Malware Analysis Report

2024-09-22 12:38

Sample ID 240418-rynw1sfg99
Target gorilla-tag-monke
SHA256 1f55ed37f443441f832854493f3b658cd955e0abcc855e45bc950c80224c3b67
Tags
troldesh wannacry aspackv2 persistence ransomware spyware stealer trojan upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1f55ed37f443441f832854493f3b658cd955e0abcc855e45bc950c80224c3b67

Threat Level: Known bad

The file gorilla-tag-monke was found to be: Known bad.

Malicious Activity Summary

troldesh wannacry aspackv2 persistence ransomware spyware stealer trojan upx worm

Troldesh, Shade, Encoder.858

Wannacry

Deletes shadow copies

Downloads MZ/PE file

Drops startup file

UPX packed file

Executes dropped EXE

ASPack v2.12-2.42

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Sets desktop wallpaper using registry

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Kills process with taskkill

Suspicious behavior: EnumeratesProcesses

Modifies registry class

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy service COM API

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-04-18 14:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-18 14:36

Reported

2024-04-18 14:42

Platform

win10v2004-20240412-en

Max time kernel

376s

Max time network

299s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\gorilla-tag-monke.html

Signatures

Troldesh, Shade, Encoder.858

ransomware trojan troldesh

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware

Downloads MZ/PE file

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD51EA.tmp C:\Users\Admin\Downloads\WannaCry.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD5210.tmp C:\Users\Admin\Downloads\WannaCry.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r" C:\Users\Admin\Downloads\WannaCry.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp" C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3198953144-1466794930-246379610-1000\{0605186C-C27A-4AE1-8815-A2FBB7371599} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3198953144-1466794930-246379610-1000\{375A6630-F49E-400B-8BDA-FA2A33E01C95} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3198953144-1466794930-246379610-1000\{82C85581-A14E-4169-87FE-D23DF779FD7F} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 508493.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 767409.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 346348.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 686490.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4184 wrote to memory of 1784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 1784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 2800 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4184 wrote to memory of 4816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\gorilla-tag-monke.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa6eff46f8,0x7ffa6eff4708,0x7ffa6eff4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4288 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5416 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6632 /prefetch:8

C:\Users\Admin\Downloads\NoMoreRansom.exe

"C:\Users\Admin\Downloads\NoMoreRansom.exe"

C:\Users\Admin\Downloads\NoMoreRansom.exe

"C:\Users\Admin\Downloads\NoMoreRansom.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\NoMoreRansom.exe

"C:\Users\Admin\Downloads\NoMoreRansom.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa6eff46f8,0x7ffa6eff4708,0x7ffa6eff4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5092 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6408 /prefetch:8

C:\Users\Admin\Downloads\WannaCry.exe

"C:\Users\Admin\Downloads\WannaCry.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 222861713451104.bat

C:\Windows\SysWOW64\cscript.exe

cscript //nologo c.vbs

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe f

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im MSExchange*

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im Microsoft.Exchange.*

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sqlserver.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sqlwriter.exe

C:\Users\Admin\Downloads\WannaCry.exe

"C:\Users\Admin\Downloads\WannaCry.exe"

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe c

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b !WannaDecryptor!.exe v

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe v

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Downloads\WannaCry.exe

"C:\Users\Admin\Downloads\WannaCry.exe"

C:\Users\Admin\Downloads\WannaCry.exe

"C:\Users\Admin\Downloads\WannaCry.exe"

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\Downloads\WannaCry.exe

"C:\Users\Admin\Downloads\WannaCry.exe"

C:\Users\Admin\Downloads\NoMoreRansom.exe

"C:\Users\Admin\Downloads\NoMoreRansom.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6eff46f8,0x7ffa6eff4708,0x7ffa6eff4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6eff46f8,0x7ffa6eff4708,0x7ffa6eff4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa6eff46f8,0x7ffa6eff4708,0x7ffa6eff4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6eff46f8,0x7ffa6eff4708,0x7ffa6eff4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4352 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4300 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6024 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6372 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6716 /prefetch:8

C:\Users\Admin\Desktop\Popup.exe

"C:\Users\Admin\Desktop\Popup.exe"

C:\Users\Admin\Desktop\Melting.exe

"C:\Users\Admin\Desktop\Melting.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 227.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 cdn.shopify.com udp
US 8.8.8.8:53 static.klaviyo.com udp
US 151.101.2.133:443 static.klaviyo.com tcp
US 151.101.2.133:443 static.klaviyo.com tcp
US 151.101.2.133:443 static.klaviyo.com tcp
CA 23.227.60.200:443 cdn.shopify.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.171:80 apps.identrust.com tcp
NL 23.63.101.171:80 apps.identrust.com tcp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 200.60.227.23.in-addr.arpa udp
US 8.8.8.8:53 171.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 www.clarity.ms udp
ES 108.157.109.28:443 static.hotjar.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 c.clarity.ms udp
ES 13.224.115.56:443 script.hotjar.com tcp
IE 68.219.88.97:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.237:443 c.bing.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 28.109.157.108.in-addr.arpa udp
US 8.8.8.8:53 112.66.84.52.in-addr.arpa udp
US 8.8.8.8:53 56.115.224.13.in-addr.arpa udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 h.clarity.ms udp
US 52.224.31.34:443 h.clarity.ms tcp
US 8.8.8.8:53 34.31.224.52.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.171:443 th.bing.com tcp
NL 23.62.61.121:443 th.bing.com tcp
NL 23.62.61.121:443 th.bing.com tcp
NL 23.62.61.171:443 th.bing.com tcp
US 8.8.8.8:53 121.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 20.190.160.14:443 login.microsoftonline.com tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 154.35.32.5:443 tcp
N/A 127.0.0.1:57690 tcp
N/A 127.0.0.1:57694 tcp
N/A 127.0.0.1:57706 tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
US 2.17.251.10:443 aefd.nelreports.net tcp
US 2.17.251.10:443 aefd.nelreports.net udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 10.251.17.2.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.155:443 r.bing.com tcp
NL 23.62.61.155:443 r.bing.com tcp
NL 23.62.61.129:443 th.bing.com tcp
NL 23.62.61.129:443 th.bing.com tcp
NL 23.62.61.155:443 r.bing.com udp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
DE 131.188.40.189:443 tcp
US 8.8.8.8:53 189.40.188.131.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
US 8.8.8.8:53 137.71.105.51.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:63093 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
NL 23.62.61.72:443 www.bing.com udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.97:443 r.bing.com udp
NL 23.62.61.88:443 r.bing.com udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 88.61.62.23.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
US 2.17.251.5:443 aefd.nelreports.net udp
US 8.8.8.8:53 5.251.17.2.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 864aa9768ef47143c455b31fd314d660
SHA1 09d879e0e77698f28b435ed0e7d8e166e28fafa2
SHA256 3118d55d1f04ecdd849971d8c49896b5c874bdbea63e5288547b9812c0640e10
SHA512 75dce411fce8166c8905ed8da910adb1dd08ab1c9d7cd5431ef905531f2f0374caf73dedd5d238b457ece61273f6c81e632d23eb8409efbb6bf0d01442008488

