Analysis Overview
SHA256
1f55ed37f443441f832854493f3b658cd955e0abcc855e45bc950c80224c3b67
Threat Level: Known bad
The file gorilla-tag-monke was found to be: Known bad.
Malicious Activity Summary
Troldesh, Shade, Encoder.858
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Drops startup file
UPX packed file
Executes dropped EXE
ASPack v2.12-2.42
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Sets desktop wallpaper using registry
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Modifies registry class
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-04-18 14:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-18 14:36
Reported
2024-04-18 14:42
Platform
win10v2004-20240412-en
Max time kernel
376s
Max time network
299s
Command Line
Signatures
Troldesh, Shade, Encoder.858
Wannacry
Deletes shadow copies
Downloads MZ/PE file
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD51EA.tmp | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD5210.tmp | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Popup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Melting.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r" | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp" | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3198953144-1466794930-246379610-1000\{0605186C-C27A-4AE1-8815-A2FBB7371599} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3198953144-1466794930-246379610-1000\{375A6630-F49E-400B-8BDA-FA2A33E01C95} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3198953144-1466794930-246379610-1000\{82C85581-A14E-4169-87FE-D23DF779FD7F} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 508493.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 767409.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 346348.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 686490.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\gorilla-tag-monke.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa6eff46f8,0x7ffa6eff4708,0x7ffa6eff4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,3575286262104745068,964034606271252618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6632 /prefetch:8
C:\Users\Admin\Downloads\NoMoreRansom.exe
"C:\Users\Admin\Downloads\NoMoreRansom.exe"
C:\Users\Admin\Downloads\NoMoreRansom.exe
"C:\Users\Admin\Downloads\NoMoreRansom.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\NoMoreRansom.exe
"C:\Users\Admin\Downloads\NoMoreRansom.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa6eff46f8,0x7ffa6eff4708,0x7ffa6eff4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5092 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2208,7367982255137360773,3344840506055189892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6408 /prefetch:8
C:\Users\Admin\Downloads\WannaCry.exe
"C:\Users\Admin\Downloads\WannaCry.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 222861713451104.bat
C:\Windows\SysWOW64\cscript.exe
cscript //nologo c.vbs
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe f
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im MSExchange*
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Microsoft.Exchange.*
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlserver.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlwriter.exe
C:\Users\Admin\Downloads\WannaCry.exe
"C:\Users\Admin\Downloads\WannaCry.exe"
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe c
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b !WannaDecryptor!.exe v
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe v
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Downloads\WannaCry.exe
"C:\Users\Admin\Downloads\WannaCry.exe"
C:\Users\Admin\Downloads\WannaCry.exe
"C:\Users\Admin\Downloads\WannaCry.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\Downloads\WannaCry.exe
"C:\Users\Admin\Downloads\WannaCry.exe"
C:\Users\Admin\Downloads\NoMoreRansom.exe
"C:\Users\Admin\Downloads\NoMoreRansom.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6eff46f8,0x7ffa6eff4708,0x7ffa6eff4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6eff46f8,0x7ffa6eff4708,0x7ffa6eff4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa6eff46f8,0x7ffa6eff4708,0x7ffa6eff4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6eff46f8,0x7ffa6eff4708,0x7ffa6eff4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4352 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4300 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6024 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6372 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,15306624771277307207,11470807869281754684,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6716 /prefetch:8
C:\Users\Admin\Desktop\Popup.exe
