Malware Analysis Report

2024-10-23 19:59

Sample ID 240519-rtzsqabg9x
Target StarStacker.bat
SHA256 f9bb53c79f60d12aff749aac505f9e5fe227e6d4325853ffa8d83f6f02809d6e
Tags
wannacry bootkit defense_evasion discovery execution impact persistence ransomware worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f9bb53c79f60d12aff749aac505f9e5fe227e6d4325853ffa8d83f6f02809d6e

Threat Level: Known bad

The file StarStacker.bat was found to be: Known bad.

Malicious Activity Summary

wannacry bootkit defense_evasion discovery execution impact persistence ransomware worm

Wannacry

Deletes shadow copies

Loads dropped DLL

Drops startup file

Modifies file permissions

Executes dropped EXE

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Sets desktop wallpaper using registry

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Views/modifies file attributes

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Modifies registry key

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Uses Volume Shadow Copy service COM API

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SendNotifyMessage

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-19 14:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-19 14:29

Reported

2024-05-19 14:37

Platform

win11-20240508-en

Max time kernel

427s

Max time network

441s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\StarStacker.bat"

Signatures

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD314D.tmp C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD3164.tmp C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qldcccqacubfvia654 = "\"C:\\Users\\Admin\\Downloads\\WannaCry-main\\WannaCry-main\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3433428765-2473475212-4279855560-1000\{1DDA32DA-68A0-459C-872B-ED7FF7BBBF3B} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3433428765-2473475212-4279855560-1000\{86B3D5CE-8BA5-46F9-81C8-6C8B87997DC7} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\You-are-an-idiot.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\I_LOVE_YOU-Virus-master.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\WannaCry-main.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\memz-master.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A
N/A N/A C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2812 wrote to memory of 4028 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\chcp.com
PID 2812 wrote to memory of 4028 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\chcp.com
PID 4336 wrote to memory of 3132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 3132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 2476 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 776 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4336 wrote to memory of 4232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\StarStacker.bat"

C:\Windows\system32\chcp.com

chcp 65001

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb843b3cb8,0x7ffb843b3cc8,0x7ffb843b3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4720 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\I_LOVE_YOU-Virus-master\I_LOVE_YOU-Virus-master\Love.bat" "

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,1244481922995120770,11058007342844432863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1232 /prefetch:8

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE

"C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 305231716129257.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected] vs

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "qldcccqacubfvia654" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\tasksche.exe\"" /f

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "qldcccqacubfvia654" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\tasksche.exe\"" /f

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Users\Admin\Desktop\@[email protected]

"C:\Users\Admin\Desktop\@[email protected]"

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ExpandWatch.m1v"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb843b3cb8,0x7ffb843b3cc8,0x7ffb843b3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,6090118210932696232,4870533197560079111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1

C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Clean.exe

"C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Clean.exe"

C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe

"C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe"

C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe

"C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe" /watchdog

C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe

"C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe" /watchdog

C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe

"C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe" /watchdog

C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe

"C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe" /watchdog

C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe

"C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe" /watchdog

C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe

"C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
N/A 224.0.0.251:5353 udp
NL 20.190.160.14:443 login.microsoftonline.com tcp
US 104.21.95.69:443 youareanidiot.cc tcp
US 104.21.95.69:443 youareanidiot.cc tcp
US 13.107.5.80:443 services.bingapis.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 140.82.112.22:443 collector.github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
GB 20.26.156.210:443 api.github.com tcp
BE 88.221.83.192:443 th.bing.com tcp
GB 20.26.156.215:443 github.com tcp
US 52.167.30.171:443 fpt.microsoft.com tcp
GB 20.26.156.216:443 codeload.github.com tcp
BE 88.221.83.202:443 www.bing.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:53067 tcp
NO 185.35.202.221:9001 tcp
NL 194.109.206.212:443 tcp
FR 212.129.62.232:443 tcp
FR 78.138.98.42:9001 tcp
BG 195.230.23.248:9001 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
FR 78.138.98.42:9001 tcp
GB 88.221.135.16:443 tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
RO 193.29.14.151:9001 tcp
FR 78.138.98.42:9001 tcp
N/A 127.0.0.1:9050 tcp
NL 23.62.61.194:443 r.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.194:443 th.bing.com tcp
NL 23.62.61.194:443 th.bing.com tcp
US 74.115.51.8:443 s28667145.weebly.com tcp
US 74.115.51.8:443 s28667145.weebly.com tcp
IE 2.18.24.8:80 apps.identrust.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 151.101.1.46:443 cdn2.editmysite.com tcp
US 151.101.1.46:443 cdn2.editmysite.com tcp
US 151.101.1.46:443 cdn2.editmysite.com tcp
US 151.101.1.46:443 cdn2.editmysite.com tcp
US 151.101.1.46:443 cdn2.editmysite.com tcp
US 151.101.1.46:443 cdn2.editmysite.com tcp
GB 142.250.180.10:443 ajax.googleapis.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 151.101.1.46:443 cdn2.editmysite.com udp
US 104.16.41.28:443 fast.fonts.net tcp
US 45.79.99.181:443 smweebly.pixelbits.io tcp
GB 216.58.213.8:443 ssl.google-analytics.com tcp
US 45.79.99.181:443 smweebly.pixelbits.io tcp
US 74.115.51.8:443 s28667145.weebly.com tcp
N/A 127.0.0.1:9050 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 23da8c216a7633c78c347cc80603cd99
SHA1 a378873c9d3484e0c57c1cb6c6895f34fee0ea61
SHA256 03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3
SHA512 d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e4bf11ed97b6b312e938ca216cf30e
SHA1 ff6b0b475e552dc08a2c81c9eb9230821d3c8290
SHA256 296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad
SHA512 ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c334efa2789277a51ee33ff41afde8d1
SHA1 6e77c4592a38fd4be7003cd9ae886572c620a735
SHA256 f39e843f3fda77c5f2e44b78e252bd16e47e0ceeeb20db8dd3ecbb820136d46c
SHA512 adb3bb376fa61482e9ecc549729bdefa107959d9f345abf54dd40057c6f1b8c478558cd3bce9befffef9502d0aafb0cdcc2ddfd3dc84bd929e2d02513d080654

\??\pipe\LOCAL\crashpad_4336_FCEDTOXHDBMHOBIC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bdcb558fdc4cac330c98af56e471a823
SHA1 09a2d10a6e2af1f6349d084c15fd2c5588b563cc
SHA256 04f6641db36e16f28117767075c995a88a05fef85fe6c5effc3a776227f3fb04
SHA512 a64be0523deffafec93307a6810dde0dfd3366373150fb0f03e2b25934929e8e5cf4104a328e4977293a95aa77bc61bf78356f4ef4ca4e2d497132e1cfdf0d6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f3e598f48c4a8a9cc2b25c9bcdb20094
SHA1 497f32dabf378838c45d95ea91993f98e69bbd91
SHA256 a0f2e3705870708774f8bebe14f8af5020df853f4c48c31b04259473bbbadfac
SHA512 d0eda2c0e89acd30dafd4a945d93acee064520345393470a5139c3e3c99a865469f508bb5e3187e435de8c72ca213ec20b2a0a26e898f6be85d56b453c8aaa25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 aac57f6f587f163486628b8860aa3637
SHA1 b1b51e14672caae2361f0e2c54b72d1107cfce54
SHA256 0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486
SHA512 0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 395699fc7fc3283d3bade75dbffa446e
SHA1 c9474c5a587fbd3a25c0992f1dfe7946e3b7abba
SHA256 a184c8951b524d5a22d7bca69a0d775523e8c095d158f80ac4415d87d17acd1c
SHA512 70749ca5fc0cc5b9b85d13ecde89ffffbc1af7b36a650be842ff303b0ed0ef49e8d9f3edb91324d42462446b882b2558abff235f42e300226e491432196ba8fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 153d9573f0f824b040ac13793d95e406
SHA1 f8a73c205962012c4fa5b93ccbc77d7b1be3b5d8
SHA256 c70c12b65715e837682baf0eea8ff99a7531d9036b0b5a9d640def85df92d016
SHA512 5e0f64f8d333be4fff5b869952fe18f3189d6af97bfce10aad8acae96153b790108351083f1b80c40d76cebdca35e5d7e0f3371c588a02c74e6ea0055a3d2b20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 62bc1f9d6f3afae94bf13c7cb48b38d8
SHA1 c4d5d6af95d04dc4d65a684d3a160c985bfdd25c
SHA256 b0d5b204f9889329497af2480623edab6c9fe759229e1a9460e9ea25d9bff554
SHA512 f2ff21c297d08f754ad72bca411cde396c08102c387409998c897044115db06c98ae759d7304e657cdc7b9ffe8dad1a728f303f5da7ed7dddfe6dd7663d63358

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0a1f20ddd49ddd8178c229b22eb7af3a
SHA1 a8ad97d1a9525698abd8a4d2d06b694f11afe4b9
SHA256 321673620d48133f94e4cce6a85aad173ff1049944f05a470d60436150b2cadb
SHA512 229a2ae730e34223b0240e39a6f1cc666adffefcf477133f9657c842555e9d4a4519cca0b56d260157ab8e9148e79c6fbd1cac764d656c999cf5ecdef36736cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cf27.TMP

