aa3f |
| SHA256 | f097c381fd0ab539dea496c8874b275731737b289fcd1b3142c8ef89d5355cdd |
| SHA512 | d92428bb9965f77a94c266dd4a1dd4d114d3f4cab97749416779ef844315e04d558d9d0c2e41ef369e597e31912833b108ab904ed49387f60654f936cefb927d |
C:\Program Files\IDA Freeware 8.4\libdwarf.dll
| MD5 | c52f1c57c12424bf36b9a5922653d92f |
| SHA1 | 90b6ff23cf50ea271d0e26deb8f32fae0684d00d |
| SHA256 | 50df0a2c54670fc0a803035cb4a2b25d422e58cc725ff7aecc4683459df7a696 |
| SHA512 | 0c7295301d8c155afd23a3d137c62664ceb75e10bb4e2952784f22b02f7cdc79150d8201566d4995b0b4c3eb341a9ff321285011cef703d52877acbac0493013 |
C:\Program Files\IDA Freeware 8.4\idahelp.chm
| MD5 | 73d7ac4c2a8d2235d9091083fb6bedce |
| SHA1 | 4f6e870b6280bd2893c310ad1254c0ea44891221 |
| SHA256 | 3afa977f16f389b2deaf3da6479c1e002742b11887e38421405c313f47088b17 |
| SHA512 | a449e3063cbfbbcec4a8189594691674129a7b4f92e3ce2adead00351ec6d9d1d39a0736b766cd3c7459cb6f26710457c0993867165c005bec97704376c2c8fb |
C:\Program Files\IDA Freeware 8.4\ida64.int
| MD5 | e8dceb9031003f600305d15f05745897 |
| SHA1 | 61cc634fa24beee3b1edc191e2300f843b24f6b2 |
| SHA256 | 2fcebd5b2cedb7cb41f96280df1d087c5c74ed1382d37ba0f62e2cd9ec8e84db |
| SHA512 | 1b8f9bc0f64db8110f00c03a19e08230e96e74d4555dd900731dda5cce9e24fc7313b9037c675f92e95d75277cf905a1c7d322edb7d5a83dcf5618ac72933448 |
C:\Program Files\IDA Freeware 8.4\Qt5Core.dll
| MD5 | af65b981ef1a3223ea6406b3231525aa |
| SHA1 | 1f468eb743b2b461155cfd956d3de332920daa6f |
| SHA256 | d9e3a0b5e5a2cd294dfd68c7c1953659626a7ece4a5cf302818d0e0617af6c19 |
| SHA512 | 9b64290d0070a162fbf43c000693ac1928d7cae543ac42753f640ff840ad9c9cd872afbaaec953a8794b383de7483fb35489c86ae6980a4d188dc3d25dfb645f |
C:\Program Files\IDA Freeware 8.4\Qt5Gui.dll
| MD5 | d4a3c4aa316fa3bb06dbe0418398a130 |
| SHA1 | ebe88a4af0d23d1b8c0d9a0b27069404d9d98781 |
| SHA256 | 02ea8df01224763e7cb71ec50801cf8dddf40b25eb7d52552e71adf7d6ceb529 |
| SHA512 | a28441dd1abeae970e2beb74b9b363d274eaffd630ddd1573574c47f5d5b317d870d6efd02a2313e4a1c1c7c8eaee0cbb036e2587a1929391fc1935efe7c0992 |
C:\Program Files\IDA Freeware 8.4\Qt5Svg.dll
| MD5 | e32684e01838b69a94136384ec408e0d |
| SHA1 | 5245c0fe994ef7a8c34fc9ddaa6464b7aee1e8bc |
| SHA256 | 67d8dba0e845a3b331ef50d2d83c210a0f8ad3399e55b2b1b61e7b0fa2d28dae |
| SHA512 | 058a90b407a8d15344b45d1560ed69b7baa468bb42944b0a9cfbbd09f89b57c14cd619f47b32a2c00197470425424b202711dbc2745866a644aba2bf40d051c0 |
C:\Program Files\IDA Freeware 8.4\Qt5PrintSupport.dll
| MD5 | 0071c8b417763bcd06b05a68be8f0cc7 |
| SHA1 | 3dadbbf5be4799d2ad83bdd3d556178300953216 |
| SHA256 | 72527a335ce5c52d687b27201a56b5136e1b65fe8101000e3a8dd01c7a9ba077 |
| SHA512 | d420005f0807adb69d4582f01e5902181fe4ee61fbab1f10ba300f1f489ea820b6347549c413b064bb3143a74b89f49d3249c2b7a644faa12479b60387d7806c |
