Analysis Overview
SHA256
77ee38260b9dd87575aff3b3622ff3bd41dec221dcfb49df1c0cdf4e22ce2552
Threat Level: Known bad
The file edge.png was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Deletes itself
Executes dropped EXE
Drops startup file
Modifies file permissions
Loads dropped DLL
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Sets desktop wallpaper using registry
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry key
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Suspicious use of WriteProcessMemory
NTFS ADS
Uses Volume Shadow Copy service COM API
Suspicious behavior: RenamesItself
Enumerates system info in registry
Views/modifies file attributes
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-02 23:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 23:49
Reported
2024-06-03 00:07
Platform
win11-20240426-en
Max time kernel
1050s
Max time network
1043s
Command Line
Signatures
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\taskdl.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDAAF3.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDAAFA.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eebpfwqdkzhozd402 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\@[email protected] | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1230210488-3096403634-4129516247-1000\{4EA03D34-36E7-4E30-902C-1473B7524F3A} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1230210488-3096403634-4129516247-1000\{414EFE81-6924-463E-888B-3FFDC866B4E4} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\edge.png
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7ffd77023cb8,0x7ffd77023cc8,0x7ffd77023cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd77023cb8,0x7ffd77023cc8,0x7ffd77023cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,1239792889186340087,5655152254927368157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6808 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5372351151386624832,10351218933409755932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004C4
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Music\AddSwitch.vbs"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd77023cb8,0x7ffd77023cc8,0x7ffd77023cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6200 /prefetch:8
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 25431717372602.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "eebpfwqdkzhozd402" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "eebpfwqdkzhozd402" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,10535416435730676776,1027871563120041454,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2728 /prefetch:2
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\LimitGroup.vbe"
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| IE | 20.190.159.0:443 | login.microsoftonline.com | tcp |
| US | 3.214.243.177:443 | onlinepngtools.com | tcp |
| US | 3.214.243.177:443 | onlinepngtools.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 104.20.95.138:443 | secure.statcounter.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.95.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 45.33.23.183:80 | youareanidiot.com | tcp |
| US | 45.33.23.183:80 | youareanidiot.com | tcp |
| US | 45.33.23.183:80 | youareanidiot.com | tcp |
| US | 99.83.136.84:80 | www1.youareanidiot.com | tcp |
| DE | 185.53.178.30:80 | c.parkingcrew.net | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 18.245.173.78:80 | d38psrni17bvxu.cloudfront.net | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 99.83.136.84:80 | www1.youareanidiot.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rewards.bing.com | udp |
| US | 204.79.197.237:443 | rewards.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 104.21.95.69:443 | youareanidiot.cc | tcp |