MD5 7bf514246f349a66cb159532bffa39b7
SHA1 a9afa3491bca9a49682dbb43475759dd12904410
SHA256 9a99055ee0bc6eb8242c58b0b3f7afa453d69f54de9fc0540a2ebef2fd7323fc
SHA512 9dd332ef70a049d7b19edaf7a9138e786a282fbd59b0a6326f7cfa6f911a379cbe1d69b13bb0ed58be57e62988e1131a9c7e0b5e5a8bd7f7a5ab7680bc776b56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cd2a33fb952ac0450615f31887884639
SHA1 d8e0c482d7e80c7ecfe14943ebde499e0bd5fbd2
SHA256 2c187cafd19a138a442dd444ae2d39f116767e7c09a3787781977c96b22d711b
SHA512 a4062becc98324ae2faa4eb9bdd25396d7a747e0140b0b3f8819e0d9c190d45255656d8523c53b4d37b9264b9c3260c1b2ced9cc0363b3997bdb7d0f907d8128

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a5482b6ba8ec4c9d9bdefc67c36d34af
SHA1 94bcd4157d6e0f965c17fcb313cc5bce8ce7227c
SHA256 9ed62d2d4dab42fd3a9ad244096369498fdab246cc233ad9cf2c8972886bfc19
SHA512 ecbfce1d50d7bd6891ccf98973ad515fbcc6ff47fb7725ffa686485a2d2c9467daa8da4c867d5c2550ad1abacd36751ceec633faa5fc2f4d5b35e43f737d1013

C:\Users\Admin\Downloads\You-are-an-idiot.zip

MD5 4acd75f2bfeb99226a8c9cc721284208
SHA1 4c5fc527d8825952a6f45d4fcbab3bdb074e9713
SHA256 47dca4e070081df4b70053c858a851dbd720845d4ac579eb5e7334a44ffa16c7
SHA512 ba18b878ad12916ae75dd1f5fbee09bbdfef4776d243fa4e9d7b34a113978b529a242c66e868c52cbb0cab4198d0b356e83dc36355f9452e03e7fbd4e0f9f6e0

C:\Users\Admin\Downloads\You-are-an-idiot.zip:Zone.Identifier

MD5 d3792edef62b89e746bc9ffa0aa0a882
SHA1 92e12139bb1320428197734eeda9f2412922539a
SHA256 196d3b5df5e6a0a6bd7b7f368acc169d29c039bd87bf3620c4185ced6c498262
SHA512 35cec2edfe5564712c17dd7da2db55d8d11f3ad385946cf03185cd07e3f29a94a23d2705d4087bd467a389a784939e47e5088d6c3331d3f9b411921533f71abc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0385f250-34be-4b6b-a020-75276eaa9b0e.tmp

MD5 14bbebc7696aa9d84dac30146e0ab57d
SHA1 362a17e990308cba27ac57c27b95f625b82d05cd
SHA256 d94f82bfdecbbceda7111aa2a877be47085f43f3056ae66a324841c877524aeb
SHA512 cd9bf4489703a0d0c09f18c4f675331d4ad25e5561ce799cf64636894848d09345dfa42f685d3930aa4ee87381adf8e749af22e36d904c74f25967e4d9dbec52

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 704a380c1b554bf07294f1e85d73a855
SHA1 295b3fdde8660a67f3b55ed6e4e074d66eb9ea54
SHA256 f03f1d43f185aba6e8c66d786193f183d2fe151145cc3d2fbc9580d16190c18c
SHA512 55eed9fc0d1e235997dacb2823027e1e5fe17da942edd1c845e88c33568409b9e3fd2ceb6c6bb9e7b92b256e4567b9cf3e2a15a85bd8ef0ae46918aafcabf8ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e289450bd99f2d46941362a6cb564c83
SHA1 85f1b0c92ac275ae3b3fdedc02d62e7df2a3266f
SHA256 40dafa0b93c1bbbdb3070c0768bbc710e06a10dc015a1e5eb8d8d9f34de5f048
SHA512 4d3393bf0b4c7426eae409d914fc62e3381a1ad47a812b8543abfa2e8a784b44338009c180b3501fc14ec6472316e22f3f4f822ebbce602ed6933880c8d3167c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e6d0bcbb2b06c22f067ed0ddb7353d5e
SHA1 f8624e0162006d1ba7adc188ba3dc703e61d8570
SHA256 c0f647e54771bef232b97426a5db0b6f430e7be556d8622a000b8edd0478d726
SHA512 bfbcd2e78bde834fb2c5c66f208d5739f892e2b8268be5af884edb8e25b0d357e094cbb0dd47d06fabae16942400f3ac1a8ee56f4ad3d4ab3cd9a816dcd866f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3f0dbb9db3d3b5a234b5b98b381f3268
SHA1 365a0b2de9f531d124dc1399e40bbf6f8659a5f9
SHA256 91deddb934f5206b9adf1c1b2d45ec6da76e1b470bd40bc52794e465f3526494
SHA512 30344ca492a9afa7cbb70d3941f2af396d074350ca54fb9b167d5716baac0a240f4282bb3c072ffe80ec9f3ad24e3bde5fe9d2f2f66be6350613d8410d7252b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0d9970f16687833e76480b9ba269f96c
SHA1 4cb29ad1bf71fba77610f23c183918e8accd153e
SHA256 6553f905b9a47f230d8486239df78d90b9897f72245e37376a719cef3d796e25
SHA512 88461bff6c5c73f8f5b26fc3e048aac480175ab2b166d9ca562db13408706efad565a08aabe85af117986939a95f446238019519c5174aab252ad63b12b28152

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 cf989be758e8dab43e0a5bc0798c71e0
SHA1 97537516ffd3621ffdd0219ede2a0771a9d1e01d
SHA256 beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615
SHA512 f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 3cd0f2f60ab620c7be0c2c3dbf2cda97
SHA1 47fad82bfa9a32d578c0c84aed2840c55bd27bfb
SHA256 29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b
SHA512 ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 4d6a6ecbd761543a9254cf02ba54b5bd
SHA1 d9d60a7e95ad5bfda1dcc3b9e727f00ef96233f2
SHA256 1dfe7e01ac490cbc4c199ca23ddabdc07621c068168506c0919d533467cf9c63
SHA512 7cae1881672749259f62a971a95def889aed7f96ce37ea411e8d71e3ac3b788e037b50fb1c2a3ccfa4aae595a7361a1531ad3e1c57a1ac82c1a89091e38e00d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 af7d8a647b214da5d44b5fe6579f8479
SHA1 9da565337108d784e256ba49d571e42cb3b0bf15
SHA256 3d076852b1c1ea679db75b1a6eb8dbccfcb6e098e27d9a320fcc7e45055ced33
SHA512 6db60323a3dc10c9db590d7c7b9ea1dce1ee48e07523a71d36e2b3a35824f1b834b4d8e6cfb6f61d17ce0f6bb388ad6ccd2f0d3d117a2bbb737d73be9f177f99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

MD5 0121e29e215f62a5a1310c34cdc51878
SHA1 697e7a11c88049cec059b1cbc10e4759e6648fb9
SHA256 62c5ffe33f0cad3c4aebf3ad876f229ff9d969d9d4fd05cb90b71d14c765e0e7
SHA512 4324aaf21c5f45c9c1905d05682e0194730974ae37301ff786359aea4ad9f2750f9441cfdbead5e502428bf0108072cb0dde60394971e1f482ec2eacbca88d07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 f21b3c1293d566f2d9d0acb93789cc33
SHA1 c9831d750605b22f028ee3d62b09e21296607321
SHA256 502c383c0d67f5fbedee5fb4d69ad72ba3825ee9c65d5b3a2cacceb91cbe7ad5
SHA512 6197d09d22a4e76408cac26946c3f041ee83f0d0b1fc3e3f34f4b7abef63fc170dd4ebc5b3fe584dbdfe1c8cdc6b3545e40c42f1049829b2ce0ad8da3796d9d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

MD5 730e7ad0e50fcd658ac7ab8f1d93eab9
SHA1 f6830bdbecaf86b683e1a99fcad3049bddb94ea3
SHA256 f93a4bb015046ed1ce152f6e61f19610eb60dd0b4e1edc2132869db56fe945ef
SHA512 d7bd3421d4c1272fb8393ad593a523704307ac75bea504417c9f403abc2c11913811468ad244a945dd790e7f4591dd54fe6c4016aad210602e128d751ea450f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