"C:\Users\Admin\Desktop\Popup.exe"
C:\Users\Admin\Desktop\Melting.exe
"C:\Users\Admin\Desktop\Melting.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.shopify.com | udp |
| US | 8.8.8.8:53 | static.klaviyo.com | udp |
| US | 151.101.2.133:443 | static.klaviyo.com | tcp |
| US | 151.101.2.133:443 | static.klaviyo.com | tcp |
| US | 151.101.2.133:443 | static.klaviyo.com | tcp |
| CA | 23.227.60.200:443 | cdn.shopify.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.60.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| ES | 108.157.109.28:443 | static.hotjar.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| ES | 13.224.115.56:443 | script.hotjar.com | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.109.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.66.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.115.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 34.31.224.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.171:443 | th.bing.com | tcp |
| NL | 23.62.61.121:443 | th.bing.com | tcp |
| NL | 23.62.61.121:443 | th.bing.com | tcp |
| NL | 23.62.61.171:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 121.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.14:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 154.35.32.5:443 | tcp | |
| N/A | 127.0.0.1:57690 | tcp | |
| N/A | 127.0.0.1:57694 | tcp | |
| N/A | 127.0.0.1:57706 | tcp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 2.17.251.10:443 | aefd.nelreports.net | tcp |
| US | 2.17.251.10:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.251.17.2.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.155:443 | r.bing.com | tcp |
| NL | 23.62.61.155:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.155:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| DE | 131.188.40.189:443 | tcp | |
| US | 8.8.8.8:53 | 189.40.188.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | 137.71.105.51.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:63093 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| NL | 23.62.61.72:443 | www.bing.com | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.97:443 | r.bing.com | udp |
| NL | 23.62.61.88:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.61.62.23.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 2.17.251.5:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 5.251.17.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 864aa9768ef47143c455b31fd314d660 |
| SHA1 | 09d879e0e77698f28b435ed0e7d8e166e28fafa2 |
| SHA256 | 3118d55d1f04ecdd849971d8c49896b5c874bdbea63e5288547b9812c0640e10 |
| SHA512 | 75dce411fce8166c8905ed8da910adb1dd08ab1c9d7cd5431ef905531f2f0374caf73dedd5d238b457ece61273f6c81e632d23eb8409efbb6bf0d01442008488 |
\??\pipe\LOCAL\crashpad_4184_TUODHOVVROFMJVJK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e2ece0fcb9f6256efba522462a9a9288 |
| SHA1 | ccc599f64d30e15833b45c7e52924d4bd2f54acb |
| SHA256 | 0eff6f3011208a312a1010db0620bb6680fe49d4fa3344930302e950b74ad005 |
| SHA512 | ead68dd972cfb1eccc194572279ae3e4ac989546bfb9e8d511c6bc178fc12aaebd20b49860d2b70ac1f5d4236b0df1b484a979b926edbe23f281b8139ff1a9ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6ad2afc07ae574d6a090a48be0ebd25c |
| SHA1 | 05609ddb986026bef4dd578073e7c02dc1dbd3d7 |
| SHA256 | 07219484629d7c1ed27b81d0e349efdd9a73e22f5499722e950f9d7969cb57b3 |
| SHA512 | 24d910b8a341e263671446d8b2fb6da705f6b55d5edb98cfc3ce7730d32341339d19032e42063d209c2c19891bd1add136ebc638ae1d28cce2ca774feec9ee35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 60a42f4174335b68a269d19de6ae6c7e |
| SHA1 | 0558c17ce36a41741eea724c81ed97d58e94d7a7 |
| SHA256 | 9e1e0242dbb268048b2fc32fcd1ac7473da093fa566174b250454dfc566025f9 |
| SHA512 | bfe261119014bdd666e2293f2f01d85adb75740a4552df80d26b17cb01159945937fa8968de56a4207d9dfbe3cbbf512408194030da0313959a12554c04951a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 85b8abfb87498a117c6325dada2185eb |
| SHA1 | 26bdeda45f6bbcd432eb940a96a17049fd87a9fd |
| SHA256 | b4b8067fc2673e2c52ad893a83521eb0ee948ced03fd70f36176b31eef674944 |
| SHA512 | 38db3301a554b27aec4b6c0302fa777b3f8a32aecdc59b96a9286cc3adbb82f5877ffcecd52933f240340aeade4059e7a2f63edbb0a9d48a1f9f9258d06a93a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1b5caa951c52f86ecb28789d8c28f16d |
| SHA1 | ecf904d5ff541bb35989544f1ed5106c528659d4 |
| SHA256 | 7ffe5584bad6577de2aa54654748f938111e85e72c0b5a40b100d9fcd864be84 |
| SHA512 | bf67a64a6dca009c528ffbef001afec3fe1a6b670d3c4003bf78a68eca4a4052377ce77c336021106f93a6586cf8089e98dbc126a3acb0efc0f8da34c7aa6160 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1bd20d090b641f03335f15ee9fa3cbba |
| SHA1 | fde1f5084ce475397c002a3c42937551d2bd2f43 |