C:\Program Files\IDA Freeware 8.4\Qt5Widgets.dll
| MD5 | b6643ebdec3cd874331c8781de2cc731 |
| SHA1 | 625e49a4b074d8a8548f12be9407f5298fa61e75 |
| SHA256 | 161bfb0f15b663b48f75b91d93d8bc1f6292c7b71ee3bf43426891d43af22f38 |
| SHA512 | 60e90a9b2a23ae113d75b2001c4cb641b401e37853af37057e2133fd5d89a65a286864f7a24054d0ecbb83009ae7b82c03da1ab336bea1f97acf04ae4414108c |
C:\Program Files\IDA Freeware 8.4\idc\idc.idc
| MD5 | e0b0b37ae499dc3f390d2ee966c36429 |
| SHA1 | d99b73385dd4d29c01735bcd837fd758e65f910a |
| SHA256 | 61fe5fbb4499ad3b0ab46279cd63e873c00c1d021ecd63ce657f02d53fa8aba8 |
| SHA512 | 5973d9d04c1ce84305e3282ded953697bf644e9cc36e5e90b3057bec616856d00073aa51a32a02ec3cd3a430c0a6af550519b845767eae6d0fab2e907125fe74 |
C:\Program Files\IDA Freeware 8.4\qwingraph.exe
| MD5 | cc2c84f13a8f3597ab0464accc6c4016 |
| SHA1 | d334372315897ae5e0cf4b16bc580b8a0e6d0f4d |
| SHA256 | a7ade5698086c0dc63ce910e8eb324671a5b7182d04827f18781be21b1d6680c |
| SHA512 | 7e29ccde3be1312d6cd44f71d06264700e9e231b7ed7b293671cc3b1e231f78e6a30d03b8f7ce423cdeffd7987f478dd860a8e0a90a480b0ca470a9982590f08 |
C:\Program Files\IDA Freeware 8.4\ids\win7.zip
| MD5 | 217af687cf399699e9e3a46c681513f6 |
| SHA1 | 50bd304b07afe02f4735c1128c65175bec576ef0 |
| SHA256 | 7ab3868b91c6d71db3905db13f1f8a93f85af14ef33ecace2fec989e39c6ad51 |
| SHA512 | 72c5f9a00026c106eddfcd7b0b63961e1a99b301406f2d435ac42aa3c74b50e45ccfba1691dba6d2c5aa655c29b2a061a081f253e0bc36ad7d7c9260a37697e5 |
C:\Program Files\IDA Freeware 8.4\plugins\pdb64.dll
| MD5 | 946f0445efa866f983d125da119e3886 |
| SHA1 | d00939afcd163e3b9e3cbd3c0fb529d3f00dda52 |
| SHA256 | 8f5b6d32db06a7fe95befa475daff764354f4f35006497206e1f47c5ab472103 |
| SHA512 | 22a2febbd94a0aecc08e0f224ec10b07bea629a893471246d7da1a62da6377fedb0963df1997426d17fbc900f92066a97543d0732009ef17878ad0d68657d936 |
C:\Program Files\IDA Freeware 8.4\plugins\hexx64.dll
| MD5 | 7d32d27e23558f7e9190e220a6b10787 |
| SHA1 | c9d9a3d71298d543f3e70fe249cc6bdd25d180f8 |
| SHA256 | ed3be686f259445fbeaa01b43b7690956fb08ce9a28a943abe2c75b69f283a9d |
| SHA512 | 596248c8c099ee191cd9174ff34b394f26c0ce9ef1676ce36803001f6b7f9482e4de9d000e4fd0a56760b35dd3193c4cd3865b1bbfb138a8e7e3e4df9f67e0a7 |
C:\Program Files\IDA Freeware 8.4\plugins\dwarf64.dll
| MD5 | 50909e736f1eda91490c9e76e22b165d |
| SHA1 | f41b9848ef850b9ffb2b6028a514ab8d29ab985a |
| SHA256 | a7db1b614932913029b4446432929538c46e08abaa6865d1e7e745bb0ba87659 |
| SHA512 | 78cf7e255141475d96d8cdf6bf871e4567294434c360e6a4581a1f82b8aafc4d530e12a9327bc6dfbf74b1eba83575fad90ea3dbc88218dbb31cd32a1847f59c |
C:\Program Files\IDA Freeware 8.4\loaders\macho64.dll
| MD5 | ff88b998c4ac722cc37dd562db5f54ca |
| SHA1 | d88a9a13f842c08f3e6f6cd2b991b25bf7d44f23 |
| SHA256 | 8deefacdca596711df448c2a9ec6b5dd3f8e74381e1de7484e4219232437e349 |