MD5 d176b032d1b9c5a149cef78c6f23d393
SHA1 a01d649aa9447357de2c3e0c53d1c3cbc049abf0
SHA256 7672bfda59e304c5dd9aa9d4970f5c8d3df3d06edc471ffc2a2f2fe8a78ecbd9
SHA512 d6a0d419be1124f93f4c4658ce8ddabf15a16777e93adc6523268b292befb10745cde851b22ca682ba9776a4924899c0c4a40a210fe7555376d4d365d8c8b7d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 56f9f349d3c029b3020123410638c49b
SHA1 1fb03ac5b77ed44fe5cb0a5a21bffa793bd230de
SHA256 c810a629a27f12396aafd53fd1715c6f7be024485b87763988e53b7561e26ab5
SHA512 e3712fc491baf14f4523f92f4930cc37b617811ea4cbd141ab45dd230ae55f0e76b5de243c9c7a83de7a3aee9800c0e63af4402421130a50168cc6999dc868b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b2f11f3f15a5775_0

MD5 553b390e49cb94ff7eb7df2d6423d0da
SHA1 55d61e8ba900fe08284c96441e9dc91966dc339f
SHA256 8d94386df55ca2255828588ab488acaef0512c52d5b9ba01a3d75f7bf3bea867
SHA512 a56431df61b1dd7aa86879c8871de78c822f81fa1a416f16f2e14b7e722e3556c68461a7e98efece785e27ecd964eb46ae6d7c95e9c3e382aed265d62a8bf6f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d86200191640d922b0c2f7697f144681
SHA1 9e30423063d3d35caf0d2aed4e53278340c85a4f
SHA256 466bad9be627ca0b0154a5c91875f6b26e412903dcf5321122a3845450b161ad
SHA512 17d466ad41a3deb8a93545a81107ff185bdc8d4c6fbbb216a713f57a276a34bcfd6a1466e2695e7a31f66dc04a437649bfca986594e6757f356c6bb178d22a56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4ce52fbb86c12d9357c6656b6e4f5646
SHA1 da5948b994b2e89ac86e13c15faae58e23f8f34c
SHA256 dc5066c2b9fb3f090e924a17df7975ff3df19ef744f7e3954b248fa200feda55
SHA512 fa6f64c7d10518dd7b7e266ac602c65971f5487c87c58c964208d47f59cc187b0969a60a375707c40540466787276677ea0c793eafe94a0c8bccdd56fdf6c5d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ba4003457964676e4ababf3838cbb1c7
SHA1 51604217d92607db545aba32f5a04af307d91fa5
SHA256 5f885e77a836375724c1a01916c31c1e03bde7a43fd14d981f4c987ef23569d3
SHA512 fe59adf22d33c18ed471204c49470d4f4995005472f8babf7596bb0a51fcee14cf91595a544cb0874ec2d864ee2b1aa22c008a0772f53cac6707fbcda1e63782

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3c7b7bf056a17ee9423dbfd7d90d6cf8
SHA1 f995297a0698d9cab49d7340af5d0ee1048591cc
SHA256 754f093239d390baea1e4df6910ee1f80b65872775c90d9f627742dcaf87212e
SHA512 c5f6a2543d2819d1280557a4859848d9fd5764e82144d3c043714a6c2816a99cffd0c3eb5694645c30efd0e404816466fb708a65acdd933b1641313850a7c6c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6b62b2e0c664cf61b925cec3b833232f
SHA1 afb5b413eb54fdc9c63518126616562b67a6fdbc
SHA256 59f8bfc0fa30943fe09f54e5009f361d62fb7de0a7bea60f94ad26b82e69f053
SHA512 837106a6d3ca476b4d7a4f0f76e8e12e1b057f07270a6259ab951fa852617fc448bb6190b7f3c5f9c76e5c4a3eee11692e7926447d2c4e41fc5f65cdf9f14b33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ed91a015a0a82109bbd8044946505bd5
SHA1 ebd657ea5d33f1a08e0f883623e6f7f04991c865
SHA256 498fe6ea14260957597a60a144277b67ecd35eddd73f4236d8648fb34ed421df
SHA512 f58f0ff159d11c0cb1d70f169ef8fe79cda12e8b9d833706dad31f8c800c63631cb5d83ec86fb7c91a0041c75dd7ae50fb325c8120881729ad1d77f6232d0912

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5be496ccc17ad6300d5c6de0674992d5
SHA1 229081906a2ba5a30a0d2aca5ced750c5213d9ee
SHA256 49fb8c51dfa8c511f62a08ecd6f3bcf616879e2332c484a2f27d155ed4077113
SHA512 d030d77be15ba723126a2455e06b9dff11d604ea2e6a4889ee0d0738ba8b6069ac1a1ef1c484f1f186998d97c0ac1cb31f5bb39f371db1dd87b0ae3b0c9d13dc

C:\Users\Admin\Downloads\I_LOVE_YOU-Virus-master.zip:Zone.Identifier

MD5 aefbf1cc45a5466973fcb6cafc8c449b
SHA1 3046b6b9aa1ba1a95de83ad13ff5bc49f7bfbb7f
SHA256 68979fe5618e2dac490ed0114bedac934b05167b875bfb0b48c20471b973e640
SHA512 e2290d49ad01880f15e45a93fd5ad9c98bce60de531ef7a92710dc98f3b44e7311385d73a6fbfbfada9bca179d98d08524b05a047278d5797e4cfc5de324f12e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f30de668022b0235e6ab9772b8f3777d
SHA1 d376d7644c76409a34f7dfcc984700a8affeafb9
SHA256 4cbc86967a65ca483430247f70738cfad4deee27b520bae4e769921b217b75f2
SHA512 6c8d0fb4b69fa4a7d4e700992a60daa6757b1b5a35809ee8928c6c4ba26524b8a235fd4503a0bfa49bd0e515b9a29d68d7f2a7df83adcc4ed9a9883c385dd2b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 b693d7d212e586a55b8b810cd34fe134
SHA1 7cbf8feb332fbf1657a0cafc2bf06b459191edc7
SHA256 8ded09a4246c4f8e4ec9cfb652abb37ddc62acc3bee94d1894601fa848ae574a
SHA512 1e9575316974ecf5988f763cb5c7ad4bacd453dc063dc4dd7b4e3ef916ddf45018bf590d850c35e64ee5496786ee3a551e3f586ccb511fd8e5c1af3aea4a00c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 09954f93af7b30a99a7e444c6e01264a
SHA1 1a4067fd54ed84823e78305f756181be041ae543
SHA256 feb77f3a11f2611eeb409c8e417c87e4b6ee2607ea7b71b95bd4111dc7cd2681
SHA512 89be51fb73f934b4b31674a63d694ef95796f3f2dfbef7ab31242f8487471b542219a7664d19f63d5bb3efce82e8fd79b91b9f413b256e195899ca0805e7aa60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c4d2cdfff5f83430_0

MD5 f11ac99e54fafd82be3bf779ae39b87e
SHA1 5a8db3ab5c75b7b76b8849fc224a48b22ace964b
SHA256 08db8297e65ecd134b94b103e1a09305c630715445045fa450a0c723a340f70b
SHA512 6deebce2fa104ab4364b6ab6c6e49053473600569d100f39fc59ebcfa274b5298e8a7e786be1cc5c71e214d761f0a8e54994d466d5c546c1d93b88a3d8a515e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\295f5e2112efe00a_0

MD5 f2f469e07b18ee7f18bbbfb3510645a3
SHA1 0f4e0dc1f26a18fba3646a6702112a363b5aff63
SHA256 be3bf4155642752f99f6cbb21a9a29698bd7d7dc650bb3cf915d7d6fe4c33897
SHA512 3a4909dc234860ca79e3d7355b649cd00d3e97ea2f77c3970811defa297cba382d30392014aceccbc14ef042f8119af35f66716203a757e7d2923e9266b8b5cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

MD5 32b03c1f7d6dd49b26b9c2bf671b2f17
SHA1 966c0e7806a559985253d81d5d5936c4d24cb96f
SHA256 b52ba740f75b0436caf11c11adbe93c8af25339c21c03e60fd60433ec815c5fd
SHA512 ea10fcea68368e8f927bd03380c91798def9a1d014f3a49eaf87b4ef49ec4d074948c91578e7d7082b51467227f047b4c950ce0c3af647d23cee924a458d5357

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0

MD5 41fec45371cf1120a062d7cc998485d4
SHA1 17d98515e3279495b3ca1c072365669d7b4d4baa
SHA256 d84932b6e46c1d6b8228de73b62b12a50d8294d5d1cd1f2a19d237fd4d2ba47f
SHA512 8ad8a9de92ea5228f97775d35c912c7d66fe5a922c6106e9e7c934f2a55bcab627c339ec39d7e0517a98a6e4c3280202511a7fde65209f171d4bc7b049385bf0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

MD5 c067025bcd58607faee0462566a9a29a
SHA1 14136e60f5a5809c47b55e9e23901d2eaee09839
SHA256 38f3824691066a9863ae7aa546ee9a956a761d1cc9679c1ef4b6037d20a35567
SHA512 4cf7bc1ac4796d580407d8bf36a0da71f954963d8bab1b38c825405829218074b25b5804bec2e65e94d130cb621a675ed196c9c4ab2412cc1bcafa693b1211a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e7aa6b8cd57dc2f_0