| SHA256 | 7191404f9421da1ff4d061c84bd1c6b7124e4874ce9c63fd6094199f7fbcbf79 |
| SHA512 | 210f3689b5753b2baf35b6dfd60504476a98508a56aecc073ab39673da78aec8aadd291ca9f14c7bef7a9f9381e5403ab16f3c600357bb9138e950a8cdda3adc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c13d.TMP
| MD5 | 0ee713a3c666b24c459844ab5ec1b7ff |
| SHA1 | 29f47190b8cb639c96302e12ddb15c9d211a9bff |
| SHA256 | bc1ba5ceb19c5f7b1275abf5b36096ffe630c6f94aea96916c1f41242299824c |
| SHA512 | c293a30217ab9d4447f710179c75cccb9b991b3a428550af8a989a06781f31330f00fc5f431db089ccf7744c94f0f4717e5ef033f9d0d9d396e7b591a21b1172 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7f841b08b4e557d243c096465ccb8a17 |
| SHA1 | 7a035f43b94a6dc6ea9fb7ec7932a7b2d6935b91 |
| SHA256 | 1c13054dbc6074b1df84ba58a7b2cbf27e9f08bcfb41b969a0f5cb28119419d4 |
| SHA512 | 682e1460a8d07bcbace188c0852d2ee908b950c84214ec5205607e724ebaa047ee5f508204fd277dcf0366728ffba3e7ad5f317d28780445a0e85e95d49944f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c51f0ca5caa76e29ee7c28682ae7d837 |
| SHA1 | 784f9894b1f6e208b595ec699c626d0db3ac9a29 |
| SHA256 | fe2ce4c6bfa1821ed286ae49784defc12524d74fad14bd13c633221c9f44bbe5 |
| SHA512 | eece1f746a6a8de82162171d71c614a15444df41462f09ec61d1efd5e9fdd0703b46b7ab019904115a2308ca6b934ff417cc5b179b08fa395eb99691968edc7c |
C:\Users\Admin\Downloads\Unconfirmed 508493.crdownload
| MD5 | 63210f8f1dde6c40a7f3643ccf0ff313 |
| SHA1 | 57edd72391d710d71bead504d44389d0462ccec9 |
| SHA256 | 2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f |
| SHA512 | 87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3eabf6b1354a82a9dd21c494a34c1645 |
| SHA1 | 325ccfe3059c3e87f242a82c5356717141deb352 |
| SHA256 | ae7bb012daa79af20662a183745312492ce2bff0a9b703c5625ae0860e0b70b0 |
| SHA512 | 26307f8df2b4b6aedab14dcdafe2b546255d58ffbc52de4246d6ec4d8a27dff61fe0b85d4beb26b745111e3794a7a2ff297bd7ea2bcfb06e1fc8bc65b7f545c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 910c74abcdf0cc47f552707c19525982 |
| SHA1 | 016d05b79af1975dbb7696d4ba772906dcf03759 |
| SHA256 | 5baea707376ae68c495908453050845a6a24ac7840031728d7b95bd5d9d16bfb |
| SHA512 | a1844a00b4dffe20f12a51c4476d99bd04cb82eceb8b51db4d0787893a36cd608cf185bedea90dbc38b356eceb41567e740a67562759675b4a9386f373855881 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 180049723d55afc2e1e4274112795935 |
| SHA1 | 480d8f5426cc72faf100b8263650ca9799dfdede |
| SHA256 | f1fc15246ffbc428ec7f35a1bfb2e13aefb9e7bad287ebaf726134896a9126d8 |
| SHA512 | 7c7887fff9fdc958ecf89e428ccad42a0f5c7ecb5b50c86e1671df5d77a1485eaceeefc7d38327f1f899ae5f7e786c93746b6e193a7e6d1ebb1e0a0781c0b69d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb690478e768ca973067448ec73d123e |
| SHA1 | cae825787abd1523d5220cfc0bb91c4e391af212 |
| SHA256 | f8137b1490db070fef0a0705f17a2db1f0399042f5c090ce789e98d2fb19289c |
| SHA512 | 9db66c4f856705801ced8cc1d8b38f21a5dd48750608817a0bb27d3e85e1b3d3b24d68734285cd620b45a245985f7f6f744cf1614155f79a1a9af35a6df43287 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c361a5fed0c84d16895890f6be62689d |
| SHA1 | 2d82c08755566c7c41aff8a5c1023dc2e481fc0b |
| SHA256 | 075947cbbc5471336db6e126ba9201e3903b4783189af8af5138ac728c56bc1f |
| SHA512 | ede72b56566a69ddacbf421ac40e8aeff345af08c29ac6fcb179c063b60af7bfa4e21d21ff20d3613e2f92151db48682e16a4765b6e72f1cc6925ce638dc4f5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 25372181091bf6cd0962fb52b6f6b370 |
| SHA1 | 9f4df64a8dc5cc48798edd8bbc8bdee843db4bf5 |
| SHA256 | f70be580f6b50d7a716a0bac2b0f3f847b95cef9f95d822c316aef2cffbd5b3a |
| SHA512 | a43482d5a01ef859d9ca43340a17acf2437e2ce5168c06f2c7bc80ba97eae210cd4bee1953d0d58fdf47dea4bc84d863dd53ecee87c8be0aefb21ec2f0cd5b4d |
memory/216-610-0x0000000002390000-0x000000000245E000-memory.dmp
memory/216-611-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/216-613-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4804-612-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/216-619-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4804-620-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4804-618-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/216-617-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4804-625-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/216-624-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/216-628-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4804-629-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3592-633-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3592-634-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3592-635-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1d8405c01b37d370a7bf2f19be36c61b |
| SHA1 | 3c376dd3c17a44bd005d9bc36390ac4154fe4b6f |