| SHA512 | e7e8dc9bf852abcf488d8e48e2d91c13b8cc6a768856d1bdab74701ce42b3d46bf193dcc01fa2de2fbb1276eed991441ba8501a4e2fd098534f5f729f7b442ae |
C:\Program Files\IDA Freeware 8.4\loaders\elf64.dll
| MD5 | db65e7735786a9dea756d976ee680f8a |
| SHA1 | 955c0d9d5360ad6382b27b3c871efe688da16657 |
| SHA256 | 1281161a60f180e04a17e63b008db615d533b5322139b964a9944d7d76502d4d |
| SHA512 | 8c7cce31bd955b69895d717ba8354ecd861ddfa38c927733971064845bbcee2ed0c44474d7b1b162a3fb12fd7c723d50ce5af44ec20923836dbd73a648a3c6de |
C:\Program Files\IDA Freeware 8.4\plugins\platforms\qwindows.dll
| MD5 | d806c1f1e1ae1f2a4481d15d57035d19 |
| SHA1 | bd3b915558020550736946de5c06cb635a706a0c |
| SHA256 | 49f621f2e5a8b3907099ec0ecc65f3519a5105b8446d7ac451a0ad7359fb7d22 |
| SHA512 | 8df43f5da8dbf6961b2f592e2a1fb2b5ee279b44129a6f732e932d00e41eb7ffd083e5013a33860a791a769282011d23e86196e0a85a207b46afe2d7ed07a341 |
C:\Program Files\IDA Freeware 8.4\procs\pc64.dll
| MD5 | 9928d89f43c343a5be139367b3f0d534 |
| SHA1 | d780de8892bdb0dfd6c83c7cbbff50b1ac9392b5 |
| SHA256 | 2b88e61d8e5a0b1db0e4a97b5566ee56b8fbdaac095b2714d4540b018963d9ba |
| SHA512 | 2c63e7cf68b54d8ad5fa5b2f65310cef3b4ab189d285acfa4c74abf547c83e9440e38ee1f9d2d8dd4effada3c7b893e7a283b8f119cc620675482696cfa8d220 |
C:\Program Files\IDA Freeware 8.4\sig\pc\bcb5rt.sig
| MD5 | 571b3d43ccc68cf427abf4e1718cb834 |
| SHA1 | 3dbad91dbaa8a09b403da2cc417ba715dd10cb0e |
| SHA256 | 9a88fa04d34f6a91f35870996dccd037edf73f6551dea8a00949aa89d1492856 |
| SHA512 | 82da2706b21a233463d3bfd3cb36345800796af21551616677bb576c1cefcdb798033ffc3ba7776eba41fae27bfd2a3a5fee45985593743ccc53254468e59a73 |
C:\Program Files\IDA Freeware 8.4\sig\pc\go_std_abi0.sig
| MD5 | 50ce6d57951f39048999521cd2ed8991 |
| SHA1 | fb3d7ee1a5effba17b6aaa99abfaa46c33594594 |
| SHA256 | bea187d7215bfbc2e78d5dcbcb366711920aed21faa852554768964468ff81f1 |
| SHA512 | 5987c758026e7f0345cf550dacfe75a4313da360698e7e5d903dc14a31a57eee563c3b1719cbebbce31b57c9c2599b6112e215b385e2d972f716914b6d7939ff |
C:\Program Files\IDA Freeware 8.4\sig\pc\vc32mfc.sig
| MD5 | 70a593cf81d143717c21fe75a1869356 |
| SHA1 | 38de1275c5d744e3a0e1a272f06c1b056ef13169 |
| SHA256 | 06a42a2809b5bc79e3b1e24e6fc589685023190845b8a6fa42627ca2c37a7d40 |
| SHA512 | ec488578fd5a219473b3b6290d40e0abdef1bf0d549979f2c865fc3f850f8fc4e063b7b08e3c1cb41f3c2c98a76acaaecfb2d89a53fb387659a95f4de07be8d5 |
C:\Program Files\IDA Freeware 8.4\sig\pc\ms64wdk.sig
| MD5 | 8e929dd786b49de3cbbafcda0f1a1450 |
| SHA1 | 71bf969732c559345be9c6f698cc6d24e7b165d8 |
| SHA256 | 6ea0b621471d3675d22da42206fd897d6c95af693c6a262376e31b53e93e6356 |
| SHA512 | 9c2111a07a50c440b13cbbf6f7bb93784c3d845184b3b416fdc4e423b72df1371e91ebee4a769fa91c9926d70e78d4338fbfd28106f9e41ec01f2c73c6d6c876 |
C:\Program Files\IDA Freeware 8.4\sig\pc\go_std_abiinternal.sig