| US | 104.21.95.69:443 | youareanidiot.cc | tcp |
| US | 8.8.8.8:53 | 69.95.21.104.in-addr.arpa | udp |
| GB | 184.25.204.57:443 | tcp | |
| US | 52.168.117.169:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 169.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 222.197.79.204.in-addr.arpa | udp |
| US | 216.239.38.181:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | 104.246.116.51.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.110.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:52640 | tcp | |
| FR | 163.172.25.118:22 | tcp | |
| AT | 86.59.21.38:443 | tcp | |
| DE | 217.79.179.177:9001 | tcp | |
| US | 8.8.8.8:53 | 177.179.79.217.in-addr.arpa | udp |
| CA | 75.157.141.153:9001 | tcp | |
| US | 8.8.8.8:53 | 153.141.157.75.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ffa07b9a59daf025c30d00d26391d66f |
| SHA1 | 382cb374cf0dda03fa67bd55288eeb588b9353da |
| SHA256 | 7052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb |
| SHA512 | 25a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8e1dd984856ef51f4512d3bf2c7aef54 |
| SHA1 | 81cb28f2153ec7ae0cbf79c04c1a445efedd125f |
| SHA256 | 34afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7 |
| SHA512 | d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d |
\??\pipe\LOCAL\crashpad_2968_YCFKXKNGQSJVTZIV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8c866f6897e73a926fb361e5b7291c4f |
| SHA1 | 3580c6d480dbe7c7e0ca17369d5f611283351159 |
| SHA256 | e0bdca2641b74573b62daec36ff752dc0b49ca120f10f33c7ee2975c576660a4 |
| SHA512 | 87b317ed743ae6f6855eb5a7c87691d45ae3b850c79ab71412d321bec3d4a20d565e827c6d1e48da57c37330de084569c1c6ec09079767fdba941089b2cf1811 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bc752e575a83e06ee774ea7f9788a8d5 |
| SHA1 | b8f22b922a4e57b42e3579ea58b15a787312f802 |
| SHA256 | 3d5badb44cc9c62d6f255e1206131769f3e2fc3225faed5e070514fa42efbecf |
| SHA512 | bfc131d0dec7928267ea8356c9565bbb34f4b3017cac81914234b16cd742c7cf70154fb1cb5d03df1a0842a45cbe8809aaf9446b412575e82c8494689cb2f5b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c77712dc923a5d4a1968960d70462d7c |
| SHA1 | 6ea842101dd7aabdb02910efff42c5641ea07046 |
| SHA256 | e42bb9e49c57d408466cc265f23d98de36f447962875e5e6b627bf9fc09358f9 |
| SHA512 | f077085715799c68a350efba8cb2bc7b0fcffd7a4c7c50e975843fdcd8b27b0bfbbbc01b8f3939bab034408faa84584c85d14724faba7e71cfa4efa49635108c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bb1c15e32eca2dad5e542562cc296d0f |
| SHA1 | 639dcfacf92854e89b8e06e4ab90bf2cc09c63b8 |
| SHA256 | 888ddee1a0e10e24d55961805a835817b330462e75f18cfab3a3992d6bc9b672 |
| SHA512 | 4111aed761e9d6e565723f6fbd13361568c12fe9dd383925eb1d577ace7c236c677e1d638eddf54a6b5740b66eda0ebfbf40eae2b5af26291c3259468df194cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4918238ba993e072bfe485b78d8df743 |
| SHA1 | 44449077cdcc704bea263820c2c9e244c23503ee |
| SHA256 | 955fed81b66ddf020ff8c0da7ea35671023d510b27ede220546b4915a20c0d88 |
| SHA512 | f18fdca36eb55923513fee7c9a7761f03e81c349fe72d2868a0202a1f85b30758d9a8bae506f16c5d633b4f0a98dca6a0241ccd985d88f2a3bc6547dc9c644ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | afcd094bab77406f649a15e37089f5c2 |
| SHA1 | 2f1021f36597fe7af2d8e7f7ccc350df470c5e3c |
| SHA256 | 460bc835b64b6005cf9564b641afad90ddb774e3647c91a80b601f840bf3bdd7 |
| SHA512 | 4f197157d2c59fd840f1d76351c34285a29e3e9436e0bb172a4de400df24264b77b28b56e27fad3e18f1c75c08443519505009229f35ea9b70985cfa36c14087 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3f1f8aac89fef376b0379dfdb51f0f5d |
| SHA1 | 100b5778db6b910bdf9289c64929ee3b826307d5 |
| SHA256 | dd9be07433175e982de60fe7dedd0f3c7625d5a6a00cb43b4ada6eb561d096bd |