| SHA256 | 0edc81d93878a2cfb436b691562605875e21c873e976f3e3121cf6f91258ca74 |
| SHA512 | 8cb3134185bc07bff94b61f106bb4624f28d88ea50c3d42d96fe2df2b2d740cebbf8d32d0bcdc809a338c9ae834cb2104ebdf101bb293cb6124a8d1d0b93225a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 7d24d100b8bf56dd30d059ed8316c083 |
| SHA1 | bbe3d675a57d0b328fde13a80696b8490c1689d6 |
| SHA256 | e6960ec80ccef389f752e83c9205f468e4bec9b0b34c08d33ddf703af578abce |
| SHA512 | ce7ca61ee72929bbe1f005786723702d620d8fdd7a5c085c9f6e51136ab8a3a0ea0da02425957837d474a20bafcbc61f62a2b60d6a07eee236146dfdd3427e99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 9695d07a7105f81f74cd007732767982 |
| SHA1 | bf112cfb723e73cefdf2e54dadd4094e1b3a8baa |
| SHA256 | 1dcc7d4371825686ee2da735b9b5c19c6957f6451f30dd0822e680ebe308cdfc |
| SHA512 | 5533784ab042503790d9f68682892acff66801767b7c8251e71f94304f2ed3efb354030681b1ef9cf15b08442554e0b20c5b761b612684dce68b3f8fb70a5444 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 0d10f0b26d22817931ef71a7d3394974 |
| SHA1 | 3ffa33b6f7a47569a7721f707f257bc199d72d23 |
| SHA256 | 898044bb053d270c5a474722543cab894c070fedda85fc00a029679e94b1ed31 |
| SHA512 | ea018c40941c3cd690e6ebfb635153f6ad24250e035aed1783bdcdcd8329342fb24158f9db12d492f2d42e08b3151da3aa8c11bc26e8b4bb45f15e503a480c10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 49ad43550b3a52026a39d53522cd3395 |
| SHA1 | 86e485b97d2e3f2ab8a8bc93bafd7aeac701ee4c |
| SHA256 | 9830f9b6d4c62488f91391ccf11c0bac78248bdb3bb7cbff12d87f52e55ead86 |
| SHA512 | e2c174429785d2529d5c705d51ca64e4bdaf64e037b08efe290e8031e149af82178828c9c67d65ba0ff1e9a7d1f7bf713d8a2d1fc98f8b880916e180b982bb22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | d108cf46288b59f52f6bfcccf19f1262 |
| SHA1 | 460b311c46e241d8fd4ea60234669a20d53408a5 |
| SHA256 | 4616aa26e0b2d8f437a20712abe20f151c3c0161afe1e1e8f180780b85308b4d |
| SHA512 | 9f3ab9d2bcf1bad7b05efbc6d2efcd7764dcddcff2c804a499e9dc6725f2b49bde775da8ed8ec7c706f9f2bdfb974ad4ad53d4794b1968fee0e6128926f94678 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | 233998e6b328be0c46793d7d918a2e86 |
| SHA1 | 2d36b3b134a4058c15f700bb22b8a6e74fdc487e |
| SHA256 | 046389f4f07fc98b3331bb23fa2dbe2d9a2ce4457140b042e26d96e8934b9e0f |
| SHA512 | a7d70d9df9bfd4381e884ba3a822f09fb5e8617959f91c94cf1fd6b04e3f4f2c4e53ad61065858007da195e7311ed47f0024745d407f04936723a64de7ea5c5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | d56689d49423f79fe716189bb242c32a |
| SHA1 | d0f3352fe1a980c7f8d413e0a58688f561f6dabf |
| SHA256 | a9163fd035046330430328fadc480b8e02d7a9adfbf19688979ff0d48d1ff34d |
| SHA512 | 8de94d530666f5e69d01e6f218ef86b2e163330b121828f46da667d2c7e366c30d08443789039d8d209b5834fbfb9fe698d11e8cce645070e3c53eecfc5794fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 5964a50dd632fb1666b3918a012cf2a8 |
| SHA1 | 200580ff4eff7af1b91308e2f2881c486561971c |
| SHA256 | 37104d12f3273fe7cc6299e08d3afe7865ee3242da2b7c7b1a5b7bff317d56e3 |
| SHA512 | f89a805405a4fb74c8a9f7e4eb7b4977e0ec56d1b9e57a00af420f6b5b6fb9af01537cf96c6d72580ff149cb04db249de850c3c75516ad8b0f80ab09bac93e42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13357924595336437
| MD5 | 9e78161aaf01b44ff1d5aa6f4513af28 |
| SHA1 | e0e803b812735db5ad6d82ebc7870df917f5f4a5 |
| SHA256 | 30c63bdb69c1dc3f82d1e48d0cbbc456fb70a8410fa16bb62e9386c666885191 |
| SHA512 | a0924f324897622f0bad3390bbbfbb99ad23016f1adb5a622fa4f3d15359e37462e3134c8e2e41cacc04b2bdceb63242f5a8b7ef0845409c5ecc613b4b5e07e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7d31ccc78a52f91feb43e9428849f24e |
| SHA1 | b2274f2dfd3cc72c040ecff58a043a4f29b2c9fa |
| SHA256 | 3a568c978c59f5b62fd3ab1f31a7e745b66b8972094cbf44562a5896072971c6 |
| SHA512 | c2b075132fa9ea946b5c61a1922d750c69287ba55511590cfe091b17510f010c201dcaee9c0f65bfb283f205bb1abee1ccbef1d1669f5d0bfad8bace9a095a1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 6465fdb2d40df13dd56e4102ed90646c |
| SHA1 | 6c3b4786ce727a3a54bdcfb4b6b3515af3d11289 |
| SHA256 | 55394396d12ca23bb806bc8833176cf269f50ae952b5f5e80babb1646e5a0560 |
| SHA512 | 96a448454927e95e894e39d2911d1d7499fff34acda15b42c788121c137c2cd350408c2127809d68d42293e1711ae11226699b7fe2b911a021c41590c7fa2e0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 69f9e26b09c5f618d43e4089baf23d34 |
| SHA1 | 373cdeeed291187ea246cee81b1c10f88ebd7c6f |
| SHA256 | 826bb6e27f6af57ca2ae148645501650e4d2138e65f3fef7a4d00dc9727924d8 |
| SHA512 | 331605a838ff144c1d75e4ed9c05fd78d1b05f69996ab0609bdf3e9b8a35abfa520012deb0e97001cb1dc08b7dbdee753864508d19567e0c58614973fb03fe3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | d001b12f46979a996afc42e795a0fcc0 |
| SHA1 | 50774552bc873ff17b83cf1f660f40adea70c145 |
| SHA256 | c7d15886b85c804e69bd2d4f9ea5cb708ac5cc99e7cbd02e858f123df224e536 |