| MD5 | b65a2e7d62284fee77a7fbcd65b4e841 |
| SHA1 | f3e5d07d7da4c0c24ff601caf161a2f6a04f8df2 |
| SHA256 | c05fa9e1fdbd89904ce633efec933892e94776e825ba7a91459df78bc6bafc5e |
| SHA512 | 1b1dd242816bc79dda7e03ba1bf638f4ac5459c6244403d9f83a0ebe5068cf9f514add9fffc86245cc5639e2b0762af37d7ee2c8aea762fe6a5625d735f4fabc |
C:\Program Files\IDA Freeware 8.4\sig\pc\vc64mfc.sig
| MD5 | 6dfe9afc8e9061040baf0303cf2d3d46 |
| SHA1 | 95e7ee683f486043f288851bd23f7d59700b5838 |
| SHA256 | b49b860347b6800e35a3b7f3252397011635d35ab0e173a68545011900953112 |
| SHA512 | 2cc35c6bbc49c8af5c454d22c99503db383d470e0a4111f1df382326f016450b77d793a7af3ea5d8c06ca674c4d1eaba8bf72ff7240f6e892b07c92e1761706e |
memory/1180-1194-0x0000000000FC0000-0x0000000001293000-memory.dmp
C:\Program Files\IDA Freeware 8.4\til\pc\mssdk.til
| MD5 | 2a76100ee46976a28d19a44564c369c1 |
| SHA1 | 82ee9e4bd9592f11ada181ce5d495d57de263538 |
| SHA256 | 7062cc77ba12737c8a4b549e08b1fcb57ee96d0d7614f7ea2b877979cfd3642c |
| SHA512 | 6a1eb5e4d0a9a9a7713e8172f14bdad161b04b4f6abbbc79aef3b43e975640094b87fc05ae3996f0bb5689598b51a7978b6d881259c40fefd9953891ca3e2f29 |
C:\Program Files\IDA Freeware 8.4\til\pc\mssdk64_win7.til
| MD5 | 6b4e2556ce8af514fbeacc75017b6721 |
| SHA1 | 5ded8e86357cea4146f82e82c638a2d7d75fb535 |
| SHA256 | 1ca166e142e76da60209871a8554af0565e5fe0e2223435f04136696ed400bd2 |
| SHA512 | b02e7201c079ba058890b14733497b8bbadc9d346122d3f5206c27e8391f644453768bdcd37e802972c8ae45571d4c5e384eb536f69f809e329b8da04adb9cab |
C:\Program Files\IDA Freeware 8.4\til\pc\mssdk_win7.til
| MD5 | 0b82479898006be3e9eae6bebe9a2149 |
| SHA1 | a6ee094f542e27cd59d3d0922d99fff0eacbc565 |
| SHA256 | a336f00140d01367a6bf13840dc046ef6310297d4dc348b08bfa3a29064327f3 |
| SHA512 | f879e80d405b2c3bc3b8437196278bb54ad3b4abffd0a2dd1abd410f8269c5916d688bf0b0f8a7da8f61294cd25f75cdd28e9f2e084be2d96de191010de4ee62 |
C:\Program Files\IDA Freeware 8.4\til\pc\ntddk64.til
| MD5 | e7381ac16348f9f7665797f47c09f2e8 |
| SHA1 | b2d8f5033e2033f390a7fe2c955fb8dcf9e67667 |
| SHA256 | b6cabb8a1fbba7ee66482d56ad515057f22d57dc36476424b442bed90e7d1720 |
| SHA512 | c30c18a9e6eea11f4b5f2088fce01376f7616588f02812f77bd9515d745dede60c76f37553333740a72a7f975086be2beb3ccb09022d4e5e5f2a5763a52a31b5 |
C:\Program Files\IDA Freeware 8.4\til\pc\vc6win.til
| MD5 | 7d0ab6db8ed3a7e543966d210bb8bfc5 |
| SHA1 | e92ae9da4b92673b0711d6deac6fcc9430fbf36a |
| SHA256 | 78784ab42882b3428b66c551e1ead875f6ae26d312cab0c42bbfaa4493098af7 |
| SHA512 | ea149b7929a60f29bff345ab0f47804d4b60abc45d27b26a701bfcd831fae2b8361b988c10b47361bc7d8cbb84f0f28d410f2a4540920e788ce82c29767af0a7 |
C:\Program Files\IDA Freeware 8.4\til\pc\vc8amd64.til
| MD5 | 0e16ad7c1eef051ed2dad7b6e52de39d |
| SHA1 | 869f42ac094b4414c0c77c7759099f6ddc29dd6a |