| SHA512 | be50381e85f92b2338c3031fb1031f5170dc784f498d6ea8b128650a189b9d5b37cbd22f0a7ecc451957f07ae85fbf0e7ab7381c2d609c6678bcbc4fada1a658 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bab47b662205150293ab5f782f59e277 |
| SHA1 | 4bda1c2efd2fa7a8f0aab5b5bfab59f0e71fc93f |
| SHA256 | 1d5450cbd414acf89eb565c7a7d198535b6c4399bc978ccc84606cf563b2b251 |
| SHA512 | 9d8ac55426bb32845c559edc42299c78305e0dc706acce0e247c442b5bbf04ad0b468c394ede8111eff05681e5be76fd7d4552ddc3e5ee315c476bcd50fa6dae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a8a8474f25405a5588f6467888046215 |
| SHA1 | 23171594d3694f66cecac4459f704aea16fbac75 |
| SHA256 | 0f3b9f97515b4e8c6d038fa6672e2b83ca89ba94ebddcd9aeb2190a1d1854bfc |
| SHA512 | bccea9b3131e76df3388ff2475e026be93a488d76eef44d6c7d49b0fe63ffaed54dbe5076fce1f2aebe40b7502e57ab179a3e9d7324eaa0e9832ed47363cd02f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8a112defe65025d2442b7ecd1695f80d |
| SHA1 | 4be29ab6e22742e056b6c9cbb7e13aec0c7ae578 |
| SHA256 | c73217c069a5bb84b1fb265a2fde2d5b97126d19ea1186f56e5fdf13196e45f8 |
| SHA512 | cef06c5deb414224d067942e8c6d74f2ec944139945143a3c6059fa11136e382b8da0115815cf9392785751abfb5a49b2dc2f69d50875d69ce46f8a5b43985ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9f45d1d5cf28629372b7edc513dac600 |
| SHA1 | 88752e63de4a827686c7ea32d1bd15082e9e4272 |
| SHA256 | a8a62b7fd152c02dc408a2bff4637553c95adc073a09bf3630ee0776cbff73f0 |
| SHA512 | 5827d5d169b9422dbf74e22b88e3018e892d99dc1df8c46f4e3ba1ad0b050097f4cfc13418de8fedf0e5f0ea3721ea360c183c0dfec71223234faf7f10e2ad7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5fa03bf1d8c28b27f8561879951d2370 |
| SHA1 | 37f405387104f37329906bccd7a8b59f7c74d4f8 |
| SHA256 | 16345496adebae13e8805614b1509eeca8f3a2e8738046062559aabcd1d0498c |
| SHA512 | 856900f63860522ed0b239cac3b46c967f458306cb3eeceeaa106e3481169f59c2820f881960b8d50bf89cbf5810b9363dc8dae5b2cade5655aa710ed7872ea3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | aac57f6f587f163486628b8860aa3637 |
| SHA1 | b1b51e14672caae2361f0e2c54b72d1107cfce54 |
| SHA256 | 0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486 |
| SHA512 | 0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 6c8413dbb2b54b0d8d2c44902da2488b |
| SHA1 | d798aaff61a4dcf553c40705a2029497dda61d1a |
| SHA256 | fe8ffa9f7682f10f96899685ecb9bac43717904b88b54fd49dc0107f77f0096f |
| SHA512 | f5ed56a26aaae0093ed55deba827d02df775c1673cf3270a1ec6d5feef3a3c556523d1ef5535da4488f284b8a9ddf67682309748a769f0b39c96f06409030fdc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 3c6402ca667d5be25d0cf118502f6f41 |
| SHA1 | c57737bb7409d91579569d7cb1f21c8c5925c430 |
| SHA256 | 065c1d1d5d643ada11492f0b69c18d437cdef4bd9cc604af593cddbbc7dfbae4 |
| SHA512 | ac2fcbc9165343b6046b880623ccfc3ef50e43609f5432e41f477d8ab4142ae76eb82bbb27144f89053ec6196f87249085d7a31df25564c75be9a14ac58db464 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 9901c48297a339c554e405b4fefe7407 |
| SHA1 | 5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e |
| SHA256 | 9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2 |
| SHA512 | b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b23695cd-b622-430a-ae1d-6832dd6d91a9.tmp
| MD5 | 25135094c51ce485eb6190fbf95e24be |
| SHA1 | 4f238ec154a562073cd3cb45d36e251fa9fb8a7c |
| SHA256 | f349a84b8c2e6b61f1b856d0907c8f155a4a33ac367b2dfc5b1bdd177c93ef81 |
| SHA512 | 3b21ab2760daaea377ef86a9a1789dbbf5bd4f201cf717cf7bfecea0580f0c978cd3b33892ebc908a290656a707190465eb8ed2e6448229697a27038f1af9d16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a9154.TMP
| MD5 | 21a51b64634f2af7e3009ecc9390ba2f |
| SHA1 | a31adb3002f653e66aeb536b6d5bb63b808a04fb |
| SHA256 | d5ef63da917c610019a65ec233dbecd7ee910abd26cb63cb94f8f999ae2758df |