\??\pipe\LOCAL\crashpad_4184_TUODHOVVROFMJVJK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e2ece0fcb9f6256efba522462a9a9288
SHA1 ccc599f64d30e15833b45c7e52924d4bd2f54acb
SHA256 0eff6f3011208a312a1010db0620bb6680fe49d4fa3344930302e950b74ad005
SHA512 ead68dd972cfb1eccc194572279ae3e4ac989546bfb9e8d511c6bc178fc12aaebd20b49860d2b70ac1f5d4236b0df1b484a979b926edbe23f281b8139ff1a9ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6ad2afc07ae574d6a090a48be0ebd25c
SHA1 05609ddb986026bef4dd578073e7c02dc1dbd3d7
SHA256 07219484629d7c1ed27b81d0e349efdd9a73e22f5499722e950f9d7969cb57b3
SHA512 24d910b8a341e263671446d8b2fb6da705f6b55d5edb98cfc3ce7730d32341339d19032e42063d209c2c19891bd1add136ebc638ae1d28cce2ca774feec9ee35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 60a42f4174335b68a269d19de6ae6c7e
SHA1 0558c17ce36a41741eea724c81ed97d58e94d7a7
SHA256 9e1e0242dbb268048b2fc32fcd1ac7473da093fa566174b250454dfc566025f9
SHA512 bfe261119014bdd666e2293f2f01d85adb75740a4552df80d26b17cb01159945937fa8968de56a4207d9dfbe3cbbf512408194030da0313959a12554c04951a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 85b8abfb87498a117c6325dada2185eb
SHA1 26bdeda45f6bbcd432eb940a96a17049fd87a9fd
SHA256 b4b8067fc2673e2c52ad893a83521eb0ee948ced03fd70f36176b31eef674944
SHA512 38db3301a554b27aec4b6c0302fa777b3f8a32aecdc59b96a9286cc3adbb82f5877ffcecd52933f240340aeade4059e7a2f63edbb0a9d48a1f9f9258d06a93a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1b5caa951c52f86ecb28789d8c28f16d
SHA1 ecf904d5ff541bb35989544f1ed5106c528659d4
SHA256 7ffe5584bad6577de2aa54654748f938111e85e72c0b5a40b100d9fcd864be84
SHA512 bf67a64a6dca009c528ffbef001afec3fe1a6b670d3c4003bf78a68eca4a4052377ce77c336021106f93a6586cf8089e98dbc126a3acb0efc0f8da34c7aa6160

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1bd20d090b641f03335f15ee9fa3cbba
SHA1 fde1f5084ce475397c002a3c42937551d2bd2f43
SHA256 7191404f9421da1ff4d061c84bd1c6b7124e4874ce9c63fd6094199f7fbcbf79
SHA512 210f3689b5753b2baf35b6dfd60504476a98508a56aecc073ab39673da78aec8aadd291ca9f14c7bef7a9f9381e5403ab16f3c600357bb9138e950a8cdda3adc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c13d.TMP

MD5 0ee713a3c666b24c459844ab5ec1b7ff
SHA1 29f47190b8cb639c96302e12ddb15c9d211a9bff
SHA256 bc1ba5ceb19c5f7b1275abf5b36096ffe630c6f94aea96916c1f41242299824c
SHA512 c293a30217ab9d4447f710179c75cccb9b991b3a428550af8a989a06781f31330f00fc5f431db089ccf7744c94f0f4717e5ef033f9d0d9d396e7b591a21b1172

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7f841b08b4e557d243c096465ccb8a17
SHA1 7a035f43b94a6dc6ea9fb7ec7932a7b2d6935b91
SHA256 1c13054dbc6074b1df84ba58a7b2cbf27e9f08bcfb41b969a0f5cb28119419d4
SHA512 682e1460a8d07bcbace188c0852d2ee908b950c84214ec5205607e724ebaa047ee5f508204fd277dcf0366728ffba3e7ad5f317d28780445a0e85e95d49944f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c51f0ca5caa76e29ee7c28682ae7d837
SHA1 784f9894b1f6e208b595ec699c626d0db3ac9a29
SHA256 fe2ce4c6bfa1821ed286ae49784defc12524d74fad14bd13c633221c9f44bbe5
SHA512 eece1f746a6a8de82162171d71c614a15444df41462f09ec61d1efd5e9fdd0703b46b7ab019904115a2308ca6b934ff417cc5b179b08fa395eb99691968edc7c