| SHA256 | 7367b6a4be13bd61039a29af156d7bc4930cce82429fc82e79d878fde91da930 |
| SHA512 | a141d8ef39eae8b9bae42e48a52f4101d3183ea8d1798b614262fbc632d8f205e12d349865eb6f4354635b175f018588a7780a572b4e29f5136093414c45bece |
memory/1180-1357-0x0000000066C00000-0x0000000066C14000-memory.dmp
C:\Program Files\IDA Freeware 8.4\til\pc\vc10_64.til
| MD5 | 1f79963690f5156877f2cb97137ed7d4 |
| SHA1 | 6d68db13b6b517c8cbce2411ba9adf5a2a0b45d2 |
| SHA256 | 45a7262b729f0d72d994f9eac889d0fe8adb3db1d1210919b6a82b7888337910 |
| SHA512 | 43d0f937dfbeb4df2bd8a9bd287d05071a08c72c61b834bc98d755c954b8d124062468ff22318d42a2f7195e8ece56f174a6e11eef629f90743f405e0077c371 |
C:\Program Files\IDA Freeware 8.4\til\pc\ntddk.til
| MD5 | 6f54d44cbfaccdd0dfaa3b0bb1f7bcae |
| SHA1 | 90f527cca7756b1b5f2dd30166bbe96b596c1873 |
| SHA256 | 5579bee913c9431c9f4a01fd8bb97c91df3d68baad1be69e3200e61e880ab63e |
| SHA512 | 6889aa1c1f0b773b1212969727131361cad7b7721b7c640a41725934da9746d13cb64715e8c40f5852ddaa86f83688c0846e010442fedb756288a051ef38a7b0 |
C:\Program Files\IDA Freeware 8.4\til\pc\ntapi64_win7.til
| MD5 | 89a256a3132bfe81f787185e6aad0266 |
| SHA1 | c0782b4583b5219c0451d0653e5275ca9fd5ddfd |
| SHA256 | 0ca660bc68815fdde6d704d134c476345be5140c8ca6563fc1c2aaf351a83d3a |
| SHA512 | e521816f4c678ad1781a0010d2922e34b57d1510f9570fb57740b47a962b21340d42dab32ef643239c18fdc85e31d3f911fcb0d66cb2df5143008382cda93c65 |
C:\Program Files\IDA Freeware 8.4\til\pc\ntapi_win7.til
| MD5 | 8e91154d1e168ee0951e0efc7700aca1 |
| SHA1 | e21a16637e0d31c4c40121beb531930e2ccfb29b |
| SHA256 | c77ba2060c537d048a9b852c611c4bb7b3ea50b905248d0514417e2f0bb82fef |
| SHA512 | abe0f68acd8cce707a56fe9dfdd2623e4bfd0debb53f850c968d34250f617cfd461a6eac5990e14881d01514886cf1081aafb8fd508fb909af055189259c90de |
C:\Program Files\IDA Freeware 8.4\til\pc\bcb5win.til
| MD5 | b6555c2acaeb0cc9181c33221038a37f |
| SHA1 | 225158997869ade3d1bd72def0617ae6739c50a6 |
| SHA256 | e0e5d36346d2e31f9cf19681a6fee41fe7953898fc2055264dcb74d6f0887eb7 |
| SHA512 | 17f98b1e4988d11e8f4a3fe1e2295b0cc0132e23202ac85c4bede526e63b57affec3f2a63f5b40ecf85fd9cf78979ec5a887cb3e6cb1671c930f3e35d2226063 |
C:\Program Files\IDA Freeware 8.4\til\macosx64.til
| MD5 | e1d68f757af176cd69a3fd1fd6808baf |
| SHA1 | 541d224f35e01ba372dfe0ada68e3610091e92c3 |
| SHA256 | a301d8bf8406857f5a6406e3738ba36367d1c720b7beeb87786dedf5ef602596 |
| SHA512 | aceb7f72c5a015a887d19bad7d27df35f7222ffcf2eec564d6ed7fa215246854a9f026d69bcbb46f38831b7e05f95203a091e0dabea09b0a283e2027c540eaea |
C:\Program Files\IDA Freeware 8.4\til\gnuunx64.til
| MD5 | f11e6d89664e9e95c1e8117e092c415e |
| SHA1 | 0b4c89cd427fe166855b5b893cc44ac7abb1fd6e |
| SHA256 | b01bfd7226efc80ef711ad57137f89a8a7adc4ff14acea9709c5aaaf9bb6a7bf |