| SHA512 | 90ffd47aa43f1ded990c42549c0a122e449cc7bcfa28e1352b3f49c85798ded1b06fa610a12e581b805bf70671fe1d110896261460fcbe7279231fe2a193d526 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | a41f80545deb6750463e638e2a261a5b |
| SHA1 | b7d960e92f46e1647e250e76bb16a33325c41bda |
| SHA256 | 3e276454fa04e4201b3fc6feca5aacab49edec513994b834a71602f129bef467 |
| SHA512 | 29189d8730cc09e1ab63bc6c820a2fa5a54717808d65bdb736492ccd619f6a3c69c03bcb7d89d70ba1d67c00c0919b91ae67e6e3fbbe2224313db5a0c9c2ebe8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | c80aac81c0058e2f6e2a1a3eca8ddd2a |
| SHA1 | ed9e93ebc9a4f0ce1d253e1b43d6fc56498e1704 |
| SHA256 | 5e1dc64ee579bf7dce29f096253068ec27f5ff4df353baf5dceda9ec707d34e7 |
| SHA512 | 163ccf8a3d34a6cf6dbd99d949eabd13afa75679471b60a183e3ac8f0b4e5b307549d61006fdce20cc02d68d203b1d24035881d75017c7e22dffe3e09ff73797 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 41a07d56560dc2c0939e463ed06e6d70 |
| SHA1 | 61c3ded6c976c6a2ee6677235e34fb18722f5b75 |
| SHA256 | fd3aa949b3d5c1a931b12a2330cd24a82774bc488606cfe8730cd818514c9c2d |
| SHA512 | c1130e6000a453430a094f88313f6327faed46e8c51cc717b8bb0fd16db20198c0d0e8dab3499dbf5ca8537987764438007f0a757b2a7e2f15ccc76f43a0a01e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 422433613d3d3669ef12c6de50d9d9cd |
| SHA1 | 9b3c91e4c1193be8453b96c6575746ee4beb12f1 |
| SHA256 | 35c71a35adef7a7c46be81aa9a4b5b414abe05cc551a0af4c650353fb92f2a65 |
| SHA512 | e70afb3397d547fbcc8a69b25fa299f8e777bdf085a2041d2366f29ddc143d8de40ddc75e0e3261e12d6b150e470a7eb5d6a266ddc99c99b55cdf56b0538c868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 7e8c540752910773c2c34112f0bdd8c2 |
| SHA1 | a8a729caa9f2ba659c172ed755eb5d0bff01428a |
| SHA256 | 9064aa21e89dec340b2cde1192e0dafa49ceac862ccdf3a3813ddcf50c9333d0 |
| SHA512 | aa7cd216e1bab07f3ce2128ff41b154493641372118ea813cc91bb0a367b1904e172dd5acc1d394894152b9954b762bef7ac5fb0e49af0b142553a601cf8c87b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 68fd0a9bc90c3ddb0e85564dca8c7404 |
| SHA1 | 95a0cbedb1ed7895eb54fb79a21d3195233229ca |
| SHA256 | becf4811a8c43d7a6185def454b24e2d3409b5c97ead70e97e068c16aa3e5cec |
| SHA512 | 29555acee73b770f0f72bdb281a2c894b2d19702695d1363580279fd157c5b02741a23cef6269ecea0a54d96b70e7e8635d88f85e3c33e8ffb13c8474d33211b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | f4f24bcbd712b96d5450db4e5dbba9af |
| SHA1 | a369e36e9f9305cf8726f2512f07978b8cfa9939 |
| SHA256 | 98aaf7ed3ff3d51ab0c22f381e334be81b401c8b3194e9ab0edd13a9a65eb598 |
| SHA512 | d5feb789169d62990040e7a4438a3e0b09d445ece82fd2223f62c9c4ed35395b94eee3d64a1d6583e584ca3793b4ec3e4d19213b5afa7751e99f996e4cf29759 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a25aded32464ca9a7a58524519b1db60 |
| SHA1 | 3bb53da149b00f8a1a8b696c63b046ffdffebd6f |
| SHA256 | 5fe0a3a1de4b73e324414a1b2cf741af36ceac39ea895cf94fe88dda6b96757e |
| SHA512 | 5632643e871deabf0cf6b6993c8e4e38122b31c7a9c94c174303a19b261340fd469600fa681917cf33cafc62163ae76682c32ca81ea4d6bef0023ac0468d28a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | f4adf25871a88c1ce5b55e13ee938629 |
| SHA1 | 1306a0ed8ca38790871ffa7e75e733ca8b925091 |
| SHA256 | 3c842bfb0c6f4b65316be981f7b527146acaaf2c18e690774fab3e081394a253 |
| SHA512 | 5777e073bf36e80833a41be086d685ee80a3938cba33b19666c3b568cbe7abd0157d0ac1538be3ab01ceb0a3380992d9a0a9e89af488d5da3a607e83020c726f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 6eb0a418b78a2aae650e0f8cce66d0e6 |
| SHA1 | a1218de76f9acbc721484321daf07b4f66050cfd |
| SHA256 | 4ee7fe436e2248ee66db378d393d62006d9c8ed6e5b5fd1d76c0c665dec5fe6e |
| SHA512 | 07b13002e3a9ea07b36eed63c9b48582f0c75522b70851b318c5ac87869c2583f3e4353855e1fb4d3b138fb7fd8052be2b88de9889c3e5b3292063fa0ca02b3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 1b075ed2567978763c8b5e1bca5034c3 |
| SHA1 | 2c536620242f53a6a61ac12e86a46c098c809a98 |
| SHA256 | 663e0021ad684033958373ad622c7049483ee2a9f15ff16a70c767d81b8bcf43 |
| SHA512 | e5bf293f68d9faac4dcfa02ef832dfec09bc21847906e8dab99c8b70f438a36ace84b7ea256348c0139b31e432b2c38a7be68cda167263d3d9689d18ef6d7f6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | e587f67d71a9eb3397d7f15003fb2b19 |
| SHA1 | 2115ec0f27b8b0a825497681a6bbc704927950d0 |
| SHA256 | 1c70d3097594aef5e83e39e32693ee40b6f9f018b79b2e7aef8e108c742f7f4b |
| SHA512 | e57929d75a516b667b7621513158c9a17b9089f5e232bb50e2875555dd4d223db51ae6178c87bceae64a318851b7f091298cb5f641a07d19e9538e96f31d3574 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 765bbf54da0de2c34df8c7031e31dd5c |
| SHA1 | 0ebfc23329c6a84cc8419b37bde2d8aa10a22c4b |
| SHA256 | d843fa53226213c23888af9e1acbc304802407e5d67b1d8f980c5be7b5acd78c |