MD5 0d8050f8273737dbd559a833ea2f33a4
SHA1 ffcc66c3549cf7c6ca2cb0fc7202e5c6d3da2b69
SHA256 fc6fe2461fe97f50c96bfafa1b5ebb60ab3117e88e1df723fdc15512bfed37aa
SHA512 8c51a0ad226a49c31a1d7834f41a763a066828268f524956223f5d6fa87dd0d6b12f363ec008503c02eac6d68bf6ba5f5a6bb1c624822268dda1a14e35113f08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

MD5 2ed4f06ce4f8e8c5d72d35c54296d3b5
SHA1 9b5177566abd19576256c969e9a2cd495e1068da
SHA256 17879fe9f483db1107f360919390473dc9e6e403096f950d03dbf3dc90c7d4e3
SHA512 150582a7ac99bef3d4819a90f7ca0c72c7e52132f80e3358972031f7cf559aebf99cbf818d4e3b3ff35f8c497237f6af74766941a086d1fc902afd8cf02321bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f05d59e6df9a390_0

MD5 2e6e72197306cef79c83b55906817338
SHA1 f6b6373a068047b361a770a76b54018099edcc06
SHA256 9be8c39725d5f6940ba3498fb4ada7caea5138cd7db90d40302370a5fb0e4bbc
SHA512 56c573b9684ffeb2bf5f4e66691fad221fe57874801542089efa0c2418911a4aaa361ef390d7f4768115667e94e086b56f4739059426e5f762ecae4b9de26a2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf0c3222b48cb44a_0

MD5 72eb2ae03fa94e6d97ad42f7f59ea964
SHA1 4e5e6f701881ddbb287ae2c704e02da8ac9bcbf8
SHA256 5c363c60c6c77dcfd90e28108869597a6731749787b3e6c81cb1215ebbde7147
SHA512 215f48b89bbd4a57e225021c8280aa7608091801fcf01d8141ab1e41fc6609d339b892e73f9b986ce9e260367091d665174aa407cfe2871e16b4a40882111f08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1fae7561fb91b5a3_0

MD5 5ff0531d47d71b5fa1c17c6f2940a128
SHA1 56d85fd838b632fdfd7f32f4e762db131c497726
SHA256 cfeb41228c2ee798a848561a9a070d48fe87930c75a2d2065914e840df1031d5
SHA512 97158786adaf792724b131cb21edb7fb998d5bc3e01495a3a894394cec0a11473dd69f15a631e015ef959eca5d16ae7a821a6d1e0dbb2bc93f70736bebb19f6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 51f21ceb87ca25ca8e724d4c2d4ba187
SHA1 25c7b3ebedb6abbd6c9ea09ff125bc1b60840ac5
SHA256 30fa7bd3a6ae52290af980a7989ca6c2717fc792b0af34874b5c5398f1efd246
SHA512 af86132af6854bd2e3e4616f3b42583fe540189df7e654f6b2df00d8d7e26d3361492f5dc9b95b98a58e0fdf2896d2c8fa9fe08419b2d6b3de30eb971616df95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02b1a637dfc4493e_0

MD5 19ecf599b9cffb29a680c8116235b6e7
SHA1 511571000903970ac0e20889f6a81f62fad4f0a6
SHA256 2f3127febe2a60b9ad5f78a5cef09d0053c23af16a7adc451bc5296d49f72a50
SHA512 29e655b529270cd669cc8b22c7fd26ae7d8b5631cbe93d50e12bffc01542b726f5b0775d799a3dc2502672ad3a5bb2a54490ae3ffa831df848298d6b87d96454

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 8166ca76f4ac1be3e5d72c2a019ce27a
SHA1 708a4f5d4fb0dff13fcc35198f8d840b61140905
SHA256 883e22caee938717e36e7ff90597248364d30442c919c47dd2b97fdb18fdf2d9
SHA512 76a248e93ef8006ede6d8c88b967a8f743aec2084569d1b9310942583470aa51ff599b02ba6fcb0468b702b8a3f636a785bc8289db84c9312fcde8d5564bd8f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ed26cd2dcd561670_0

MD5 6e10ba869c5039cb8bc53a74dfd26c4c
SHA1 6b9fdad1d88e3cbacfc8f25841feb78858ca2ee5
SHA256 f172380d7dc93fb8b5c3522d1625ab9ae5ef4f6d2ab2cd9b0070e652e81b5b0d
SHA512 10c304a39acda6d35d7e31b1e39c3f9d8d5c1a8a778e11096c0eeefe75b0f7f47abad27930fe83836869badc342934630614b530124e7336c1df559ba7ddbb0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eafdef011b18f148_0

MD5 362d2fb52237509cd008c66f78b2a19b
SHA1 87aa3d9511757ed55046ed5e77eb657b1ac1a967
SHA256 6ffaa1570bd8cc7156e5a01f8f30dde4efc03f4927ae8c8818647ec1614f00b5
SHA512 f256380c2c4f71b4139e88bd66b542a76229c3d4a34d6e40bd1220f5549b7fd9bb52dc2720b77a53806f606fd7f239fc6666948690b9d771c20b47bc2fe485f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

MD5 192ddefdeb316f70f085a925a84c5bea
SHA1 33d6cb946f36f7b10e4d7ccab335033a7df910b8
SHA256 03facad4c6dd09e28787351739dbba556aecdf6d6d198b5d97863fee28358455
SHA512 cc62f19e6f7e3ade24fab31f8597a7590a341f7353b89c34d7c5c851764322b9e1bce383d5af0d3e77c09801a0ee547bdc61e5e2fb245ba3503aab67a1cb6c34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

MD5 1afc457f8b5c0972b63ea2d5a5105002
SHA1 70941c84e826948da76d44ffd7f5ba5adc207da0
SHA256 37423f9111f10c6d4aa799ffd0a3b54de463284a1040f2dd000c3dd83b38d667
SHA512 3adbedf35f7111229328e002a0e465305f00432ca625e76ceea8e5193c05584005412a43db97b368e7ed2cd15071c6cddde084b4fa087f7ce9edbdc1a83dfa1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 1dcc4b46a7f534729ce4165b97a424dd
SHA1 36cc5145c70b749bca73d9a872f96850a5f50f4f
SHA256 ace7f2840e302e0a25cf563fd98d95235e9bf3c711e7077f356fc9e41ec47642
SHA512 6991e540daa253d72a48694089d8761a1c3bb04da98728c9a0a8ca613829e8f944640103d6b3d318d252270fac83433f4c9660e7b63c0f10efa99faad3d696fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

MD5 c747475c19d6d697d25c060153ead391
SHA1 8dda0da7c8d06e7aaa7c9afa330b524596c639b9
SHA256 298d0d6c4bbd2849cc7ad0e9a0909c919289dd4dbca6b83ef217ffb7cc8a9a1d
SHA512 3faf70424a4e0f7b3573d94eacf633e5ec8b07d29177a5a720e6c456025bd768636a63d5e91f37978e835d0df69369fc4611097cdaaabb9394091c1f5590c31f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0f93ba6e3905b9ae_0

MD5 c16faa149ccc2de1831ccd08e9c62287
SHA1 6551ae752793da14b54ba4e19e6fddad2a5b25e6
SHA256 269cf14e02a8fae57f63321e88860524ca03f6d19fc73d23d66c4814c3094196
SHA512 076e33c4e3c50bed7cb15b217cd5826aaa2cf984790520936775627d9f99e8786a70122c972c909336258b1e05b40ed8132296ce571c818569da30ed4a46bf92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

MD5 97c89af35d261d63707d63102f262de7
SHA1 30aa275041b1a4e3bb1bc905aec633be922d202a
SHA256 aa3a3b7db3cbf73b413af37eaf58ee462f759ebc08b50c0e195d47038f70d0ed
SHA512 873d5f206553919868926a35331dcc37647ff43c6001b989a73c989873636dc1cfa69918bfc5a2adea4d837bc26e8bed2fdee19342024434368a1a16fe0e2dd8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5c2185040c52246c_0

MD5 e916a1df1119562a336d94357b29e224
SHA1 fd12d0835a87014c23046188ff255b9fa6e0046f
SHA256 88e71dad075b27a36af381a86ad2357ecc7f310be970c5f525c9dbebc4bfc078
SHA512 4c0406a706eeba38561ab1b3cc5a4da0a13e1473e8f560c20bc5a01315b80c6e44adb0f5e95f9984fc25c9c287a634aa861a4cd6ec6f67da6709cd0c6058f71f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

MD5 734401cbbca911764d68abf4cdc4a262
SHA1 c94fa3ec9da144590c3a107f2531baa005a58330
SHA256 ba2a4975cafd3dc9fb8d62041583e7d284f7ec5d9565285a4031e8508af166f4
SHA512 bb019881dbd3f74c1f0b00e62d839f95d41e1c02dc84d112007b103d2d1ea10df430483d8a1d17785c026b83883e68cdd3fe352b2c1a7f7dbdf50a2e6106f32d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9aee5cd509922cea_0