C:\Users\Admin\Downloads\Unconfirmed 508493.crdownload

MD5 63210f8f1dde6c40a7f3643ccf0ff313
SHA1 57edd72391d710d71bead504d44389d0462ccec9
SHA256 2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f
SHA512 87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3eabf6b1354a82a9dd21c494a34c1645
SHA1 325ccfe3059c3e87f242a82c5356717141deb352
SHA256 ae7bb012daa79af20662a183745312492ce2bff0a9b703c5625ae0860e0b70b0
SHA512 26307f8df2b4b6aedab14dcdafe2b546255d58ffbc52de4246d6ec4d8a27dff61fe0b85d4beb26b745111e3794a7a2ff297bd7ea2bcfb06e1fc8bc65b7f545c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 910c74abcdf0cc47f552707c19525982
SHA1 016d05b79af1975dbb7696d4ba772906dcf03759
SHA256 5baea707376ae68c495908453050845a6a24ac7840031728d7b95bd5d9d16bfb
SHA512 a1844a00b4dffe20f12a51c4476d99bd04cb82eceb8b51db4d0787893a36cd608cf185bedea90dbc38b356eceb41567e740a67562759675b4a9386f373855881

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 180049723d55afc2e1e4274112795935
SHA1 480d8f5426cc72faf100b8263650ca9799dfdede
SHA256 f1fc15246ffbc428ec7f35a1bfb2e13aefb9e7bad287ebaf726134896a9126d8
SHA512 7c7887fff9fdc958ecf89e428ccad42a0f5c7ecb5b50c86e1671df5d77a1485eaceeefc7d38327f1f899ae5f7e786c93746b6e193a7e6d1ebb1e0a0781c0b69d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eb690478e768ca973067448ec73d123e
SHA1 cae825787abd1523d5220cfc0bb91c4e391af212
SHA256 f8137b1490db070fef0a0705f17a2db1f0399042f5c090ce789e98d2fb19289c
SHA512 9db66c4f856705801ced8cc1d8b38f21a5dd48750608817a0bb27d3e85e1b3d3b24d68734285cd620b45a245985f7f6f744cf1614155f79a1a9af35a6df43287

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c361a5fed0c84d16895890f6be62689d
SHA1 2d82c08755566c7c41aff8a5c1023dc2e481fc0b
SHA256 075947cbbc5471336db6e126ba9201e3903b4783189af8af5138ac728c56bc1f
SHA512 ede72b56566a69ddacbf421ac40e8aeff345af08c29ac6fcb179c063b60af7bfa4e21d21ff20d3613e2f92151db48682e16a4765b6e72f1cc6925ce638dc4f5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 25372181091bf6cd0962fb52b6f6b370
SHA1 9f4df64a8dc5cc48798edd8bbc8bdee843db4bf5
SHA256 f70be580f6b50d7a716a0bac2b0f3f847b95cef9f95d822c316aef2cffbd5b3a
SHA512 a43482d5a01ef859d9ca43340a17acf2437e2ce5168c06f2c7bc80ba97eae210cd4bee1953d0d58fdf47dea4bc84d863dd53ecee87c8be0aefb21ec2f0cd5b4d

memory/216-610-0x0000000002390000-0x000000000245E000-memory.dmp

memory/216-611-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/216-613-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4804-612-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/216-619-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4804-620-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4804-618-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/216-617-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4804-625-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/216-624-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/216-628-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4804-629-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3592-633-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3592-634-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3592-635-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1d8405c01b37d370a7bf2f19be36c61b
SHA1 3c376dd3c17a44bd005d9bc36390ac4154fe4b6f
SHA256 0edc81d93878a2cfb436b691562605875e21c873e976f3e3121cf6f91258ca74
SHA512 8cb3134185bc07bff94b61f106bb4624f28d88ea50c3d42d96fe2df2b2d740cebbf8d32d0bcdc809a338c9ae834cb2104ebdf101bb293cb6124a8d1d0b93225a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 7d24d100b8bf56dd30d059ed8316c083
SHA1 bbe3d675a57d0b328fde13a80696b8490c1689d6
SHA256 e6960ec80ccef389f752e83c9205f468e4bec9b0b34c08d33ddf703af578abce
SHA512 ce7ca61ee72929bbe1f005786723702d620d8fdd7a5c085c9f6e51136ab8a3a0ea0da02425957837d474a20bafcbc61f62a2b60d6a07eee236146dfdd3427e99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 9695d07a7105f81f74cd007732767982
SHA1 bf112cfb723e73cefdf2e54dadd4094e1b3a8baa
SHA256 1dcc7d4371825686ee2da735b9b5c19c6957f6451f30dd0822e680ebe308cdfc
SHA512 5533784ab042503790d9f68682892acff66801767b7c8251e71f94304f2ed3efb354030681b1ef9cf15b08442554e0b20c5b761b612684dce68b3f8fb70a5444

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 0d10f0b26d22817931ef71a7d3394974
SHA1 3ffa33b6f7a47569a7721f707f257bc199d72d23
SHA256 898044bb053d270c5a474722543cab894c070fedda85fc00a029679e94b1ed31
SHA512 ea018c40941c3cd690e6ebfb635153f6ad24250e035aed1783bdcdcd8329342fb24158f9db12d492f2d42e08b3151da3aa8c11bc26e8b4bb45f15e503a480c10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 49ad43550b3a52026a39d53522cd3395
SHA1 86e485b97d2e3f2ab8a8bc93bafd7aeac701ee4c
SHA256 9830f9b6d4c62488f91391ccf11c0bac78248bdb3bb7cbff12d87f52e55ead86
SHA512 e2c174429785d2529d5c705d51ca64e4bdaf64e037b08efe290e8031e149af82178828c9c67d65ba0ff1e9a7d1f7bf713d8a2d1fc98f8b880916e180b982bb22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 d108cf46288b59f52f6bfcccf19f1262
SHA1 460b311c46e241d8fd4ea60234669a20d53408a5
SHA256 4616aa26e0b2d8f437a20712abe20f151c3c0161afe1e1e8f180780b85308b4d
SHA512 9f3ab9d2bcf1bad7b05efbc6d2efcd7764dcddcff2c804a499e9dc6725f2b49bde775da8ed8ec7c706f9f2bdfb974ad4ad53d4794b1968fee0e6128926f94678