| SHA512 | 61c3449addcb339cf90b3a62414d582dfaf70d5769dc612dc0e1455413edb4c32a9862f7fdcc2b72c8af5ee1e4efbddd7d616f46cce5e15fe7b58f9f3aba5aa5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | c95b9dbd44022967765cbedd147b6914 |
| SHA1 | a21563f270a4d489b8b2fa43e0c0741ddd32a7c5 |
| SHA256 | f85cd893e777805b3fcd8a7aa0fc564ebf60c4f54e404ecb9fd9f2b11a18d4f6 |
| SHA512 | 9181d9808cca1c0424df3a6219bd31d4a42caf9f4529c9edd78767e062b23d8fca891dc66833af13d140100efe7a53017f3848b954dccb5008774efda7389279 |
memory/3592-689-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/216-692-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/216-700-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6af3c7a950726ce36a74e81737c73f54 |
| SHA1 | 36bf86a9590240df79d5f51122ad3d127f4a0a4a |
| SHA256 | 5269e12f6c4fd1f712db6c5db2919758a142118cda048413d7a3d336bbd6ca24 |
| SHA512 | 3ac7aecf8035bbe77a49363fe6580fe2a9522175202f7fb11ab317bf5fd8b7984cd31bb844c9af4ca00e19a5af571839a9836708a58ce17c1a2c1af25e110e7c |
memory/216-864-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d3be7c4745a2d2ba34f649a71af6da23 |
| SHA1 | e23fe60612d2f62eca67d3428bcca6632a540e1a |
| SHA256 | df602108636fc486c50d990990e9d4aa7527c764ad79273cc865ecc384708cd2 |
| SHA512 | 77312baa6ef548d6a188cd5c7f4e067a536d0659d11d1f3ab0d2273584f6a27956692ab99bd9943c1cdd8349234c5386e02c31c32f8b3b3db4a06d3cfcd0d606 |
memory/216-891-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c62134a0a8a44f9240f6fae0fe4a07de |
| SHA1 | fe8ef6993492791f9189dac7a727b061781dc431 |
| SHA256 | 0d1f42ded2cc547e472213c5f4708b29f5c691167fba9e94f2501e955d90bd61 |
| SHA512 | 67f1801476c36a3fce1f4b46d31bdf5584e508dc11162cd4e2f83c6adac21a0e888f897f4e3d6de9a25b5264d043f2eb1dae460e0d0e6b428248153e230f06d9 |
memory/216-923-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 767409.crdownload
| MD5 | 5c7fb0927db37372da25f270708103a2 |
| SHA1 | 120ed9279d85cbfa56e5b7779ffa7162074f7a29 |
| SHA256 | be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844 |
| SHA512 | a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206 |
memory/2520-956-0x0000000010000000-0x0000000010012000-memory.dmp
C:\Users\Admin\Downloads\u.wry
| MD5 | cf1416074cd7791ab80a18f9e7e219d9 |
| SHA1 | 276d2ec82c518d887a8a3608e51c56fa28716ded |
| SHA256 | 78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df |
| SHA512 | 0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e730b60b2d56fa7f2ea8a80e99c9e5b4 |
| SHA1 | b388d84eb75e6d20ccecec411bb0d27e174096e8 |
| SHA256 | 889a957d4f3034207064a4a445a9a090ce22439df87193e14e370bfa7522d25b |
| SHA512 | e1b0d4ca4d5bd91cccbedf8deab006eba65733c9fe404d4c3d4e0f62d65fc4e29642b095e2500bf462ab64806f33e2dd265078e38ec5d73c6824b567aade8f08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 893725c0825ccd2f04436054003b5ad8 |
| SHA1 | e1a4f3c4c00e83f4489247a3ece0c69854c2b2a2 |
| SHA256 | 8b0f57eadba5637c3678730bb26262c73d832299907279c39b1730182b76c726 |
| SHA512 | 97809c6730cfc1d9a254e2c9f92cd7a9559afed09504f7f712093babead67f37831c439ff2030c4822876592faa31e3abd3085ff692e4ec4c6532fffb07f2f87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 118d06c90b06f8e84ce20f24a618ebbf |
| SHA1 | 7f6eb894fb93c4d9b5b458cabcb6a7d5173b1a94 |
| SHA256 | 1675504be0ab01b5336eeb92a5b9a239f0f0a42c3106b24c80e43e0947c3e930 |
| SHA512 | 8b5a96540d5d335700e9af20544f630162e37642eefdd4b24e0a1a6bb7d6787a4ac2b9dbe1b683adf01a21033da04fad426f9d397f693ee81e451b5ce7311933 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ba0ad7d2-24c5-4039-89cc-4792bb318707.tmp
| MD5 | 3bc1813a8b8262cef28548a836aa6f29 |
| SHA1 | 9245068b13bfa68fb42e671b3949de8d7187b494 |
| SHA256 | 9297fd4ccaa7af488a03e5cc8ffac2bfc5ed8ab2a43b6ee7c5844bf02bd661eb |
| SHA512 | abeeb0dd5e8e3b0808faa0a5bf303e2f81fce0fc811fad97861f7518fd4f9642228f2e0eafbc8bde09606f4e2f204f0b3054c23933802c0d0ca05c269a3d2c54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | c31becbdef601cd66623bdd7da4f95ba |
| SHA1 | c74873895b209be1a7510d6f9c3e9a05d9f8e14a |
| SHA256 | 54d267215363dfa1b0f12a0b1cb2928d11110952f30e60fe4481cf62d9bad72c |
| SHA512 | 32f60e12e4057d4c281e3a9969c387bfec7d305b6966558b6c0b75e825ff62283ed4dbed577fddc168b6d56cc77da0809787dadd40f7830510076caf51a19c86 |
C:\Users\Admin\Downloads\!Please Read Me!.txt
| MD5 | afa18cf4aa2660392111763fb93a8c3d |
| SHA1 | c219a3654a5f41ce535a09f2a188a464c3f5baf5 |
| SHA256 | 227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0 |
| SHA512 | 4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b |
C:\Recovery\WindowsRE\!WannaDecryptor!.exe.lnk
| MD5 | 2657c2363fec4b4389fb9c567c2d525b |
| SHA1 | 47bd0f5128c4bffd9d57f9b3586ea974e9b517bb |
| SHA256 | 806096f197bda437558a95a1b1ceabcdf6c239937f3ca3ceb8eeda7b0eeda27f |