MD5 25c6d8a36fd5b0b935edd037c5322bde
SHA1 3fa61bd9f73363298ee6d9b392ff114d4d354fd7
SHA256 a852e1a87f448b7b2d0ef73eedf4e5c069e7d4fde7992e1ec262a38634840eb9
SHA512 8db4309d5177b9c921aff221c2ea6f1812dc932e08b3f3b8a1930b8253e847f3a8d2c12ecc147baa586c47561e5dcaff3e62505e0d77b937ef2368ae5964a118

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

MD5 294d26bd655fa91780bd09cf6e759518
SHA1 76f1937df526ae27fed7dbf3219d01e9845934af
SHA256 b59164c30e11a03b9104e5ae02be12763fa46a2e3e863e112113b7b112e3f625
SHA512 1d1e20768deccbb96d7d67b190ad9c25635f26b41fb5d880cff6fdc41b3742b8d62549d7d1a02f8f48fff0f8839f07891e9b8b752cca5b980be3400fa53b51a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\80baba1206113f67_0

MD5 ceacb730a9c353f92ef18b9501430800
SHA1 cba0f07a1529c7a4f3717f87294713d0b22eb7f8
SHA256 a0e8544ce1786f1fb6ca7c8edfb7ec3f00efad0574830fa3384f1fe6b6491eb9
SHA512 c4c8ac424cea206e58dd5f6a7251c3db8455734f557f7cf1a6ebecda7f5ad10b19da52554d0db424f47d12338c3b24b210ba6271467616f4557742c09437e058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d7621a425aef257_0

MD5 cfb002ae381d6db385c9d219f3bb01e4
SHA1 c3a11e88ee8a58522383cac6bc993cdc2b2cf10e
SHA256 b2d18b5c2f04ccdf468a3f1572eb914c6adbdd0fc38e08cdf0937fd356a5b8db
SHA512 e2361eec39a9f0879e57fb9a415d6d057962a4327df127a350fff449e8c4acbd22a6af0ce4285da301c9cc4ff6bb6e8aca4fd793a9e80d91468990fd390dc26a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e5fd3da28e055df8_0

MD5 acd89cb334f0bdf0b036b79faea4b468
SHA1 f0d6cb3cbb7753bebceb756d39ddf926fa14f4c6
SHA256 f3ce288c3ff727e9c5c64a306ba6dd5c389fed530fe3748d40003c2bd1849a68
SHA512 5af124e21a73eeba1863a6d888ddc92d4bd21b1269d1aa4f12dad1965781e82e26decfa2c6351b7ccea2ed70352e9bbeeab9ee35e9ba35fa390e1204f3f93fb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3af2068ae4d843a5_0

MD5 53eedd46cbe3139271dc886c999ba812
SHA1 8d7e07e5384f22cec95ea8d9b3c10675e5545061
SHA256 0340700ca5a76db77ea176253ac3aea04f27f9c239dd3f6577e55ada7751fda6
SHA512 bd690f46510919240a0c8cf0eb199e469db232afd8b0bd5f52d0ecbb9791c5e43bab46c3888ccc81037f1c3619c00d3c650dc9da05a5d89097549f51cfe8d554

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 104e9582149783017f692d848047cf88
SHA1 3394d443838bf5303892e65a446c1634581cd49a
SHA256 1583c64fdc893fab99fcb05d6f31191d2aa6ee2cde5bfe6da2f7a2a6f7830a69
SHA512 6f46986aecccf5a9a188f1710a7e2f8487a55132e99e27a6206a1e27f98f7b6b4e63aa483bc382360d4238dae3f79505f832a34f295bc20f5a98bfe16ad9c74d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e0bc2a8f0a2abf28_0

MD5 ee985d606be252543f944ace2e0ca78d
SHA1 7b60a608009b656f67325afa8f1528af829e5a14
SHA256 b8ba1b7bb5e6d2e86ca733fbf82d105f680842693e424e9dbeb3bd718423b898
SHA512 7029c6236bdccc519f9e3be2c7b2ebd78b3a0cf11978af11306160e4d71b348ff652b20cc24b67edcd5bcbbdca1c49b848f7fc9c8707622774c5305cec78a7b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

MD5 e1a617ef66c1fa665b5638987b13cee9
SHA1 307895dc1fe43b9d78451bdfb5b9bb696db76659
SHA256 c74c4c2f88499f9265cdab667710f67cbd85821949d3b4f9eb1b2a146318ce3f
SHA512 0f69c4a5917ea8f2b942b60a58e851e917694e91cf224352d063023cc40e72e14e103cba8c5c0c9b5bbde88c68f6efa4ceb538c2aeab32d4fc1be9d30f4a85c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0

MD5 7904d603027433110aac53cf1a414b22
SHA1 0b11e8ea7515b6e95836e361c12bb612df97af30
SHA256 352b821652bfc433aa8a5193a3d9caad57d8a0716e45e0ee8975096f6c742795
SHA512 a61fa54b64c80c0d3fd959c3f4a7d7f19134e6b6c6d41f88a39b4c0755b14336c252105f5b5399fc6812dca5562c22b8f17d7e11e04f81ae348e7e6b87693c20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20c296787a3f88_0

MD5 f35bd104b20f1f2c5000b3409db46e4c
SHA1 0d05277ad316db54f1045b07677ee0c6a024baa6
SHA256 af42abcf2f3146dea33afe8bf3c17917cb05d83d7219030b8be06e57496b5200
SHA512 43b2f7dbd62fd950ee02cff17942ad8f75d6487c3ad2c3c6f1349debd1f35cbd7d21c014967c1de71c6f7e55e1a00cac7db3ea0dd15a7a739135da5561f156a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

MD5 f6f7cde623751115979f9354fb973169
SHA1 eb45584ff5ef4a85a5e9b07dadc10960d332ff30
SHA256 b0114b17fd440f083ff687dfa28e5149e5d36b57b33b0f345e6b1447e9e5c34c
SHA512 d434d2edf2e7778be4864aeecf0f54c37fcf2c1995a27ce22de15b5dd9a44aac88cc50c39a4dd45d97579dc967ed17342a173c8bf7baa13ee950bf8490e6f795

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb25b6a5aa4bb911_0

MD5 105a43ecb0b61462e33e03129c523864
SHA1 f7276009f9dffe1209ccebfb0e810eefdfbf988e
SHA256 c0518efde598f0b7c6309e62457708d118f43b5e06efb21b0cccaebc3fec9708
SHA512 4105e611de7687d9165d23ed95f0eda629b95bd80412c3a99991a050e57617f339a45fc5107ee93ba9170277a9bb441f34dbe7930e6d138eee305e8c705aa720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

MD5 56c686923a30eeee47ef50df9e03854f
SHA1 f6ee1c3356ca7ba7e4671d20b65f46aceafd5a79
SHA256 cc42c0dfea332b124ba64168acaf9e62f8cc3193480a7781fc316475972ce342
SHA512 70aa53df896773f78bdeb21805a3c3fb2ccd3b3e487bf2a7166b1ff089e92faa0a43a428309396dc907390e84e7d3a67a10bb7f1e7048f010b50785cc5aa11c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

MD5 90c1b2301019aab5ec6e71212bebb21d
SHA1 d71e2ec034a6411855605f459aed5447b8b6fb0a
SHA256 c4005643e8f6ea3fdcc5222be31814aa359de8fd47195d884b1811f768f9d592
SHA512 f36a3137217ef55526de5fbc20bfc891f84933f833140fec43b75bf9df60c8233e00707e108d215a216451a8b5f620b36b4a89616e21bb73cd98b1e3219b03aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

MD5 4c49cc641082f36a5247b96cb55b694f
SHA1 db44d51381c096e2ccd24d835ee1b78a75dd62f1
SHA256 f281999e941c74b7fbae6e9bc802b72955128d96fdcadc3ea9db19ab2669ff6c
SHA512 fcac7e5a83a7a629baadc385162edc8fdbcb1534c5416a93afe9569b53696448d72e24f22924d863ffa0fa94d4c300e50bb87cf35c7e2fdeca1f618f689af64d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0

MD5 e7c8f0737b21661f32e89b9debcd8c88
SHA1 40073ab94705e641b21041e42b1b7f1788e34522
SHA256 804784ec83941369d146f610237739a55954b0e4b10ec27b508018c58e9e7365
SHA512 20dfbb3bdc3c42e671df30745c4248d292479940cc98dbdf2c6d5952eedfce70110a316fad584eb1d35483e3718b804a0a06b1d43cf61eb2be211d231540cd09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

MD5 d8de93bdb88cb0486970050cdf4d2f3f
SHA1 b42fcb383c11539ead5bd0cb993ee9da28675a3b
SHA256 9b91e962df433646ea24c89dc8ba0cece172475438ab7f9222c90a1995037328
SHA512 cd3ec19224a08bd87c6be4d1cebf852aedb2ac96b1ded65c2ceb7316d9d5098fb9545c23e884b420819a3d25ce2e57c3d2592cf0fb818d9a36c086064f7ab33a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a37ad9a49149528a_0