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

MD5 233998e6b328be0c46793d7d918a2e86
SHA1 2d36b3b134a4058c15f700bb22b8a6e74fdc487e
SHA256 046389f4f07fc98b3331bb23fa2dbe2d9a2ce4457140b042e26d96e8934b9e0f
SHA512 a7d70d9df9bfd4381e884ba3a822f09fb5e8617959f91c94cf1fd6b04e3f4f2c4e53ad61065858007da195e7311ed47f0024745d407f04936723a64de7ea5c5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 d56689d49423f79fe716189bb242c32a
SHA1 d0f3352fe1a980c7f8d413e0a58688f561f6dabf
SHA256 a9163fd035046330430328fadc480b8e02d7a9adfbf19688979ff0d48d1ff34d
SHA512 8de94d530666f5e69d01e6f218ef86b2e163330b121828f46da667d2c7e366c30d08443789039d8d209b5834fbfb9fe698d11e8cce645070e3c53eecfc5794fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 5964a50dd632fb1666b3918a012cf2a8
SHA1 200580ff4eff7af1b91308e2f2881c486561971c
SHA256 37104d12f3273fe7cc6299e08d3afe7865ee3242da2b7c7b1a5b7bff317d56e3
SHA512 f89a805405a4fb74c8a9f7e4eb7b4977e0ec56d1b9e57a00af420f6b5b6fb9af01537cf96c6d72580ff149cb04db249de850c3c75516ad8b0f80ab09bac93e42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13357924595336437

MD5 9e78161aaf01b44ff1d5aa6f4513af28
SHA1 e0e803b812735db5ad6d82ebc7870df917f5f4a5
SHA256 30c63bdb69c1dc3f82d1e48d0cbbc456fb70a8410fa16bb62e9386c666885191
SHA512 a0924f324897622f0bad3390bbbfbb99ad23016f1adb5a622fa4f3d15359e37462e3134c8e2e41cacc04b2bdceb63242f5a8b7ef0845409c5ecc613b4b5e07e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7d31ccc78a52f91feb43e9428849f24e
SHA1 b2274f2dfd3cc72c040ecff58a043a4f29b2c9fa
SHA256 3a568c978c59f5b62fd3ab1f31a7e745b66b8972094cbf44562a5896072971c6
SHA512 c2b075132fa9ea946b5c61a1922d750c69287ba55511590cfe091b17510f010c201dcaee9c0f65bfb283f205bb1abee1ccbef1d1669f5d0bfad8bace9a095a1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 6465fdb2d40df13dd56e4102ed90646c
SHA1 6c3b4786ce727a3a54bdcfb4b6b3515af3d11289
SHA256 55394396d12ca23bb806bc8833176cf269f50ae952b5f5e80babb1646e5a0560
SHA512 96a448454927e95e894e39d2911d1d7499fff34acda15b42c788121c137c2cd350408c2127809d68d42293e1711ae11226699b7fe2b911a021c41590c7fa2e0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 69f9e26b09c5f618d43e4089baf23d34
SHA1 373cdeeed291187ea246cee81b1c10f88ebd7c6f
SHA256 826bb6e27f6af57ca2ae148645501650e4d2138e65f3fef7a4d00dc9727924d8
SHA512 331605a838ff144c1d75e4ed9c05fd78d1b05f69996ab0609bdf3e9b8a35abfa520012deb0e97001cb1dc08b7dbdee753864508d19567e0c58614973fb03fe3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 d001b12f46979a996afc42e795a0fcc0
SHA1 50774552bc873ff17b83cf1f660f40adea70c145
SHA256 c7d15886b85c804e69bd2d4f9ea5cb708ac5cc99e7cbd02e858f123df224e536
SHA512 90ffd47aa43f1ded990c42549c0a122e449cc7bcfa28e1352b3f49c85798ded1b06fa610a12e581b805bf70671fe1d110896261460fcbe7279231fe2a193d526

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 a41f80545deb6750463e638e2a261a5b
SHA1 b7d960e92f46e1647e250e76bb16a33325c41bda
SHA256 3e276454fa04e4201b3fc6feca5aacab49edec513994b834a71602f129bef467
SHA512 29189d8730cc09e1ab63bc6c820a2fa5a54717808d65bdb736492ccd619f6a3c69c03bcb7d89d70ba1d67c00c0919b91ae67e6e3fbbe2224313db5a0c9c2ebe8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 c80aac81c0058e2f6e2a1a3eca8ddd2a
SHA1 ed9e93ebc9a4f0ce1d253e1b43d6fc56498e1704
SHA256 5e1dc64ee579bf7dce29f096253068ec27f5ff4df353baf5dceda9ec707d34e7
SHA512 163ccf8a3d34a6cf6dbd99d949eabd13afa75679471b60a183e3ac8f0b4e5b307549d61006fdce20cc02d68d203b1d24035881d75017c7e22dffe3e09ff73797