| SHA512 | 6c29431d7c6532a2eed217fb5971646421b2f6acd72e4a8de7f769a76d048b1407a00c1ac24997bf0684598c9bec1defe9f57c854516232d2f101e3724324142 |
memory/216-1259-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/216-1816-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/216-2386-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/216-2388-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/216-2392-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\Downloads\t.wry
| MD5 | 5557ee73699322602d9ae8294e64ce10 |
| SHA1 | 1759643cf8bfd0fb8447fd31c5b616397c27be96 |
| SHA256 | a7dd727b4e0707026186fcab24ff922da50368e1a4825350bd9c4828c739a825 |
| SHA512 | 77740de21603fe5dbb0d9971e18ec438a9df7aaa5cea6bd6ef5410e0ab38a06ce77fbaeb8fc68e0177323e6f21d0cee9410e21b7e77e8d60cc17f7d93fdb3d5e |
C:\Users\Admin\Downloads\r.wry
| MD5 | 880e6a619106b3def7e1255f67cb8099 |
| SHA1 | 8b3a90b2103a92d9facbfb1f64cb0841d97b4de7 |
| SHA256 | c9e9dc06f500ae39bfeb4671233cc97bb6dab58d97bb94aba4a2e0e509418d35 |
| SHA512 | c35ca30e0131ae4ee3429610ce4914a36b681d2c406f67816f725aa336969c2996347268cb3d19c22abaa4e2740ae86f4210b872610a38b4fa09ee80fcf36243 |
memory/216-2431-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/216-2432-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/216-2433-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\Downloads\m.wry
| MD5 | 980b08bac152aff3f9b0136b616affa5 |
| SHA1 | 2a9c9601ea038f790cc29379c79407356a3d25a3 |
| SHA256 | 402046ada270528c9ac38bbfa0152836fe30fb8e12192354e53b8397421430d9 |
| SHA512 | 100cda1f795781042b012498afd783fd6ff03b0068dbd07b2c2e163cd95e6c6e00755ce16b02b017693c9febc149ed02df9df9b607e2b9cca4b07e5bd420f496 |
memory/1740-2446-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/1740-2448-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dfcd07c3-fab9-40cf-89a2-a804a65756c3.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dff816a48c76f455c6dd31289d52ffa3 |
| SHA1 | 17b79e2a07d7942ab41a97c7c4e345b63e8af8f6 |
| SHA256 | 7d7911ff08c73bac5f0bd7c46c1a7a87e3bc2f39adcd6676edd6958b00e60bb8 |
| SHA512 | d3ba31a283d75877e2005336f298459121db7c27c38f17b91e9c891257aa713f77370c1c46f3691bc4cd1c57c24726f5c87b4dded902c0932443ac1d06c2b5e5 |
memory/1740-2466-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/216-2471-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8376397f9cb92d7436112b63c145d01b |
| SHA1 | 900454e62d927fe16cf2ec08f5a1c895fc7eed3b |
| SHA256 | 175cc9e9208c38704b1f566fb549a8521133951956a7c4ae8a121ad6c3c96644 |
| SHA512 | 4286facfef2c8fe732e5ecefa0ff87b6f53f8ec84b35298cdf0ccf0362c3041d115cbfa55f626cfb0e56a1077a44cf58c0efbf539572ee9b53815379ec5862e7 |
memory/216-2511-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1fe61e069f17f12b354e1503e78024dc |
| SHA1 | 26244a5a051815689c2637f7a041a3962efe5cc6 |
| SHA256 | 228cffd0c98547fe71be4d80fd5e57be18b8895f76c62bc45533b2ffd3b0b2bc |
| SHA512 | 72f1abcbd84cf6e434b631253a806dcbf0674f135bcad974e54ed6452bd470848e105405fe1c207931dc01e4acc09ac936fec51d2e663f434055109193bb8156 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
memory/216-2547-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/216-2554-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5861ad782b5e5f786372ca894545d219 |
| SHA1 | 168cf45ed0c9a83d28f3c5ee2c83892d9611e252 |
| SHA256 | 2d009cc99e02a8561f7ce3207d99ea35451089220e07e2c308c1936dd1d34dc5 |
| SHA512 | 2bc76cab90af488861325cb4907f1e36ce195138e641659e8697b87e3f2e0836528f1daa8d87855eb77d678654e7b40b42b027cfed0fe3c8405bc8cd8d0b5b01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4b095e88dbbbe42b3f8ec957d47e643a |
| SHA1 | b90034900ac9981181ff920a4560c91a6345787e |
| SHA256 | 06ce6f15101cc85d72a6831df63aeded620e2079bb5c57e2d18180aa31deb920 |
| SHA512 | e5837a2fa2039b984f40fdd947ea45510ab586c32c3c14fa3c21255cab2b5db2c294a7019003c9b39d0941a1b80fb3e8d7396419fe9420bf7139ab4cda97ddd8 |
memory/216-2599-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a5075852-d562-4b59-9788-506d7e54e313.tmp
| MD5 | 2ea6e8b41a6123949ca8dba7a27ba196 |
| SHA1 | 3dac7e8855e69e29d48464048fec70337c4c4cbd |
| SHA256 | 70533e3331792c3c4f50b8edc5fb2cf37fc1df33803b4ab31f85451b90a24c68 |
| SHA512 | 58313571600521784a42e0f840fbd4382fb379696855b9d173345db65e1aa2e5a441726e909068ae969934357011b886d3d684b89acd2f2febd929d212981184 |
memory/216-2661-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f46f381ba993f2a162e805eefa1d3197 |
| SHA1 | 949e711b7d0d00ba6dd5b1b2a2eb5c189dc9f11b |
| SHA256 | 634b46c4294e100c2721662c3a24a438e61f46014e9d15aee8f71919325a586a |
| SHA512 | 9a31e9acfe0250a552e2bde9008d00bad0eb9f5f28a60e611d4ed0ca9de7e51fea28523f912561cc014abbb8e4c78c95be6fafd3fdd6d58f31a65b0aee8aa201 |
memory/216-2685-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 81cca180ed4045f667a12269a7e29e2b |