MD5 f3ee7a1552b5122c94bd10c8c02c0f26
SHA1 7d15d483ad494371a9736f4866bdfe167cc45d87
SHA256 c6d1d52849b5d1b9bc0163ff18ea4e112a960475b71a40db7e4baa51bcdd5d0b
SHA512 5074eafbaa5c2053e219c19339796be3fcdcfb6e68b1ae35d8c6bca30208d48f6213da5ff1209ea8b05c179efb0fdcb304e3d25847b4c294dc1a030546e1ff31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

MD5 62e7a79138954e894a9b3f3a29abffd5
SHA1 95a111e300747317ae201ed25cbae56edbbf7b4a
SHA256 0a61637a2883119a98fc2ada0653e9fdf0c3cd086e2b3cbdbbb9ea95b9e8657e
SHA512 27bf57ba6b635980e61db08cf95188d1109934866e5521a4d2d834696afa3e971682900e545c2fff46269b278ce194d810ace358253461632cda707d5ec73283

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf8377183f2dfccb_0

MD5 6696a752666496349aa0a99fee1af19c
SHA1 301e3e26b64ad1cc6e00553693a1812ad1780b8f
SHA256 9243d668bccd1ded30dc27ce5cd37b687895cead39228e5ceaa4e4b71cb14f2d
SHA512 75d1220b5bb8307aa6bd9c8b51f8e69ea977087c101e2ea0e12709b6feee5cdb04dab578547b743ce0483003e6728a76926af10e663de43b5a5f189fd1448121

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0503effc8bf0d7f8_0

MD5 b646fcb1d870ba893d42cd32c2ed6a97
SHA1 878f25acedd78b6f080b8044df806a07c9e26bf0
SHA256 13d817653f4eb9259d0548df3c5b4066b1f3cdd0d96af06f6f49058f3a2756b2
SHA512 29ca7c82712d1e029bb01f9efc25349f9591ab249be58fda7a65723ef57f4c5ff40a5cb4bfc4b603d7f55cf405a3cdc1df75cfcf8b7306f9a039e14996ead5e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0

MD5 b51a733575935eaeb6a7682a9f0e092c
SHA1 d79d087189d877515cdaef43bb8f885e20161181
SHA256 2fd8f14c18ba4a411a7bb9a45eba654789549200b474d8797d0a7daca6787faf
SHA512 e424317afc075d61c5eba141f202413f3d47dcc2eab53de37b02f9af8f89e07d13b122398835f5397bfded5a6a6962b816ac6f961cc12b8c3df468255a6feafb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

MD5 5640e39839a00a8f6ad92c133d28493a
SHA1 2eee5ccc4fdde60c177bb5bafb93ef4de3f1fd5e
SHA256 d01242ff89bd6ee3eb3ef58fd516e0e5296309e2db43891b246c9cea9ca9ab10
SHA512 83eadc338b15a9de848b81379c61cc3e48a6858c7e08baa53eb9547b9e1ee794d37eba00fec5c298d43bbbc5f4ec6f380b7dadfb1cb76100456095a555df7370

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

MD5 a36c574bbc61ddd0f3c075db83d163a7
SHA1 2dd08d1c160b108ab475f2f826b291225a2de620
SHA256 8b7ae1682366a448418a0dc98004cb5cc36d65c08b5abaffca95748716de254d
SHA512 ee44b164645da81b7570e1904333c48bc7558ae8bc8cb3cb3fec846aa81bb54ee9d6c4b80d26095cc0ae344e3f2c183c97c7fad53a2b917c4eec0e445fb91f77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

MD5 198948db2c98afad47296a72a90aa292
SHA1 effed94ead79f6fd9ed05a4392dfa73258d0e7f4
SHA256 1fd3aa8dc89025c82ca3b1c27f467432c369ca7488a8d62d1d573a77ab788c8d
SHA512 916624ba546416cb9586c1b49ae980c02cbd394e230203500e8cb78f3a415bab84eeb020a633a82968fd42e94c5ef5c0e1b4f34cc540f4948b3660422a582e0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c7342902861a9eabd82f484e2f754f0e
SHA1 c0054e0fe164d300083850f96e5c6f4a51750392
SHA256 45d5f0dfc5e00039bdbf1316f6d9be2fb10d6b2e55bd0df678d084395c380ecd
SHA512 0fbd9407c395fce863a7dfc06d28f46f9323e3ab1d72b753ae2fac4527b038e56141fa59db8012882193de5218e604c684a1f277f92a71bd6f7113993c2ec7e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 0f3de113dc536643a187f641efae47f4
SHA1 729e48891d13fb7581697f5fee8175f60519615e
SHA256 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8
SHA512 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 6b528d140a964a09d3ebb5c32cd1e63a
SHA1 45a066db0228ee8d5a9514352dc6c7366c192833
SHA256 f08969d8ae8e49b96283000267f978d09b79218bb9e57037a12a19091d4a3208
SHA512 d3c281c3130735c89ddbf9b52de407da75a3d7ecbf0026e0de5995f40989883178cd59198354976aaa2aa7b47fc5f3f3856a59fe1463d4e2fdb7a27e9f10e76f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 a5bb3bb3eda1301f6ac876a49d4b2f62
SHA1 1786309cdc2fb5c1d29cdac00dbdf13711f19f3a
SHA256 316ba0d916f3d3d945b42e589de9a0326836664f9a06e9680bb853c828c2bf35
SHA512 f2ab2d40d2ccd43c5e5bf2150ea79d575e0d4a41381a8fba3beb47a8944adeac0bd19dacdbe237f8dd1c06fc04403f0bda3fca1ec0fc429357dc705c6db1eea4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 ea48c33e2560afec958fe8c5396344bc
SHA1 2d83e09c5784df5c427e017cd312606df8e5bbe9
SHA256 fe6b76517c4f221c3241886d04702bb1ea480827d335ad37336cea28dd9c4df3
SHA512 3757c49932afd3eda89619a96572cf6d3f940b69d499ab83c6c14782fb320fb6e69681a33e8d9872e476cf697865f1bc358a01627ea455b3d97ecc772cf85d0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 d13799a914badab072031a06fda7f0eb
SHA1 3c28322d73ea38efb97593843fecc749b5393db1
SHA256 123c3facdefd1fb463a411f64f3fea8eda47a1e17deb6663d1fbc1fd5932b0fd
SHA512 2316fdcdec1441cf4a6b79ffaa853e889934f6dfadcf76262fa6b15de696b10a244b93f89d64b96ce9f082a488f1f00f233fc4cd2944d6073e8211199c2ffa5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 6cbf8f829c02fb20c7025a2db54209a1
SHA1 a5c97ff92c09fb6d041e8c605233aff7f619f6bd
SHA256 beb80436725b4013784e4c1afde181c4b1179fcb193b48a408a63162c0ae1b5e
SHA512 d5529174a05906c3a3272256a68f555c70ba3a091bb11d9650d8b72d21323060fe35431b5179193ae38f7279efc87ea123e9381984e13611306c6f2bda09505b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 13c12dd8035a11f88f36de3b9dc964a4
SHA1 25fb02df3f77368d59eac2e7a1c59fabfe9ac9b6
SHA256 f58cce418d2df873187a718cd5a0d609c711405480c1b56f004d304107c87171
SHA512 7944f16894141495458ea9957172ab4ede54eafc76c50280075ce55f9eca941ffe7c876f2ae2536d7492da0cb340aa8094681929b96a428bf9fedfa47c8dad86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 0f2b395cc63db1bd8a5d093e558cbdd1
SHA1 833d0657cb836d456c251473ed16dfb7d25e6ebe
SHA256 f3797115dd01a366cce0fbd7e6148b79559767164d2aa584b042d10f1ffd926d
SHA512 e8a4ada76efb453c77a38d25d2bbd3a7f03df27b85e26ba231791d65d286fe654c024b64f9d6869824db5d1cf59e4d4eb662f5a55c326e5e249144ae1a66b798