| SHA512 | f06ba3510135ab1f51b40f3155fd50c5e087d44c397664b6268dfd7bbae4fea15d347e89d80e4cff81fdd4e55c991352c9b572b8ccc40f16eb18e1a9f88b362b |
C:\Program Files\IDA Freeware 8.4\sig\pc\vc64_14.sig
| MD5 | bcf87bad343481765668a5c18ad26851 |
| SHA1 | 8d1e1a1d2949873d8b00214f6693ea83fc856017 |
| SHA256 | d12ed9165120fea1fa6c7fb7d5000f681ddf72d20d9f5267a68214218b17038b |
| SHA512 | 1a24087bdf2ecb9d0e067ce76f14cb030aa6058935e337d4faf6b1f09b09aafa2b55f5c6121a109bc689c3bc8c4480d487ceb3687ab70b5d34e7c61b300ae2ea |
C:\Program Files\IDA Freeware 8.4\sig\pc\vc64ucrt.sig
| MD5 | 652fe6563451a19a8272cd80170cb83b |
| SHA1 | f2c6eaa8601ed6531d6b41aa03e805bac5c4d683 |
| SHA256 | ea23153132d9d78aa8a5766eaabc027bb9aee8c8f3d8f57e9411229c5c232649 |
| SHA512 | 1e9844c640256fa11c0ebcf07fa75a4a0bf7548e8e1129df12e9d2dbf03a0445c29deaa5248e988ccb3044116d3efa97a443abf691963b62609e4b0bd85d5b8f |
C:\Program Files\IDA Freeware 8.4\sig\pc\vc64rtf.sig
| MD5 | b33f23e6a0d530acb93ddba3ede74cc1 |
| SHA1 | 7ea898b3f26a905b60da9071898d6e1af9c93901 |
| SHA256 | e40da366fec56742d80b606b57a37dac66f70326381a6185bfbda2a162290ddc |
| SHA512 | b86ef3db13c906e4fa78d19560e973198925818b507144530b623da9380bc8eada79a3c9b97d941ee66f6fc6771b14de330430f9d3ac5e69447f6b831888f253 |
C:\Program Files\IDA Freeware 8.4\sig\pc\vc32rtf.sig
| MD5 | d809eec564ab0abfc77c421dbefe84ab |
| SHA1 | 8b96b296f82ae8ab238391f947fe1234ad4f2717 |
| SHA256 | af4854783e9805d3ffcdd77527d1f88f11a43df4435d48a23a7452c26d91fe27 |
| SHA512 | 3187c8d61fc7f8ad930aea13d1c7271e9d37a2d1e372087df032e6b30d24ab4363091b335bd0810214b40b5c5b68f9c0c5770641c05547f46b85d09c5d7c1a62 |
memory/1180-1359-0x0000000000FC0000-0x0000000001293000-memory.dmp
C:\Program Files\IDA Freeware 8.4\uninstbr.000
| MD5 | 1103640a2963f0b7b9cb5e2690025558 |
| SHA1 | 324fee43f236679dc66373b3ebbaf353e5882280 |
| SHA256 | 4efad6573c23f222c4317b8b809f96e4dd26689e3be77d0387fb1c6e1fe55470 |
| SHA512 | 5fa2c29b11b51da46f626a9225950caa59d5653dbc7344d6203eb120192c48a55bb33cccfcee34dfdbfce84d57c616cb254031af014cf217a9fcb77c9c2f5393 |
C:\Users\Admin\AppData\Local\Temp\BRL0000049c\BRF9AC.tmp
| MD5 | a6f7a08b0676f0564a51b5c47973e635 |
| SHA1 | d56f5f9e2580b81717317da6582da9d379426d5b |
| SHA256 | 5dd27e845af9333ad7b907a37ab3d239b75be6ccc1f51ef4b21e59b037ce778c |
| SHA512 | 1101813034db327af1c16d069a4dfa91ab97ee8188f9ed1a6da9d25558866e7e9af59102e58127e64441d3e4a768b2ad788fd0e5a16db994a14637bfbade2954 |
memory/1180-1433-0x0000000000FC0000-0x0000000001293000-memory.dmp
memory/1180-1435-0x0000000066680000-0x000000006668E000-memory.dmp
memory/1180-1434-0x0000000075580000-0x000000007558E000-memory.dmp
memory/1180-1437-0x0000000067C80000-0x0000000067D0C000-memory.dmp
memory/1180-1436-0x00000000710C0000-0x00000000710DF000-memory.dmp
memory/1180-1438-0x0000000075240000-0x000000007524B000-memory.dmp