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 41a07d56560dc2c0939e463ed06e6d70
SHA1 61c3ded6c976c6a2ee6677235e34fb18722f5b75
SHA256 fd3aa949b3d5c1a931b12a2330cd24a82774bc488606cfe8730cd818514c9c2d
SHA512 c1130e6000a453430a094f88313f6327faed46e8c51cc717b8bb0fd16db20198c0d0e8dab3499dbf5ca8537987764438007f0a757b2a7e2f15ccc76f43a0a01e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 422433613d3d3669ef12c6de50d9d9cd
SHA1 9b3c91e4c1193be8453b96c6575746ee4beb12f1
SHA256 35c71a35adef7a7c46be81aa9a4b5b414abe05cc551a0af4c650353fb92f2a65
SHA512 e70afb3397d547fbcc8a69b25fa299f8e777bdf085a2041d2366f29ddc143d8de40ddc75e0e3261e12d6b150e470a7eb5d6a266ddc99c99b55cdf56b0538c868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 7e8c540752910773c2c34112f0bdd8c2
SHA1 a8a729caa9f2ba659c172ed755eb5d0bff01428a
SHA256 9064aa21e89dec340b2cde1192e0dafa49ceac862ccdf3a3813ddcf50c9333d0
SHA512 aa7cd216e1bab07f3ce2128ff41b154493641372118ea813cc91bb0a367b1904e172dd5acc1d394894152b9954b762bef7ac5fb0e49af0b142553a601cf8c87b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 68fd0a9bc90c3ddb0e85564dca8c7404
SHA1 95a0cbedb1ed7895eb54fb79a21d3195233229ca
SHA256 becf4811a8c43d7a6185def454b24e2d3409b5c97ead70e97e068c16aa3e5cec
SHA512 29555acee73b770f0f72bdb281a2c894b2d19702695d1363580279fd157c5b02741a23cef6269ecea0a54d96b70e7e8635d88f85e3c33e8ffb13c8474d33211b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 f4f24bcbd712b96d5450db4e5dbba9af
SHA1 a369e36e9f9305cf8726f2512f07978b8cfa9939
SHA256 98aaf7ed3ff3d51ab0c22f381e334be81b401c8b3194e9ab0edd13a9a65eb598
SHA512 d5feb789169d62990040e7a4438a3e0b09d445ece82fd2223f62c9c4ed35395b94eee3d64a1d6583e584ca3793b4ec3e4d19213b5afa7751e99f996e4cf29759

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a25aded32464ca9a7a58524519b1db60
SHA1 3bb53da149b00f8a1a8b696c63b046ffdffebd6f
SHA256 5fe0a3a1de4b73e324414a1b2cf741af36ceac39ea895cf94fe88dda6b96757e
SHA512 5632643e871deabf0cf6b6993c8e4e38122b31c7a9c94c174303a19b261340fd469600fa681917cf33cafc62163ae76682c32ca81ea4d6bef0023ac0468d28a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 f4adf25871a88c1ce5b55e13ee938629
SHA1 1306a0ed8ca38790871ffa7e75e733ca8b925091
SHA256 3c842bfb0c6f4b65316be981f7b527146acaaf2c18e690774fab3e081394a253
SHA512 5777e073bf36e80833a41be086d685ee80a3938cba33b19666c3b568cbe7abd0157d0ac1538be3ab01ceb0a3380992d9a0a9e89af488d5da3a607e83020c726f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 6eb0a418b78a2aae650e0f8cce66d0e6
SHA1 a1218de76f9acbc721484321daf07b4f66050cfd
SHA256 4ee7fe436e2248ee66db378d393d62006d9c8ed6e5b5fd1d76c0c665dec5fe6e
SHA512 07b13002e3a9ea07b36eed63c9b48582f0c75522b70851b318c5ac87869c2583f3e4353855e1fb4d3b138fb7fd8052be2b88de9889c3e5b3292063fa0ca02b3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 1b075ed2567978763c8b5e1bca5034c3
SHA1 2c536620242f53a6a61ac12e86a46c098c809a98
SHA256 663e0021ad684033958373ad622c7049483ee2a9f15ff16a70c767d81b8bcf43
SHA512 e5bf293f68d9faac4dcfa02ef832dfec09bc21847906e8dab99c8b70f438a36ace84b7ea256348c0139b31e432b2c38a7be68cda167263d3d9689d18ef6d7f6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 e587f67d71a9eb3397d7f15003fb2b19
SHA1 2115ec0f27b8b0a825497681a6bbc704927950d0
SHA256 1c70d3097594aef5e83e39e32693ee40b6f9f018b79b2e7aef8e108c742f7f4b
SHA512 e57929d75a516b667b7621513158c9a17b9089f5e232bb50e2875555dd4d223db51ae6178c87bceae64a318851b7f091298cb5f641a07d19e9538e96f31d3574

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 765bbf54da0de2c34df8c7031e31dd5c
SHA1 0ebfc23329c6a84cc8419b37bde2d8aa10a22c4b
SHA256 d843fa53226213c23888af9e1acbc304802407e5d67b1d8f980c5be7b5acd78c
SHA512 61c3449addcb339cf90b3a62414d582dfaf70d5769dc612dc0e1455413edb4c32a9862f7fdcc2b72c8af5ee1e4efbddd7d616f46cce5e15fe7b58f9f3aba5aa5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 c95b9dbd44022967765cbedd147b6914
SHA1 a21563f270a4d489b8b2fa43e0c0741ddd32a7c5
SHA256 f85cd893e777805b3fcd8a7aa0fc564ebf60c4f54e404ecb9fd9f2b11a18d4f6
SHA512 9181d9808cca1c0424df3a6219bd31d4a42caf9f4529c9edd78767e062b23d8fca891dc66833af13d140100efe7a53017f3848b954dccb5008774efda7389279