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 c5a7113d962c5eb74a8dcc7b0420dc68
SHA1 c348dc63331cd35611851a53aff9cfca3f27daaf
SHA256 a3f9455a7908ac86647d2af76e2f84cd8025da815fe98f65da0f31f40337066d
SHA512 c9960f3c54f43129c1069ac57a33acbeb4bd0cce8393838f541c12c51fea6566bafafb053d72402f001c3909df252073e335833c6318a89f6101c7aa46afa4cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 4bc7fdb1eed64d29f27a427feea007b5
SHA1 62b5f0e1731484517796e3d512c5529d0af2666b
SHA256 05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6
SHA512 9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 0b1dfab8142eadfeffb0a3efd0067e64
SHA1 219f95edd8b49ec2ba7aa5f8984a273cdaf50e6c
SHA256 8e2ee8d51cfcc41a6a3bfa07361573142d949903c29f75de5b4d68f81a1ae954
SHA512 6d1104fd4cfe086a55a0dd3104c44c4dba9b7f01e2d620804cf62c3753a74c56b5eae4c1dc87c74664e44f58a966ba10600de74fb5557b3c6c438e52cc4decdb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 bfff9d83b00a5aa9b944286ea3654726
SHA1 aac4c6e9f26a09c38aa59742b86313d4fed8a4c0
SHA256 90fe1ef718caa668c13dff783a028dcf133d7d9c5ceec7226312a182afe6cbd6
SHA512 ebe8fde5b6cd266a29bc731077ed905247bb6e9948996aeb38a91f200f77e588e514662713875db34279629b70ecf2bab326b6e152fe8dc4b7a595892e64a28c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3369fb53ce7edace5c38405a22eb2760
SHA1 913187fbc3ed4e7b5f615423391aa2d602eca6e0
SHA256 890f4e5f36cd7a1641c6aaa5571752ed9a13aa60961c1be5bc15e27d1638782e
SHA512 b0a6bad5ce795fc85ee720ca7cf76d76c85d4517beedbca5b5403f27a2219ae46d4641995693e50fab814a799cf1c71ac11acff58ce1f4425625488cf2d8ce4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8688dcc387df8d3a6105f2d53194cbeb
SHA1 39c04a1be0011c1a2b9b6e2ed2f573acbc850267
SHA256 6549823eb2087573aaba264b593da8313d514f1b2f5aad03bd4ced8a909ff6cc
SHA512 81c9f6f98a0b48ccae1c52ebdf811fa198206bd387ca21b9113b68f3ceef9a90ab2465a93d1138a22d9cafe7d6bd29b5937e767f4962469c606722051fb280f7

C:\Users\Admin\Downloads\WannaCry-main.zip

MD5 3c7861d067e5409eae5c08fd28a5bea2
SHA1 44e4b61278544a6a7b8094a0615d3339a8e75259
SHA256 07ecdced8cf2436c0bc886ee1e49ee4b8880a228aa173220103f35c535305635
SHA512 c2968e30212707acf8a146b25bb29c9f5d779792df88582b03431a0034dc82599f58d61fc9494324cc06873e5943f8c29bffd0272ca682d13c0bb10482d79fc5

C:\Users\Admin\Downloads\WannaCry-main.zip:Zone.Identifier

MD5 540a7cd49bbd315be3e206c6ec112522
SHA1 242096b19786d2483a783ff7cbad3fb86f540665
SHA256 dc2f6dd1e5c87e6b6ced767c42ee8d618e4edb44b82bf006b00d65b9df303e87
SHA512 347e6817e8b17863df19321cfab8bdf5b02a7d81533d03106491b4dbd9f3fa301d6b1cf6249ff0fe10a5b6edb0b0d4f3712124cf5c9537fad65b9c3f1ff0368b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 720f3c2b4ecf169f3b97772213fa6ed4
SHA1 fbb6367966c29a70b45742fb72bcc1a8e9407e64
SHA256 860450160a2990404bea7c91f68e2f8a4ad054149c623bb937cfe52effb4230f
SHA512 dd9529568792254701c3e97398512527d5b9e4ec4af1315d86d284f482215168f912b1e501ed0ed031ada4b94b1928b8f63bcc61d47162381b0d8d886aff04ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e88e8a2ee2e39f282f9eae1fa9c7498f
SHA1 efee292943b3e2603639809c0cf4390e00755145
SHA256 95ba47355772be6df7629dd47f7db6f3b5cb4960b84e39425e0940a54e8f6480
SHA512 80752ca31bd23342be9b1268b74a1cebef9364e2baab165f234ff6cf15dcab135775a5d5da244fa8a061c108c2d020ebc941dead7b6e501a874e8128b0408760

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

memory/4740-1813-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_japanese.wnry

MD5 b77e1221f7ecd0b5d696cb66cda1609e
SHA1 51eb7a254a33d05edf188ded653005dc82de8a46
SHA256 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e
SHA512 f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_korean.wnry

MD5 6735cb43fe44832b061eeb3f5956b099
SHA1 d636daf64d524f81367ea92fdafa3726c909bee1
SHA256 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0
SHA512 60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\c.wnry

MD5 93f33b83f1f263e2419006d6026e7bc1
SHA1 1a4b36c56430a56af2e0ecabd754bf00067ce488
SHA256 ef0ed0b717d1b956eb6c42ba1f4fd2283cf7c8416bed0afd1e8805ee0502f2b4
SHA512 45bdd1a9a3118ee4d3469ee65a7a8fdb0f9315ca417821db058028ffb0ed145209f975232a9e64aba1c02b9664c854232221eb041d09231c330ae510f638afac

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_italian.wnry

MD5 30a200f78498990095b36f574b6e8690
SHA1 c4b1b3c087bd12b063e98bca464cd05f3f7b7882
SHA256 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07
SHA512 c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_indonesian.wnry

MD5 3788f91c694dfc48e12417ce93356b0f
SHA1 eb3b87f7f654b604daf3484da9e02ca6c4ea98b7
SHA256 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4
SHA512 b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_greek.wnry

MD5 fb4e8718fea95bb7479727fde80cb424
SHA1 1088c7653cba385fe994e9ae34a6595898f20aeb
SHA256 e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9
SHA512 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_german.wnry

MD5 3d59bbb5553fe03a89f817819540f469
SHA1 26781d4b06ff704800b463d0f1fca3afd923a9fe
SHA256 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61
SHA512 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_french.wnry

MD5 4e57113a6bf6b88fdd32782a4a381274
SHA1 0fccbc91f0f94453d91670c6794f71348711061d
SHA256 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc
SHA512 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_filipino.wnry

MD5 08b9e69b57e4c9b966664f8e1c27ab09
SHA1 2da1025bbbfb3cd308070765fc0893a48e5a85fa
SHA256 d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324
SHA512 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_english.wnry

MD5 fe68c2dc0d2419b38f44d83f2fcf232e
SHA1 6c6e49949957215aa2f3dfb72207d249adf36283
SHA256 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5
SHA512 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_dutch.wnry

MD5 7a8d499407c6a647c03c4471a67eaad7
SHA1 d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b
SHA256 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c
SHA512 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_danish.wnry

MD5 2c5a3b81d5c4715b7bea01033367fcb5
SHA1 b548b45da8463e17199daafd34c23591f94e82cd
SHA256 a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6
SHA512 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_czech.wnry

MD5 537efeecdfa94cc421e58fd82a58ba9e
SHA1 3609456e16bc16ba447979f3aa69221290ec17d0
SHA256 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150
SHA512 e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_croatian.wnry

MD5 17194003fa70ce477326ce2f6deeb270
SHA1 e325988f68d327743926ea317abb9882f347fa73
SHA256 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171
SHA512 dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_chinese (traditional).wnry

MD5 2efc3690d67cd073a9406a25005f7cea
SHA1 52c07f98870eabace6ec370b7eb562751e8067e9
SHA256 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a
SHA512 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_chinese (simplified).wnry

MD5 0252d45ca21c8e43c9742285c48e91ad
SHA1 5c14551d2736eef3a1c1970cc492206e531703c1
SHA256 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a
SHA512 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_bulgarian.wnry

MD5 95673b0f968c0f55b32204361940d184
SHA1 81e427d15a1a826b93e91c3d2fa65221c8ca9cff
SHA256 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd
SHA512 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\b.wnry

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

MD5 7e6b6da7c61fcb66f3f30166871def5b
SHA1 00f699cf9bbc0308f6e101283eca15a7c566d4f9
SHA256 4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e
SHA512 e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

C:\Users\Admin\Downloads\You-are-an-idiot\@[email protected]

MD5 f70886d4882832710a254a5fb9300e52
SHA1 47843ca9b17c02daf2960c8e3f83a7efeec605f8
SHA256 75f88cf07d7276cb61a61b113a6a19afabff4e6cf57986114dcfc9ae4556aa7f
SHA512 36956a57c8e14d4ce67a096bb22d929049572653c34d5b4222e431d27e6cde866c6933ead9fdf66528d729d81638b62d6b9dd6cadd75e75911c59d5641447cc0