| SHA512 | f3ba2fb046cd095d530e7b6f4a9a07354c5491709ae4234e920d18227755a7cad5adf0c35cc6a9cb238518c3915872922b24ae5804bc7c6f0fc9230ccd602c19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0209e03caeaa9f71f932f2e822a80705 |
| SHA1 | c6a6b38139b33bd285cecec3147bc424d5ff0c1c |
| SHA256 | a767b3560c01dfd4eaa821fdc0a7bb2507c30e058706ec683d9d3bc560b9fa48 |
| SHA512 | bc46cd8430aec1dc91670e4adc4db869bdbf86ee80937e681c1b655ecb0b6f24b0ab32fc7d169d7ce8d3355de8b433e37ea5619243844469ef6b9513798644ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2c78c30d8f25b4155b4c674be5d38f1f |
| SHA1 | 5981d22678b89ad1cb2c21051125ef85074bd2b6 |
| SHA256 | 6922b94d526f8a6fc630079be92dde2d5f63b0e4955b449243bb1f591d48694e |
| SHA512 | cc7d71fd6b27ad311970abeee3b37e03d65fed7cbee42af1ff8e5bfe199c8f681c699a899d9f523cacf403c20b5cebac73ae9ad2f611659e52e90713b215c44b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e12b0c1f7c7e9fb2a71af5ff2012f884 |
| SHA1 | cb572fb80af4cf7316259cc65817c902b2da7c05 |
| SHA256 | 1b7d2f4329052a0a12558a691a06e17d539f22d00e7d77d746484ead22e174c5 |
| SHA512 | bb82eb7b0f2e9b9b698cce0433a0ba0495741bd63172c4f70141df0a3a5066a13d5e8ee78d5a33325b182488d0a7f23d5dd0b0d82d6d49487755d25ba4732a6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 917453355fe83eb1adaa2608f6ea662c |
| SHA1 | b1f80de0cc004c56a0357143a23f78aeee0a9b59 |
| SHA256 | 04d9926ccaa7799f231f8960925f9fa69fc735adf7b8be1e39d8627a776d6922 |
| SHA512 | 8fcb45969f8a0e58674ae200f47a7a435873e747b1d5d95c74265a20eff5200c74f0ede2587e81007c5f01011bfe243f5f5152751f5c01aaf263582ac37287fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 84a54daef87bff0e22996699794601dc |
| SHA1 | 8d26459dea38f5599aed046a82930679e033941c |
| SHA256 | 0c39811622e99f88a41adb00fcc105bf4fcd1b6e942f30b89c091e1dc0e7e9c4 |
| SHA512 | b855ada57fb87fb1a33c09fd7616821cd683c4eca15ae58e845703118a4246bd01af4e11521d1b62ce9459f3cfa086bdd7305d9e9336f4657bd5ac9d0f52af3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 96288eba8cbc42cb5b5cc818bb12de4c |
| SHA1 | a1ccb2f18daef1ecf5162484aed6611827be4aa4 |
| SHA256 | 3a8602ec0eb681cc6b2f8078754598f18d9198f35234c34a9d6127d2a037c7c3 |
| SHA512 | b670cbcaf4e73ff196141d3241ea0b5d9c70898ebeeb7e29776220fe6dd723f99decb4dba3b655722ca7097a3e4d12c40b5154debbe06221486b60c421af3b79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ae6671082bf8b52a7205281a79172ca5 |
| SHA1 | 5438d6ae3ecc930652133cd8a724049a059c027d |
| SHA256 | b2144fc16cda5178c8a7da36e15a75dc59e4af2be241b76ba4e9050229fadc6e |
| SHA512 | 6f7f259385c7d14fdff42f5d4a21d8df6d8489d4355f4375d5d1265c0479b532b7b9e54e94a8bc4f7a0c2ba7e11a7cb0b24df10d6accccdb195294be8e55ed59 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 903b2dd3b72f3ba48984ea9f53f97039 |
| SHA1 | 331538e1e1e106f012d33f2074c25c9f348d28cf |
| SHA256 | 154adefefd530304063928d4a1cbb7b44cd699115a0ae7859e36a2e0c23e9fa3 |
| SHA512 | 1c8b7802fe5475430466fb3f6933c4d3765e5b14006eb122b1bd5b7942341dc3f13a61efaf7e860c773135d3c8bcdaec037b0a8d3be2497cfefad99689fb5832 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 4ff14eeceb1330bb3f5fe6ec4358a0b7 |
| SHA1 | 1eec3e40875420a9669730a1220964fc9958b9a6 |
| SHA256 | 36864c230898a81a3eee4838f40fc324e812dcb12173d70a7ba9a726f7d20091 |
| SHA512 | 811c7195920b07cc34ca3195ef6780a08e155be0fcc8baa8c2ad84eb453405543d4ed6e5628fa1184db19fff6731dfc228d13d24ab07ece1af40bb641687da09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1832cd114f56d48ee23f1513c8625cdf |
| SHA1 | 2630208fd8e976cfc728ed63be2513b8fe883f34 |
| SHA256 | 51a30104d364850ce3011d58ddaccf22a865d3f3ea6b100a26ffd4a925f32bf0 |
| SHA512 | 93480cfd25dfbf7070de8daf4e19a919c8c2beef1a34baba5fe354ce5ccc4ca89ba9fec888465661f5ca31e5fc305538e6b44618377043ce2240883dd06f911c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4bfb377b36fa5a8f03a40ac6b76cfe3c |