| SHA1 | 98b6314a0fe60fdf0b56b7705e1aa3368d0d3211 |
| SHA256 | b05540a4f5b770ee751c5c62b5e81a41530a9779ba6d470c18ce91d0bd87f6d0 |
| SHA512 | 8245ea967bf893d7469ebffc9b7083f51f2a8c0c1f2f2bf03a5d4592b2e57facb6d68d930d0a2b59a6b91983137018474c14a4f0fd63efa746cfd9bfb294b565 |
memory/216-2749-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 15af3a014cb4c5d17bc45e235fbd37e5 |
| SHA1 | ce7c6fbf2e08685af60422c4085777f02f8163cf |
| SHA256 | 2d4d5effddd02041bcfc04396376ca51450cedbac32c7d538c424779e65602dc |
| SHA512 | 48cb277f1dc0583853606476323003a1877e73d9cade16454b3f4cc96cbba40137d1ac3d9ef479ebea9325f4bb0d7eeb4d82f8afb2d46c730cdfbae8ce381038 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b8ccf7976c26f0c513e804021464b602 |
| SHA1 | 848a81acf8e9ae6dcf519bc0490d3c1c499708af |
| SHA256 | 4d1c4fefcbfac872107173f83f91331a2cb1116b174e6546789c466c214e4a89 |
| SHA512 | af437a772d144c6ee734f6ec0d93bf8815fddca40acf10a5d07269eadf5f3893d47f0c3e4cf03d978aaf88305111afefab743a6404ed7ea2a2e5c7a53e4890b2 |
memory/216-2782-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 346348.crdownload
| MD5 | 9c3e9e30d51489a891513e8a14d931e4 |
| SHA1 | 4e5a5898389eef8f464dee04a74f3b5c217b7176 |
| SHA256 | f8f7b5f20ca57c61df6dc8ff49f2f5f90276a378ec17397249fdc099a6e1dcd8 |
| SHA512 | bf45677b7dd6c67ad350ec6ecad5bc3f04dea179fae0ff0a695c69f7de919476dd7a69c25b04c8530a35119e4933f4a8c327ed6dcef892b1114dfd7e494a19a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 93f9b9a10546873c60931df014e5337e |
| SHA1 | ef7342f98c78d7792865b312cf0e1b5f93db8b9b |
| SHA256 | 864f0fc1db111efe65ec2a346c4a069f55b1fbf608499fdf9013deaf2525a8b3 |
| SHA512 | 224769fdfe900e5ecfbb1187275baeaff8d9d69a3bcc84690442228fd38b4d1b810b894efa3acf86b3b994c29ffd26ff147e38a91714fe9a398ab1a8555bfee4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c654e86c7a436e9ab31456e0cbf41d49 |
| SHA1 | a74f12d4db69edd219bd8e91f5774bea441e8085 |
| SHA256 | 9550b753b5c7122d5fe751005c246c05c2724ce42a690c32dcea6766fd9440ad |
| SHA512 | 5a0314def64057bf4a72360f60a2fc69ab8524555a49bb7934b9fcb1714e5c7bf7c36f47f88134ddc975e97628ae7a72e2b7a0a0dad0a9891219526c57f595a3 |
C:\Users\Admin\Downloads\Melting.exe
| MD5 | 833619a4c9e8c808f092bf477af62618 |
| SHA1 | b4a0efa26f790e991cb17542c8e6aeb5030d1ebf |
| SHA256 | 92a284981c7ca33f1af45ce61738479fbcbb5a4111f5498e2cb54931c8a36c76 |
| SHA512 | 4f231fc16339d568b5cf9353133aeae835eb262dab68bc80d92f37b43df64dce4fae0e913cbaa3bb61351a759aeecf9d280bc5779b0853c980559a654d6cca11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 15b89bdbe0d9619fd7b39221120cac11 |
| SHA1 | 20efe7084726db8d0545914d33287f49442f5c66 |
| SHA256 | 51f478dfdcdb77e73f326d95fdb13663142939444996d86d686dde0ffde5ae2b |
| SHA512 | ff9694acc318d9954aaae03dcf35be41894a77f4c9ba90427b3d9dfe96cbbd3a90ae25e9b787fed6ad39da094bfcee4b930cbd1ac4b0aaa39e4a271ba8ad2060 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5bcce2.TMP
| MD5 | ba77b83a03bf319634ccb618893573bc |
| SHA1 | 8a352af8190c00f2d13e5a650fb65647e23fef56 |
| SHA256 | 7bc6e1e76c80f724976282ac1b28eb9d248a90d0e0e67fbeffdbea986c51e449 |
| SHA512 | b7d79b102e0585e725e3de6850f3075a8beb2a910d5cbc76ab407461771c38854667efddff06999480c4b1333d163dd33a5bfeaddef743bfd9f35041c1f2c14c |
memory/216-2840-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bb2de22a7f4a7db7a3a2e28e83afabfa |
| SHA1 | ee08daa22e4014c2e6272e2a55efdbfa42a452e2 |
| SHA256 | ee3a21de5662dfd324322bf509a891c974d112f6d2f6fee205f31c86c36b07fa |
| SHA512 | 69cdde6a5654a3d201289cd488104ba694f6c0393274b09b7ed3f7c78292f2214621a9fc972433a0bdc699bc18afc4cc291b86257aa1ca02200b598d989ff6e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a91d61bd7ba5605d99eca6bd04d4260d |
| SHA1 | 7278987b5a84721e8db4d1fbf125dc35e4e0e2ec |
| SHA256 | a1f69a085282ad2cde23f9c4221d4352a2abb4d05040ddf7b4c2b1ee13b1c149 |
| SHA512 | 8bc8e61fe2db0e24f4975ebec6782e5dcc56099ac6b9f371628bf3cf8c2e9573206c88e8db2dc293da367e71e4c0676d7c7e18f7cdc4fe1e6bf13e35cf32b30c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 030b841c799486cd32ba9bb9f08dbf67 |
| SHA1 | 2b732bb16a8635c7d24430578bad653fff32173a |
| SHA256 | 2b545e4b9b322383bddad9c1114b1c1e334f25cbc59ae56d0af3d07dc8d6764c |
| SHA512 | 6ac3d017e0a0514907fd8baedd94c29aa6b0337a743c746bfc58b4d956700a8db274d566fa5c76f83c3571721f6be3550e7cb96a7e3b9386e4e1686bc7fda4e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6c5b4205a10deaef12c2568c1d1de0fe |
| SHA1 | f11360544b4784de6a64c9d7e5fee529c97055e9 |
| SHA256 | 4d5362810493bd4bd5082ca514f961f04050b5d5b5c6e4da9266d43ea4f28b71 |
| SHA512 | 0d95c987b3c4dc6bf691c80bba6d10c1bbb47e2bfc426e28828625ace46f20479fb2299e239a15ce4cccc31795d2647639d4277dd49b89358c1559d7e966f5f6 |
memory/3084-2988-0x0000000002120000-0x0000000002121000-memory.dmp