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\TaskData\Tor\tor.exe

MD5 fe7eb54691ad6e6af77f8a9a0b6de26d
SHA1 53912d33bec3375153b7e4e68b78d66dab62671a
SHA256 e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA512 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

memory/2884-3205-0x0000000073EC0000-0x0000000073F42000-memory.dmp

memory/2884-3208-0x0000000073B40000-0x0000000073B62000-memory.dmp

memory/2884-3207-0x0000000073DB0000-0x0000000073E32000-memory.dmp

memory/2884-3206-0x0000000073B90000-0x0000000073DAC000-memory.dmp

memory/2884-3209-0x0000000000380000-0x000000000067E000-memory.dmp

memory/2884-3220-0x0000000073EC0000-0x0000000073F42000-memory.dmp

memory/2884-3225-0x0000000073B40000-0x0000000073B62000-memory.dmp

memory/2884-3224-0x0000000073B90000-0x0000000073DAC000-memory.dmp

memory/2884-3223-0x0000000073B70000-0x0000000073B8C000-memory.dmp

memory/2884-3222-0x0000000073DB0000-0x0000000073E32000-memory.dmp

memory/2884-3221-0x0000000073E40000-0x0000000073EB7000-memory.dmp

memory/2884-3219-0x0000000000380000-0x000000000067E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c53b5d8171f4c2d407d114b2c4692e9b
SHA1 8f8c3380f9fb55b647464a0a7f6f3c9556ae27df
SHA256 7eb84c56830ec66b20feadc7ac01f3d0372dd3acc9db625b31b71023712dbe51
SHA512 c3347d3e19f8dcc74806716627c26cd94efd9d5e040f2b7ffc93605605b8762afcaba30d469b06976a96479351da4c1205bbf163ef8eaff9610ffe8cdb34b4bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cf9444c587fe8eea4c51d4e5f45829f4
SHA1 816310908952a0580ec48181ad12b94d0ee46deb
SHA256 c4fb80287d7e762abbc6f2664231eb750b6eca2814e664cef7314eeedb113750
SHA512 96cfa53cb51cc55af997e3cbc84373c94f4789497a255a6b46198de8a5de9efb58f669066daacede4307214bc68e8b045b679d0424a2f23dff53664a044c17ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fdd70b6ff7ed084f4e34a8dead7edad0
SHA1 3b0476814aadae59f2c1392895dc89ee6e92ef79
SHA256 b5bd026181b0c8639a6f1ec457e0e24b49443b3f01dfceb544737e424fcf2336
SHA512 53511643bd8a0f7b62e55906c40af71a28986417a1b01b60f88e48db22dca727a402d9f14d2ff9b28c8544205e11f1309cf15aafe2e25374e54ee24caa703d8a

memory/2884-3363-0x0000000000380000-0x000000000067E000-memory.dmp

memory/2884-3370-0x0000000000380000-0x000000000067E000-memory.dmp

memory/2884-3375-0x0000000073B90000-0x0000000073DAC000-memory.dmp

memory/2884-3386-0x0000000073B90000-0x0000000073DAC000-memory.dmp

memory/2884-3381-0x0000000000380000-0x000000000067E000-memory.dmp

memory/2884-3388-0x0000000000380000-0x000000000067E000-memory.dmp

memory/2884-3393-0x0000000073B90000-0x0000000073DAC000-memory.dmp

memory/2884-3422-0x0000000000380000-0x000000000067E000-memory.dmp

memory/2884-3430-0x0000000000380000-0x000000000067E000-memory.dmp

memory/2884-3435-0x0000000073B90000-0x0000000073DAC000-memory.dmp

memory/2884-3437-0x0000000000380000-0x000000000067E000-memory.dmp

memory/2884-3442-0x0000000073B90000-0x0000000073DAC000-memory.dmp

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

MD5 bcc4f0b7fca615045ac727c3fb8ab286
SHA1 da3000ef8e1cbd8d911dd254cb2150cbb40c5c05
SHA256 77cac139ff6a0387425e97fac3c4d12f605a2cdd0e4578ef059db431dbb67930
SHA512 db21eca2e1e223d06a37461c162cc5d4bd7c08f10b742462b92e7c5d0b7a777f372ebe105c6539f8d5da4de8d40ebf7217a810f5cef5d44df0426c76bd1aff67

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

MD5 c44b2d13fa69bedfb21cec180607d0a6
SHA1 ff37ecab67d0e73d11aba5148011086d019a081d
SHA256 779bb2717da173f8fd1a7092029f829d293b377fd04b3a2b0d1d77e9ebf2f226
SHA512 05dacb6c45c057af898851bc05078a9a89fc42294e560182a55735ccfb55a8702861b0463a71371332709b7c9b4935a64f8ad8f6ad5a9c7801bd1cb3d7a8d6e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f7a15aa6e39468e75c5f252d6b9b431c
SHA1 8e584b83e9843af471b1ac72d18c5871186f2034
SHA256 59c8153a5f3fd78b8bd48039bb0f8606392e3efbea127cd7d23000cf29b260e8
SHA512 0261a66b33e1e7105d59d1f709b16c2ab7af632ed8c035b619b0c0b64c3afebc974d99c10588f3d5706eaa01a63d7b05a466c1825d58b8f9bfd62d8602f574f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0467a3e50e2754f0ced0ff2917ab5184
SHA1 8343e1cdda21e9048d27e1cff651a31f04e60649
SHA256 cc612ef0ed7eb7cd800b1ebc3fe84395785205cd9390a16f5008d380e4e8ce86
SHA512 573f82bb320569dfd49635f9dc407f2bcc2a293fb4ffe02b3d2aa448983fcb94bf02f48d4bd7a1e0bf47085166663caeb87e866d1478f3b741a165c45a92cf32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 21fc4db3d33d8ac3b8a186e19d0a60d9
SHA1 5ffce3be461f991f0151a4bd25426f0dd5ba3f0d
SHA256 f6af75cf9c4177e9c393f25c4a11004ea1a7f11f9515b240283bf88ed73d5e28
SHA512 6a4db89f05fbf50c7afea41c55080a96d87d0d62c824d66beb9749cb42a0ae3539ad505e31be9b6f4d81ad5aa703a2ad3ca277ba4f92698c0281a7aabb9bec69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 9157cce2431d402790d096b94bb9c13b
SHA1 2c736731361f3515f16133e0e48c688aa27cec26
SHA256 0226c26387fbb452e4129f56d0f99f79ba64108cbfa1a3e71600534af0df2f5b
SHA512 a7adae55ccf760aad0565185752de3e7041af4681dd7ed45b708c52ca6655d016ee13f3dea4e1da18a0def99321190a73e0b9799c0ce8f0a62e59f9ccfc1c824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3485a87d8b70b584b656fb380a60f303
SHA1 f8b8311217c35dc8ab9150d3aa255bf10ceca3be
SHA256 8f25ecca5e3ffc01fd241acd43a08399aa96120656d93c87ebe876959ec54943
SHA512 20e4265d1abcc07e5cd8c30c625b71ddafa98522c81b360c6cfe0d896c99687dc5b2741eda5f4b9d5edeca73f64690e6dc4a248f621e750f28e516c133aa34d0

C:\Users\Admin\Downloads\memz-master.zip

MD5 4790677e05d72ef7429dddf35562bf4a
SHA1 4243d6ea53db7e8cc0c355e70d6cffb54787b90b
SHA256 319bf6087040d17b87f46cd05f5ee064c291ba9ca46e1910f28d1f4c57cb3d96
SHA512 a93c5f691938bc1bdd9ef20b975f0b22cf494543e7df82ec31838bf811552ead5cd855959be4e47186ee7de944be005030f52f58b9dc85e7cde719cb97b794e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dc1cd3ee68f9df965b6da04c7da2877d
SHA1 137c9720caf3bb9e636322245367fea43e021740
SHA256 817de6a4d7841ef1f52082fd31bf78c7d70bd67bf80afa01449ae3e35e52dc8e
SHA512 93aaf01a2d435027931385ec5d909d91c6918e122c19c59db8833060513d0a97976072616f60f678b30d691d02d21fe2864dc6e25f6a1f972a9e480d6648df18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 394b3d6914511502f24a8e9de0a4ee43
SHA1 f64ec2231b4c826c307e982946ea52659d70a039
SHA256 74215bbb14c6b3964b82ffdee3fdda31f61995ae013e79ecb1ec2f30bfe70bc2
SHA512 56b4198a2e6808a3edcbc32fd4e4d2ab897456ba0b13a334234217d399681c761979326e0b02724aa3fd256b6036cfb6dd2276ba0633eb94e979d2e4cae7c940

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1f8c2abdf5c2d1cc9fbe51e000adbfbf
SHA1 5ee862dbf09948a919593c5a6a270eb3c031d3a2
SHA256 f1b4f5b764e5d329301db5122a5c7d56c832c2597b05521096355a4724e279c0
SHA512 68ceb19090faedaff9f9a1e3415943fd6e8cfad0bdcd3b44498d0658b14c95427fce296aa994f03fdd17fe16c65ebfd43bcea62382225d90f119119973004220

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5d8204.TMP

MD5 6f5af300e7df7adaa38ebb66308cc733
SHA1 6ce6f008a173f15884157c48e3457571d18da4ff
SHA256 8d787800beffb01ecc1b497887a97b82e7fcbec9d2d15b1ea4a2781024ff2249
SHA512 6693b673b3d54b6235a293124a79418bb586d038b0ea6af92d06842a0b33212874671b456b25c0f818ca5a1bd669c340db3c02009f3c444bdfa52b2bc55f8f8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4ab04023f2a2612553ed607d431bb234
SHA1 3697e4444a1c732869b5a8905eb187f4b5a42186
SHA256 2dc424a4e96ddde03dd7ade56ade07becf33c231d5080f5ad459a67ce64b8f3e
SHA512 a5605d08482e5e6d000b3753b59b995093798e60aef03b19e68a0f5c331dc6cc27f66e1560fd5649ce7ce3808ad5b097285c12fad3c38ddddb8c64ccaa0b590a