memory/1180-1439-0x0000000066C40000-0x0000000066C4B000-memory.dmp
memory/1180-1440-0x0000000066C00000-0x0000000066C14000-memory.dmp
memory/1180-1441-0x0000000067E00000-0x0000000067E1B000-memory.dmp
C:\Program Files\IDA Freeware 8.4\ida64.exe
| MD5 | cbfb49db16ef270f210c6d940cc19f36 |
| SHA1 | d08586d526ee3a006f6053568b2dc3a0464f9182 |
| SHA256 | 78f1856ec1595ea687a102ece7cef166b674e47cda9dafce3d5b23bd1e99eef9 |
| SHA512 | 7568fe9efc4ddd626bd2a2a7776243d66c424b0b91414d3595c1bc999a9466217c22063fe4b715c874e847caf59912525aceefad904f0234236739cd6fe52438 |
C:\Program Files\IDA Freeware 8.4\ida64.exe
| MD5 | aa9e181ed3050218018b66aac4520f61 |
| SHA1 | 0848298bca9c8fdccda72e46bd248b25e8e3185a |
| SHA256 | 39bfe76cc1d10f3e5f07e0e05e15dec96843049af41e73dffbb6b4ddc2940c27 |
| SHA512 | 36eeb86b52c56ce8f6171b54925b7403c683e7687dec2c80e599ccdcb3478fd6f3ac7a810064ee409634c45d00291c4d27892fa59c6be139ecefc30ccd38a686 |
C:\Program Files\IDA Freeware 8.4\Qt5Gui.dll
| MD5 | ca5c94d52bffc3abe768e788a72e9314 |
| SHA1 | 423bbbde2ca477f2a9c22d100af048556b55e486 |
| SHA256 | 445c39af2a647b4318d8a796d73d774b787d28131043b5cbfc58c09e56e0ce6d |
| SHA512 | f14d1742eb4ff21cd1f3b4e809590f7d668892a76a12ed03868106aa4366127eab45e84e65bb0f33dd32373e2dc74b8878ae3bd2b67131b303dfa7980bca0500 |
memory/3792-1452-0x00007FF6E4C90000-0x00007FF6E5100000-memory.dmp
C:\Program Files\IDA Freeware 8.4\Qt5Gui.dll
| MD5 | 94caca3a996b51f0cafbe0083d8c0a4a |
| SHA1 | 43452678f6f0abc02816ab16961c55b199710768 |
| SHA256 | 31c79a8ebbfcd5c20ec19ede957fd2e7285acb977afef84b6d42de0cf78a6ae8 |
| SHA512 | fc92d069c158eb9984138540e1be5d0fa84c105109301ad11858e9e1e144b7b5ad3cf7912f66c04a59b3bb442cc60bf6c4f9dea0ee67ab93aff7077ed5620f8f |
C:\Program Files\IDA Freeware 8.4\Qt5Widgets.dll
| MD5 | 6f3c7a55ca7e5024fd49799d0740f118 |
| SHA1 | 3c050684c12319880d7c195c29b5e675ac61514c |
| SHA256 | 4e80b5b60f8b8543c6cd1f3769030c1a365016c40f78e9311defe562f135f275 |
| SHA512 | 68ee0d599c2f51edf0918db9851c0fda63fd252cc737297f1d82a9ef32d675b21b6696d3330ac962dcf48ecd040bb2296c4427fab7b4b19f72e99ee16dcc006a |
C:\Program Files\IDA Freeware 8.4\Qt5Widgets.dll
| MD5 | e6873b3413da20e47b7b82c7bb205024 |
| SHA1 | 1d4184635cbd44f19b3104461ea6372a3e9eed23 |
| SHA256 | a67564b5247ca3a0b178145b24b5b7bf23f0bb5ce62aa5904dc3b5ac4f7b990b |
| SHA512 | 3b907bcf600106f227bdc7aa1dcdae0b5fd9f56b13446e9b87ed2c3c721cccb29d6c643744854f172c85fe84b398e955de3c92df2449196075f09589e0c1d4f6 |
memory/3792-1453-0x00007FF9BDD50000-0x00007FF9BE2A8000-memory.dmp
memory/3792-1454-0x00007FF6E4C90000-0x00007FF6E5100000-memory.dmp
memory/3792-1455-0x000001F6C20F0000-0x000001F6C2100000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7202f1758f550ab75e25f1fbddb7f494 |
| SHA1 | 73134d1f8e2bd8ec7200cf1e89421c6f428b577b |
| SHA256 | dd5c6b10d6f2f0ba38f1b48d4a994db2691889479e0bcfd514d397ccaa6cd5f7 |