memory/3592-689-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/216-692-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/216-700-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6af3c7a950726ce36a74e81737c73f54
SHA1 36bf86a9590240df79d5f51122ad3d127f4a0a4a
SHA256 5269e12f6c4fd1f712db6c5db2919758a142118cda048413d7a3d336bbd6ca24
SHA512 3ac7aecf8035bbe77a49363fe6580fe2a9522175202f7fb11ab317bf5fd8b7984cd31bb844c9af4ca00e19a5af571839a9836708a58ce17c1a2c1af25e110e7c

memory/216-864-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d3be7c4745a2d2ba34f649a71af6da23
SHA1 e23fe60612d2f62eca67d3428bcca6632a540e1a
SHA256 df602108636fc486c50d990990e9d4aa7527c764ad79273cc865ecc384708cd2
SHA512 77312baa6ef548d6a188cd5c7f4e067a536d0659d11d1f3ab0d2273584f6a27956692ab99bd9943c1cdd8349234c5386e02c31c32f8b3b3db4a06d3cfcd0d606

memory/216-891-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c62134a0a8a44f9240f6fae0fe4a07de
SHA1 fe8ef6993492791f9189dac7a727b061781dc431
SHA256 0d1f42ded2cc547e472213c5f4708b29f5c691167fba9e94f2501e955d90bd61
SHA512 67f1801476c36a3fce1f4b46d31bdf5584e508dc11162cd4e2f83c6adac21a0e888f897f4e3d6de9a25b5264d043f2eb1dae460e0d0e6b428248153e230f06d9

memory/216-923-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\Downloads\Unconfirmed 767409.crdownload

MD5 5c7fb0927db37372da25f270708103a2
SHA1 120ed9279d85cbfa56e5b7779ffa7162074f7a29
SHA256 be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844
SHA512 a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

memory/2520-956-0x0000000010000000-0x0000000010012000-memory.dmp

C:\Users\Admin\Downloads\u.wry

MD5 cf1416074cd7791ab80a18f9e7e219d9
SHA1 276d2ec82c518d887a8a3608e51c56fa28716ded
SHA256 78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df
SHA512 0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e730b60b2d56fa7f2ea8a80e99c9e5b4
SHA1 b388d84eb75e6d20ccecec411bb0d27e174096e8
SHA256 889a957d4f3034207064a4a445a9a090ce22439df87193e14e370bfa7522d25b
SHA512 e1b0d4ca4d5bd91cccbedf8deab006eba65733c9fe404d4c3d4e0f62d65fc4e29642b095e2500bf462ab64806f33e2dd265078e38ec5d73c6824b567aade8f08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 893725c0825ccd2f04436054003b5ad8
SHA1 e1a4f3c4c00e83f4489247a3ece0c69854c2b2a2
SHA256 8b0f57eadba5637c3678730bb26262c73d832299907279c39b1730182b76c726
SHA512 97809c6730cfc1d9a254e2c9f92cd7a9559afed09504f7f712093babead67f37831c439ff2030c4822876592faa31e3abd3085ff692e4ec4c6532fffb07f2f87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 118d06c90b06f8e84ce20f24a618ebbf
SHA1 7f6eb894fb93c4d9b5b458cabcb6a7d5173b1a94
SHA256 1675504be0ab01b5336eeb92a5b9a239f0f0a42c3106b24c80e43e0947c3e930
SHA512 8b5a96540d5d335700e9af20544f630162e37642eefdd4b24e0a1a6bb7d6787a4ac2b9dbe1b683adf01a21033da04fad426f9d397f693ee81e451b5ce7311933

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ba0ad7d2-24c5-4039-89cc-4792bb318707.tmp

MD5 3bc1813a8b8262cef28548a836aa6f29
SHA1 9245068b13bfa68fb42e671b3949de8d7187b494
SHA256 9297fd4ccaa7af488a03e5cc8ffac2bfc5ed8ab2a43b6ee7c5844bf02bd661eb
SHA512 abeeb0dd5e8e3b0808faa0a5bf303e2f81fce0fc811fad97861f7518fd4f9642228f2e0eafbc8bde09606f4e2f204f0b3054c23933802c0d0ca05c269a3d2c54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 c31becbdef601cd66623bdd7da4f95ba
SHA1 c74873895b209be1a7510d6f9c3e9a05d9f8e14a
SHA256 54d267215363dfa1b0f12a0b1cb2928d11110952f30e60fe4481cf62d9bad72c
SHA512 32f60e12e4057d4c281e3a9969c387bfec7d305b6966558b6c0b75e825ff62283ed4dbed577fddc168b6d56cc77da0809787dadd40f7830510076caf51a19c86

C:\Users\Admin\Downloads\!Please Read Me!.txt

MD5 afa18cf4aa2660392111763fb93a8c3d
SHA1 c219a3654a5f41ce535a09f2a188a464c3f5baf5
SHA256 227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0
SHA512 4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

C:\Recovery\WindowsRE\!WannaDecryptor!.exe.lnk

MD5 2657c2363fec4b4389fb9c567c2d525b
SHA1 47bd0f5128c4bffd9d57f9b3586ea974e9b517bb
SHA256 806096f197bda437558a95a1b1ceabcdf6c239937f3ca3ceb8eeda7b0eeda27f
SHA512 6c29431d7c6532a2eed217fb5971646421b2f6acd72e4a8de7f769a76d048b1407a00c1ac24997bf0684598c9bec1defe9f57c854516232d2f101e3724324142

memory/216-1259-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/216-1816-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/216-2386-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/216-2388-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/216-2392-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\Downloads\t.wry

MD5 5557ee73699322602d9ae8294e64ce10
SHA1 1759643cf8bfd0fb8447fd31c5b616397c27be96
SHA256 a7dd727b4e0707026186fcab24ff922da50368e1a4825350bd9c4828c739a825
SHA512 77740de21603fe5dbb0d9971e18ec438a9df7aaa5cea6bd6ef5410e0ab38a06ce77fbaeb8fc68e0177323e6f21d0cee9410e21b7e77e8d60cc17f7d93fdb3d5e