| SHA1 | cbe30045da1ff0425117713292a006c059a6eb5b |
| SHA256 | 2401279b1c5aa7c27204887ccec72c9894b6cf1be1dd1dca43a283bc181e15b6 |
| SHA512 | 26153e8e2ab777ced9cd9bc8e2f2df6f78c2cd7f79ac63340e088e2a7e7898fa73f793903573f424f4550e9b02b6c2add36147971473c6fae49684e997b4095f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6baa2b429924a11235a846eb3430abfc |
| SHA1 | 7a6cb58a129f04422ca4569564d32f8b63ab5183 |
| SHA256 | 4b451ba144a30d8325fd625997a200c84307d84ae6d51149c3fc1f488f633c34 |
| SHA512 | 2148b55a95c2c4c0abf02b4f79c4ab37f870e5aff992f1644ad8627e5b7f1a89ca419a8d5399fa97bbf0f0036627d4fd4619c17e8a87a7b19ebfe86fa759f060 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | e91ba7113b9ee73bf73cfbf795374b4f |
| SHA1 | beef122500329c4babf0903b183e7ecc933a234a |
| SHA256 | 71d02f8625c90f7c9499fcbc6f2335fbacf9a5fdc58b475e0ffde696de5a9c98 |
| SHA512 | 7c7644a911b218d20300a51c288182312bf57e48c78faf1791c0f710451bd907721d64f3f6d26a0cac77fa7ed088b0bc084d272f4416299122adbec9896586e7 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 2b4dd1474237a4dc70e20f421915ac73 |
| SHA1 | d584be2833b590e89e2de69626463c89f6637baf |
| SHA256 | f3d1b90af58e98b943ee01c3ced5d13c6bdbc5f0c2eaeca9a204aff10c2d3b9d |
| SHA512 | f7b5470b68bc07270f01cd0032b61e60803406bb5f1fc06093dde8fc00ea7c309a9d1c467853c7af5521adf8bacc2257649a4c65d97023357950353707f31c1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | c424026b65aec0ee0df028027713c6a8 |
| SHA1 | 389f1534516e814f57398be93318943ca2a805d4 |
| SHA256 | 3ea26ca69d23bf94d344ec28bcc525d76faa9a62ed397df8b93cb87ffa5928aa |
| SHA512 | d6a0ef2fb6e72ac7ae2f0f8af07182987acaa07c25a1fa781065c5937f1ae052a7b3c4ebba1553cebe7ec5e4b2615991df017b0fb27b7124d467b08bbd91efa9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | 44a32a975efdfd036193ca1d18bdf41a |
| SHA1 | ad724d635f57f7ea24af0b93747e96ed3d90ffc0 |
| SHA256 | 1b6986631f231ffb85c91e1982351c70240d78aeda5ddf2b591476587ac9df40 |
| SHA512 | eed90a64869ae0c2f7407b2d8cf932cf81268fea4b0db590540c2a151c1016943b37db33a55f071ecf9cdb3d27e447795b89b101d7e38f44241637493e0c3eb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 4fd968604efc80f245916b808bd9d516 |
| SHA1 | 5afa14c1534d309341078e6bac4bc25b9168a15b |
| SHA256 | b111d4e91296597db2b2047dee22e06e5e009719ef01b347c7b2d7f8383f5a4e |
| SHA512 | 436045005ce21c4ce615934667e7b3cbad0f241671d1e5084f7e41367d71c63bc3281b56095ad65281cfb421b23d45e98ad5e492bf6fa62dd47d66bf24fb23de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 970759f926564aeaedaf6be79a8c411e |
| SHA1 | 5d7ff356d420d88b7816e3538a0488ce30fdad25 |
| SHA256 | efeb3d7a7d621b02e3baf124d324b8d6d4cc27c398613258cb6174975a6343fc |
| SHA512 | c9c106a0f3979bf6c5af8815c8ec7c505d9e0a3ff552bf3314eff0e6b8e9d6233a056501af4b7f558a4a023982e7310d30f90190e349394c181535fa5ef0afd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
| MD5 | 818985dba85970a669c6d3cd97748db4 |
| SHA1 | 6a0d700ff4af0593d3cf1a8f3adcc19aadc7a5cb |
| SHA256 | 9b81864eded544c0cc8ed3ea2c75a666ac72b84eb7748eb174b1136d84f8a3dc |
| SHA512 | 425e435b424045023695e92d88564cbe166f60f51c2d5e8c35df1fcb1fac7b926dccc90243e160d7a28e94a408728b788048569c68e39bd6459ab312e92f22d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | fc9d6864cec3bb2b7518fcb421fd6d7d |
| SHA1 | d622133c59de58ccf1100d20053509c3b3917126 |
| SHA256 | e1224f6da8c0b0f614103946aea5cc83dc0232e793b1433d8a5af31e3010ab4d |
| SHA512 | fe8a2d6a9b22b39c1d65bb7bca66888b5f3836e624aa0cdce847be2335f792c9bd67d8c2a9752cf0b29ec3864506eca84a47401db527268c1bfc4da4f4dcd8d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | cc4a8cff19abf3dd35d63cff1503aa5f |
| SHA1 | 52af41b0d9c78afcc8e308db846c2b52a636be38 |
| SHA256 | cc5dacf370f324b77b50dddf5d995fd3c7b7a587cb2f55ac9f24c929d0cd531a |