| SHA512 | 9e8e6e563423e699321a9c3e5ea225edba0db206ee7beff37350d1688c7b8942502c3922dd1c3e42ff4cb22d14fc42d47b94314083b060166e2eafa2aa2bef73 |
memory/3792-1487-0x000001F6C20F0000-0x000001F6C2100000-memory.dmp
C:\Users\Admin\Downloads\WannaCry.EXE.id0
| MD5 | 586cb6bf13ad05c7667e71b626fc7b68 |
| SHA1 | 7e153c34285f3f2da429180d63d4e52cde924d2d |
| SHA256 | 590c47de8260264861741e7d1d459c0ebd43fb23c9a2328c40f701d29aeedf5e |
| SHA512 | 5b66909f5ba2757ccb7dbf96702e697acfd0fca2ba5a2df576fe350325f313d8aa5d967861d4e4af52c5877329b665243ee680a285f5eda33d685578f6e5bd7b |
C:\Users\Admin\Desktop\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/3420-1553-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\Desktop\@[email protected]
| MD5 | 7a2726bb6e6a79fb1d092b7f2b688af0 |
| SHA1 | b3effadce8b76aee8cd6ce2eccbb8701797468a2 |
| SHA256 | 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5 |
| SHA512 | 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54 |
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
| MD5 | 1c980549a1684d50494e3813965efc63 |
| SHA1 | 6282a474ae8672967fc3d271fa7fc6c33659a78e |
| SHA256 | 3fa6dd3cf4033fd155300b5e5017239f105103fc0afe74e45c4b9162c04b316e |
| SHA512 | 97241ebe20372d0506000db6d8f4d1ee1a560f4dd143d03d499065525422387aba10527946050bf1c759132a745936b898cbdd29730e61c0c0c5f4ab72722910 |
memory/5892-2884-0x0000020A757D0000-0x0000020A757D1000-memory.dmp
memory/5892-2885-0x0000020A757D0000-0x0000020A757D1000-memory.dmp
memory/5892-2886-0x0000020A757D0000-0x0000020A757D1000-memory.dmp
memory/5892-2890-0x0000020A757D0000-0x0000020A757D1000-memory.dmp
memory/5892-2891-0x0000020A757D0000-0x0000020A757D1000-memory.dmp
memory/5892-2892-0x0000020A757D0000-0x0000020A757D1000-memory.dmp
memory/5892-2893-0x0000020A757D0000-0x0000020A757D1000-memory.dmp
memory/5892-2895-0x0000020A757D0000-0x0000020A757D1000-memory.dmp
memory/5892-2894-0x0000020A757D0000-0x0000020A757D1000-memory.dmp
memory/5892-2896-0x0000020A757D0000-0x0000020A757D1000-memory.dmp
C:\Users\Default\Desktop\@[email protected]
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Desktop\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/2364-2953-0x00000000741F0000-0x0000000074272000-memory.dmp
memory/2364-2956-0x0000000073E80000-0x000000007409C000-memory.dmp
memory/2364-2958-0x00000000002D0000-0x00000000005CE000-memory.dmp
memory/2364-2959-0x0000000074160000-0x00000000741E2000-memory.dmp
memory/2364-2972-0x0000000074130000-0x0000000074152000-memory.dmp
memory/2364-3006-0x00000000741F0000-0x0000000074272000-memory.dmp
memory/2364-3007-0x0000000073E80000-0x000000007409C000-memory.dmp
memory/2364-3008-0x00000000002D0000-0x00000000005CE000-memory.dmp
memory/2364-3009-0x0000000074160000-0x00000000741E2000-memory.dmp