C:\Users\Admin\Downloads\r.wry

MD5 880e6a619106b3def7e1255f67cb8099
SHA1 8b3a90b2103a92d9facbfb1f64cb0841d97b4de7
SHA256 c9e9dc06f500ae39bfeb4671233cc97bb6dab58d97bb94aba4a2e0e509418d35
SHA512 c35ca30e0131ae4ee3429610ce4914a36b681d2c406f67816f725aa336969c2996347268cb3d19c22abaa4e2740ae86f4210b872610a38b4fa09ee80fcf36243

memory/216-2431-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/216-2432-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/216-2433-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\Downloads\m.wry

MD5 980b08bac152aff3f9b0136b616affa5
SHA1 2a9c9601ea038f790cc29379c79407356a3d25a3
SHA256 402046ada270528c9ac38bbfa0152836fe30fb8e12192354e53b8397421430d9
SHA512 100cda1f795781042b012498afd783fd6ff03b0068dbd07b2c2e163cd95e6c6e00755ce16b02b017693c9febc149ed02df9df9b607e2b9cca4b07e5bd420f496

memory/1740-2446-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/1740-2448-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dfcd07c3-fab9-40cf-89a2-a804a65756c3.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 dff816a48c76f455c6dd31289d52ffa3
SHA1 17b79e2a07d7942ab41a97c7c4e345b63e8af8f6
SHA256 7d7911ff08c73bac5f0bd7c46c1a7a87e3bc2f39adcd6676edd6958b00e60bb8
SHA512 d3ba31a283d75877e2005336f298459121db7c27c38f17b91e9c891257aa713f77370c1c46f3691bc4cd1c57c24726f5c87b4dded902c0932443ac1d06c2b5e5

memory/1740-2466-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/216-2471-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8376397f9cb92d7436112b63c145d01b
SHA1 900454e62d927fe16cf2ec08f5a1c895fc7eed3b
SHA256 175cc9e9208c38704b1f566fb549a8521133951956a7c4ae8a121ad6c3c96644
SHA512 4286facfef2c8fe732e5ecefa0ff87b6f53f8ec84b35298cdf0ccf0362c3041d115cbfa55f626cfb0e56a1077a44cf58c0efbf539572ee9b53815379ec5862e7

memory/216-2511-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1fe61e069f17f12b354e1503e78024dc
SHA1 26244a5a051815689c2637f7a041a3962efe5cc6
SHA256 228cffd0c98547fe71be4d80fd5e57be18b8895f76c62bc45533b2ffd3b0b2bc
SHA512 72f1abcbd84cf6e434b631253a806dcbf0674f135bcad974e54ed6452bd470848e105405fe1c207931dc01e4acc09ac936fec51d2e663f434055109193bb8156

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

memory/216-2547-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/216-2554-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5861ad782b5e5f786372ca894545d219
SHA1 168cf45ed0c9a83d28f3c5ee2c83892d9611e252
SHA256 2d009cc99e02a8561f7ce3207d99ea35451089220e07e2c308c1936dd1d34dc5
SHA512 2bc76cab90af488861325cb4907f1e36ce195138e641659e8697b87e3f2e0836528f1daa8d87855eb77d678654e7b40b42b027cfed0fe3c8405bc8cd8d0b5b01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4b095e88dbbbe42b3f8ec957d47e643a
SHA1 b90034900ac9981181ff920a4560c91a6345787e
SHA256 06ce6f15101cc85d72a6831df63aeded620e2079bb5c57e2d18180aa31deb920
SHA512 e5837a2fa2039b984f40fdd947ea45510ab586c32c3c14fa3c21255cab2b5db2c294a7019003c9b39d0941a1b80fb3e8d7396419fe9420bf7139ab4cda97ddd8

memory/216-2599-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a5075852-d562-4b59-9788-506d7e54e313.tmp

MD5 2ea6e8b41a6123949ca8dba7a27ba196
SHA1 3dac7e8855e69e29d48464048fec70337c4c4cbd
SHA256 70533e3331792c3c4f50b8edc5fb2cf37fc1df33803b4ab31f85451b90a24c68
SHA512 58313571600521784a42e0f840fbd4382fb379696855b9d173345db65e1aa2e5a441726e909068ae969934357011b886d3d684b89acd2f2febd929d212981184

memory/216-2661-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f46f381ba993f2a162e805eefa1d3197
SHA1 949e711b7d0d00ba6dd5b1b2a2eb5c189dc9f11b
SHA256 634b46c4294e100c2721662c3a24a438e61f46014e9d15aee8f71919325a586a
SHA512 9a31e9acfe0250a552e2bde9008d00bad0eb9f5f28a60e611d4ed0ca9de7e51fea28523f912561cc014abbb8e4c78c95be6fafd3fdd6d58f31a65b0aee8aa201

memory/216-2685-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 81cca180ed4045f667a12269a7e29e2b
SHA1 98b6314a0fe60fdf0b56b7705e1aa3368d0d3211
SHA256 b05540a4f5b770ee751c5c62b5e81a41530a9779ba6d470c18ce91d0bd87f6d0
SHA512 8245ea967bf893d7469ebffc9b7083f51f2a8c0c1f2f2bf03a5d4592b2e57facb6d68d930d0a2b59a6b91983137018474c14a4f0fd63efa746cfd9bfb294b565

memory/216-2749-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 15af3a014cb4c5d17bc45e235fbd37e5
SHA1 ce7c6fbf2e08685af60422c4085777f02f8163cf
SHA256 2d4d5effddd02041bcfc04396376ca51450cedbac32c7d538c424779e65602dc
SHA512 48cb277f1dc0583853606476323003a1877e73d9cade16454b3f4cc96cbba40137d1ac3d9ef479ebea9325f4bb0d7eeb4d82f8afb2d46c730cdfbae8ce381038