| SHA512 | 0e9559cda992aa2174a7465745884f73b96755008384d21a0685941acf099c89c8203b13551de72a87b8e23cdaae3fa513bc700b38e1bf3b9026955d97920320 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 8ecc9765883f851b1c979d8063f859a0 |
| SHA1 | a97fddf4a1e8b5d8795593aa720fda4947036d88 |
| SHA256 | 07d9e4e8d8651c5915f6af02bb08d93419650a4258295c9f947e5b1977c4d9f5 |
| SHA512 | 70ce3e11cd04e2db327634d82e641a93bbd6b9a69a0ef06df614ac90c76c9f03bab8584267ac1d5f898cf85e5b3349160a65b027723cf1877fb0349f42f9cfa7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | cbc17bb48b28c8d0752a359e46e926d6 |
| SHA1 | c9b5abde39d0eb13d64225faf38e43c6dcf7f542 |
| SHA256 | 5cb50a22d12ce65995c55f6a490ae995ac850cbf8caac58540f01ce8db40c19b |
| SHA512 | f1cb51a1ca1ab0d19633ef07879e5f58dc1394168c3003bcdbedbc5968a9bd45e53cfc48a35951dbc9b15e62c40f64e5cde8add60784e70d17d5d5acc059e89b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a4957c480e702b25e4c6a0225f30dcc8 |
| SHA1 | c061a8a2506679f84f2886137ee63a24db34e894 |
| SHA256 | 8afeca992b285a317b827c9a9a418980a794f94b2a4d10530cc3def9558e984a |
| SHA512 | dc69816df0ce83fa7d32a5ab7d6539ef1c81bbb00a8feff406753d79108e4a02b148409ea884d94a81b573400e5e9aaa8df3e71514711c5e0b3ba3ca1dc59ef7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | e85556c82008318c1f7d288f2b2167f7 |
| SHA1 | b4b280fa15aad124f28f6e7d2902db41e78121f9 |
| SHA256 | 4ca51b7101421b7c9ec944b5baf320a6c3af9f89349b5a55c6de2a7999c51914 |
| SHA512 | c1d4d392ed95965539236c363f85c86405f2aa684321606005ffbb37f5f3e725a27f10b7b6c4f4602ee8fb4d555eb9ffb8b0be1e3274f7096b04c281911d6a4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 79a74df83cdc55cae3713565e3589b41 |
| SHA1 | c8a155f6040a5b91a793ef5b696f2d702cee4cde |
| SHA256 | 4aa830533aa2fbaed46bf1cfd03f1d3448d920bab676d113b9d370965508d3bc |
| SHA512 | 79156d49cef5087b00c7eb034ad100a64f01b0b8cd1ef00015e64e0acddd19200580c22604673900bea6216ede2ef8608037af8a8ab0554e80479d8ac26845ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 94314a62531e605c9a365a7ad05bc6d4 |
| SHA1 | 4435991ccbb9e92af7977854cbbcc76de43b80b5 |
| SHA256 | 786c7700a2332979dbc91780fe71e74d61790f1234160609d541999a7064c6d6 |
| SHA512 | 887781749de7132b1bf4d6b16a7d95ed911b4a95c3446bbc759c01b052ce7288bd2b6b59f70946b139c46e6d1a14e886c7e819d184bb1937471b610466d88d30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | 491850d2861bab8ba3a50f5e858c83d9 |
| SHA1 | 9a8ed1b5111ab54d525b0b70ade472949b8d595d |
| SHA256 | bced051b0f8f3664527ed67dfe71b927d75e2e725624a5042f0be5e1f4821fe8 |
| SHA512 | 4330f2fd4df163cc638559b7587c1efa45f5da7fad8fbd020a9b56c16ddedbac70feb2d2c4f33a37b7a11fa222e35ff500483176a33d7d247aab8ed91789845a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 4cf9163697c74db7d2dc2a66a20e8ccd |
| SHA1 | c13633404b29026df29a62e0a32c5e157ed2ff08 |
| SHA256 | a0d0cc866ca380970b04d88934de44dc24fa23c52b00cf8933531e7ee3fbdb07 |
| SHA512 | 764f10a810f45a88bae57e00a20a487bfb25f40b963765f0e032e387f1240667c29bcc4aa4caf659364f2adea23ff4d775784cf9de75d7b72dba6c69d7536d6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13361845848306777
| MD5 | f2956e5f1808e4bb9ba0ce0b324055a0 |
| SHA1 | 3cd826685648cdc0217426273eca485dd6e2e656 |
| SHA256 | a24d6f407e0b75666314f00900a8cd061e616901562e46ca9243fe8914159abe |
| SHA512 | e80808efb55e0104eddc5fadb8c71f1af441e7616608fac682f105bff52e050588568a1c4390c48774d2c4d01bea8391236417705cbcdc422049997f3eae23e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 5cd56ada6d797260381ad9e9b6fd1c70 |
| SHA1 | 084e68284fab63ff61070bd41999a05bd8b13d2e |
| SHA256 | cdd1a46e3cd2a818a83ab11cd2d0b215e8736d07d8e4c8cbbffbe3cc9c82ddf9 |
| SHA512 | 564cf68caf6ef867d02874855be0d313ee8eb115ab87c713a44bc672a4b5457b986ca8b3403bb3e9141e00178255dab0f177021a32a1bc046ebc7fc3c7031205 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 3a443b5992d94ee9ca103fe9fc4ad82d |
| SHA1 | f97b1fcfc5ae8ebe204a137338615618b0b27f43 |
| SHA256 | 0eb927f271bbc40cd407300db7b87a19b2f49b47736e8b4450fe856b41749ddc |
| SHA512 | 0cc8e1e6cc370962248c1b0d8509c48d17443eb64a5795ce1269f5ad0d15a0be3036d651e2b641aff648e6bcf0644d91b4bdecb50ffdfdad6a8ed976b929e465 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | cd8f7e254022a9db8a7ba1238772a938 |
| SHA1 | cf70739174c1f693aa940958a993d350406f65e0 |
| SHA256 | b910133095ee5d762d2dbff3c8d0b0a88c4a90b37e8728b20389a6f019e5bc10 |
| SHA512 | 1f95c6ffdabc81976b3118626914e903eb2c007b44283b6320287b4fe50a7604b71e08077bbffa2a7ba72e75301d1236dcf5b56cdfb062df8da15c01bf9bf7f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 6c1e1e27be9ea040dabd8ec896142af0 |
| SHA1 | 668df563b129f1753cc71fc08e5b24248c60cda6 |
| SHA256 | ff28cac023fca180a5c49ca1b018f1b50d61a838439622e5d8b5fcaf0f55753b |
| SHA512 | 8b792fd5075be11bff3098ea1378e9d6674bb7694dfacc6fddc11fc404d9d38d86cb984a8c32611c1624879d185a2b7c197af68c53ba7995bd470d935eeb0fcc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 89717296f03f823b359fafbe2c105a8f |
| SHA1 | 66f660d0a0b66fdd50d072d8cb9cd0612cd834ea |
| SHA256 | 4c712779cfeddd2083d7a1b6ce0584a6c4b0d6e7cc594accbced4d36f361f59a |
| SHA512 | b811530cd3d5b0f2bd3f4f0fff48c88d6f4b0a6e927559ffe621651ce908ec6b0d29fb156f8fa14f4f93b5a7ed6c99d0dfda99820f4959e8861efa075922bf1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f7f27d432ac96effdc08f69c210beb7f |
| SHA1 | 8d70d21482fc08930fbda9933bac868aff60bbb4 |
| SHA256 | e65d03a8e50599c532a418b360e77465cddd3554ec7bd2dd80cb7bdbcd7931a2 |
| SHA512 | 4b8d726f347ec5b3a78c90c65e7141cf61a6f7c870f1b6b118e72392c3a4b26735c12a0f3499dc6f539a212cd6852a69e4c08381b4d1f701d70b2e96425daee7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fc3581e398480e3c54588d720ffe1fbb |
| SHA1 | d538548fbfb0f780f87f6105585cdd029467a99e |
| SHA256 | e73a749701e6aaac27b54fe9d31716ab54498e835aa532281ba67777cf963386 |
| SHA512 | fb074a967d3b6383419b8e86032bbcc0d78d39ee39e8b25334188e2b2a713b454dd8d26aa8d16697c436331131fb9ffc9db9368c70396f07860b3b6585780af5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bbb09bf8ad0468d436886dda70658374 |
| SHA1 | 7984fe1fd4b6ac439dcc18a16586f557cb0088b8 |
| SHA256 | 541dcb31e5c7d11b118d2c83571e2d67e6c6c48e106a0c3f28b5376dbbcb1a7b |
| SHA512 | cf0ba3a82abd6ab25ac26c4347c1fad43d30d52ee5d5700abe563a71df741a76cee5e572e1fb14afa9545e9bf646acc428b160a69e5f74a401d346fa462d1981 |
C:\Users\Admin\Downloads\WannaCry.EXE
| MD5 | 84c82835a5d21bbcf75a61706d8ab549 |
| SHA1 | 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467 |
| SHA256 | ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa |
| SHA512 | 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 26cb3a03382b4bd6af30b5c61c5505ba |
| SHA1 | 246d0f1064543f6273d1df949d4ded0fbd7fdd92 |
| SHA256 | 573a1b78d074aec95a5c7a51842447efc4da8c13b0a91fb1adb65dcbc0330118 |
| SHA512 | 1935ea8b8116f77c7ba7458cd3d6f2afbc535eb93a94f97da4e344e1ebc194c0a4913e11461509a817a7008db6d2d162ec61608c51c2e777e720483c9370bb2a |
C:\Users\Admin\Downloads\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/2240-1350-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\Downloads\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Downloads\@[email protected]
| MD5 | f97d2e6f8d820dbd3b66f21137de4f09 |
| SHA1 | 596799b75b5d60aa9cd45646f68e9c0bd06df252 |
| SHA256 | 0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a |
| SHA512 | efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0 |
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
| MD5 | a04b5005cf699c1c71e41ddc7ca3256c |
| SHA1 | f77630b6297169fa6ec580d6c37090441362fb03 |
| SHA256 | 37dc64391d4358438b6ca16b052a316805e188192347cd7c409e8d71afffce25 |