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b8ccf7976c26f0c513e804021464b602
SHA1 848a81acf8e9ae6dcf519bc0490d3c1c499708af
SHA256 4d1c4fefcbfac872107173f83f91331a2cb1116b174e6546789c466c214e4a89
SHA512 af437a772d144c6ee734f6ec0d93bf8815fddca40acf10a5d07269eadf5f3893d47f0c3e4cf03d978aaf88305111afefab743a6404ed7ea2a2e5c7a53e4890b2

memory/216-2782-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\Downloads\Unconfirmed 346348.crdownload

MD5 9c3e9e30d51489a891513e8a14d931e4
SHA1 4e5a5898389eef8f464dee04a74f3b5c217b7176
SHA256 f8f7b5f20ca57c61df6dc8ff49f2f5f90276a378ec17397249fdc099a6e1dcd8
SHA512 bf45677b7dd6c67ad350ec6ecad5bc3f04dea179fae0ff0a695c69f7de919476dd7a69c25b04c8530a35119e4933f4a8c327ed6dcef892b1114dfd7e494a19a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 93f9b9a10546873c60931df014e5337e
SHA1 ef7342f98c78d7792865b312cf0e1b5f93db8b9b
SHA256 864f0fc1db111efe65ec2a346c4a069f55b1fbf608499fdf9013deaf2525a8b3
SHA512 224769fdfe900e5ecfbb1187275baeaff8d9d69a3bcc84690442228fd38b4d1b810b894efa3acf86b3b994c29ffd26ff147e38a91714fe9a398ab1a8555bfee4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c654e86c7a436e9ab31456e0cbf41d49
SHA1 a74f12d4db69edd219bd8e91f5774bea441e8085
SHA256 9550b753b5c7122d5fe751005c246c05c2724ce42a690c32dcea6766fd9440ad
SHA512 5a0314def64057bf4a72360f60a2fc69ab8524555a49bb7934b9fcb1714e5c7bf7c36f47f88134ddc975e97628ae7a72e2b7a0a0dad0a9891219526c57f595a3

C:\Users\Admin\Downloads\Melting.exe

MD5 833619a4c9e8c808f092bf477af62618
SHA1 b4a0efa26f790e991cb17542c8e6aeb5030d1ebf
SHA256 92a284981c7ca33f1af45ce61738479fbcbb5a4111f5498e2cb54931c8a36c76
SHA512 4f231fc16339d568b5cf9353133aeae835eb262dab68bc80d92f37b43df64dce4fae0e913cbaa3bb61351a759aeecf9d280bc5779b0853c980559a654d6cca11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 15b89bdbe0d9619fd7b39221120cac11
SHA1 20efe7084726db8d0545914d33287f49442f5c66
SHA256 51f478dfdcdb77e73f326d95fdb13663142939444996d86d686dde0ffde5ae2b
SHA512 ff9694acc318d9954aaae03dcf35be41894a77f4c9ba90427b3d9dfe96cbbd3a90ae25e9b787fed6ad39da094bfcee4b930cbd1ac4b0aaa39e4a271ba8ad2060

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5bcce2.TMP

MD5 ba77b83a03bf319634ccb618893573bc
SHA1 8a352af8190c00f2d13e5a650fb65647e23fef56
SHA256 7bc6e1e76c80f724976282ac1b28eb9d248a90d0e0e67fbeffdbea986c51e449
SHA512 b7d79b102e0585e725e3de6850f3075a8beb2a910d5cbc76ab407461771c38854667efddff06999480c4b1333d163dd33a5bfeaddef743bfd9f35041c1f2c14c

memory/216-2840-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bb2de22a7f4a7db7a3a2e28e83afabfa
SHA1 ee08daa22e4014c2e6272e2a55efdbfa42a452e2
SHA256 ee3a21de5662dfd324322bf509a891c974d112f6d2f6fee205f31c86c36b07fa
SHA512 69cdde6a5654a3d201289cd488104ba694f6c0393274b09b7ed3f7c78292f2214621a9fc972433a0bdc699bc18afc4cc291b86257aa1ca02200b598d989ff6e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a91d61bd7ba5605d99eca6bd04d4260d
SHA1 7278987b5a84721e8db4d1fbf125dc35e4e0e2ec
SHA256 a1f69a085282ad2cde23f9c4221d4352a2abb4d05040ddf7b4c2b1ee13b1c149
SHA512 8bc8e61fe2db0e24f4975ebec6782e5dcc56099ac6b9f371628bf3cf8c2e9573206c88e8db2dc293da367e71e4c0676d7c7e18f7cdc4fe1e6bf13e35cf32b30c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 030b841c799486cd32ba9bb9f08dbf67
SHA1 2b732bb16a8635c7d24430578bad653fff32173a
SHA256 2b545e4b9b322383bddad9c1114b1c1e334f25cbc59ae56d0af3d07dc8d6764c
SHA512 6ac3d017e0a0514907fd8baedd94c29aa6b0337a743c746bfc58b4d956700a8db274d566fa5c76f83c3571721f6be3550e7cb96a7e3b9386e4e1686bc7fda4e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6c5b4205a10deaef12c2568c1d1de0fe
SHA1 f11360544b4784de6a64c9d7e5fee529c97055e9
SHA256 4d5362810493bd4bd5082ca514f961f04050b5d5b5c6e4da9266d43ea4f28b71
SHA512 0d95c987b3c4dc6bf691c80bba6d10c1bbb47e2bfc426e28828625ace46f20479fb2299e239a15ce4cccc31795d2647639d4277dd49b89358c1559d7e966f5f6

memory/3084-2988-0x0000000002120000-0x0000000002121000-memory.dmp