| SHA512 | fd425c7f79ec302a5eca77940fd75c72c4314504f23cc4e306b94eca30336b4b4f5a29a2f7694edec7ce571ceb5ee2ab894810a29058c3e5700c9adc8b19937e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7760538b85874fbc18c76de636184a97 |
| SHA1 | 58d15f73e6eb0be0934af139a0ae69b06b8cba79 |
| SHA256 | e8b9881881a73083160cd4f14de917291ece24972e79ec65004b53aab2a2166e |
| SHA512 | e621ea10c49048fac672a795db77501a323968947a5777352297e73a4bca904115cc0526858eec83bc585e820f89474b072e3f1538ea5c6ae054e5e3e641e141 |
C:\Users\Default\Desktop\@[email protected]
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/3556-2741-0x0000000000040000-0x000000000033E000-memory.dmp
memory/3556-2738-0x0000000073470000-0x000000007368C000-memory.dmp
memory/3556-2740-0x00000000733C0000-0x00000000733E2000-memory.dmp
memory/3556-2739-0x00000000736B0000-0x0000000073732000-memory.dmp
memory/3556-2737-0x0000000073740000-0x00000000737C2000-memory.dmp
memory/3556-2769-0x00000000733F0000-0x0000000073467000-memory.dmp
memory/3556-2770-0x00000000733C0000-0x00000000733E2000-memory.dmp
memory/3556-2768-0x0000000073470000-0x000000007368C000-memory.dmp
memory/3556-2767-0x00000000736B0000-0x0000000073732000-memory.dmp
memory/3556-2766-0x0000000073690000-0x00000000736AC000-memory.dmp
memory/3556-2765-0x0000000073740000-0x00000000737C2000-memory.dmp
memory/3556-2764-0x0000000000040000-0x000000000033E000-memory.dmp
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | bb68e9b6020a379f0fbd9d89907fb6f1 |
| SHA1 | 61600ef53e07bd06de0c2ed826beac13fafc3706 |
| SHA256 | 53083168ba7fada0726f7e19c3af96b45dda8683632284d225c8ba3a1777938e |
| SHA512 | 212ecad0409856777aeaa3e9cb6513f49ff491055d29fb0ab55aa08fb0b2ac05ca6a8c2438302b2e804123584d4834e88cd77d0a5dc12b3f9b2b5775e1e16086 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | add2500dc667add6bd59b75f6730d19a |
| SHA1 | 2fc8a9301915cc2a2a9eb60e7b0bce412e55912d |
| SHA256 | 06554249791c55b975a57b364a27956bce9e7ef7af0de34f1286b76f1533eb59 |
| SHA512 | 6562676c0e88612812dcb6de0d889f6f49a7fecf0c1fb8f56b920d2040358e6d9790570dcfd2342a7104cd6f02d327b8fbf894d92fd4f50646c5037f9e9aa4ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 29f1a345d6dc62c55761861f63d0d375 |
| SHA1 | e9225c20aec7d32e1b0966cde9c8852ab7331086 |
| SHA256 | 7ca657a4546f3f7f48fc1e15aa8c04124fe8dc2a42d68b440afe2b9701f51f66 |
| SHA512 | e7143435ad3ab6d1fc5a8a697ce3d6a942cc05ea2d076361fbb9d5ded8d44a3abb4b3628f0be73ba6e0f6280959ba59b727abe158423e63d0e0f50c7bf9ecbee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c44b331ae03a626633610657af7d6073 |
| SHA1 | 6c4fdaa74def92c7268caa4d98491b36899ddb96 |
| SHA256 | 3f788bb368e7c4be0131f75881c35de7944b51f4c50321c32affc519445a32df |
| SHA512 | 4f454719aab0656bde43cdd86c818c25dd8a8f83464a36e34ce07ae7a4e4ece744c946e9d8a47e85c2794b4364d9a89f108a3fb16edef91c2287bddd526c7e02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fedde9313456b98c8a3d376a2b38192e |
| SHA1 | 5a7f7a9884a38d565fc049c028dcb1faea2d7333 |
| SHA256 | 24e41eb033535ef7f84c0cf6f6b063a5eec9a106441b7ce96d8184d58583eef0 |
| SHA512 | 41242d622362c1e4451a1e9a0103a14fb088efc483cab80909eec010bed8606bb03c5678288714ae18199da29fdfd14b12ffa3074e943b98cc0157b792e33853 |
memory/3556-2820-0x0000000000040000-0x000000000033E000-memory.dmp
memory/3556-2827-0x0000000000040000-0x000000000033E000-memory.dmp
memory/3556-2838-0x0000000000040000-0x000000000033E000-memory.dmp
memory/3556-2842-0x0000000073470000-0x000000007368C000-memory.dmp
memory/3556-2851-0x0000000000040000-0x000000000033E000-memory.dmp
memory/3556-2897-0x0000000000040000-0x000000000033E000-memory.dmp
memory/3556-2907-0x0000000000040000-0x000000000033E000-memory.dmp
memory/3556-2911-0x0000000073470000-0x000000007368C000-memory.dmp
memory/3556-2923-0x0000000000040000-0x000000000033E000-memory.dmp