Analysis Overview
Threat Level: Known bad
The file https://github.com/Endermanch/MalwareDatabase was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Executes dropped EXE
Loads dropped DLL
Drops startup file
Modifies file permissions
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Sets desktop wallpaper using registry
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Uses Volume Shadow Copy service COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Modifies registry class
Enumerates system info in registry
Modifies registry key
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-05 11:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-05 11:12
Reported
2024-07-05 11:17
Platform
win10v2004-20240704-en
Max time kernel
217s
Max time network
218s
Command Line
Signatures
Wannacry
Deletes shadow copies
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDE06B.tmp | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected] | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDE081.tmp | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected] | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vttubpigefotq647 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_WannaCrypt0r.zip\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Desktop\@[email protected] | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\2229298842\4230496724.pri | C:\Windows\system32\LogonUI.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "217" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-661257284-3186977026-4220467887-1000\{2DF0C498-1294-4EC8-BF87-0CC99D538029} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-661257284-3186977026-4220467887-1000\{0C608DEB-C9EE-433A-94B1-031D7BE30813} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected] | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3948,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3920,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=1316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4920,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4156,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5544,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6048,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5040,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=5064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5912,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=6544,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6556,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=5900,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=6856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=7008,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=6996 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.87 --initial-client-data=0x238,0x23c,0x240,0x234,0x264,0x7fff76a60148,0x7fff76a60154,0x7fff76a60160
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2296,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1896,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=2328 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2460,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=2484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4304,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=4464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4304,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=4464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4740,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=4800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=4828,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=4704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5140,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5564,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5608,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5712,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=5820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5552,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6472,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=6476,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=6548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5624,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=6480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=6112,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=6940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=6324,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=6432 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3656,i,18433601014114598765,11922182813881750513,262144 --variations-seed-version --mojo-platform-channel-handle=6248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.87 --initial-client-data=0x238,0x23c,0x240,0x234,0x258,0x7fff76a60148,0x7fff76a60154,0x7fff76a60160
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2000,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=1992 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1880,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=2100 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2432,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=2532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4332,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4332,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected]"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 252871720178172.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Users\Admin\Desktop\@[email protected]
"C:\Users\Admin\Desktop\@[email protected]"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4752,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=4812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5112,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1620,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=560,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=5548,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5572,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5632,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5656,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5624,i,14493138243946190665,14661957903921321805,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "vttubpigefotq647" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "vttubpigefotq647" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\tasksche.exe\"" /f
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3925055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 184.25.193.234:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 92.123.140.42:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.57.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.193.25.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 184.28.176.49:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 49.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| GB | 184.28.176.10:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 10.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | dl-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| GB | 184.28.176.106:443 | www.bing.com | tcp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | 106.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 92.123.142.200:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 200.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 184.28.176.106:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 184.25.193.234:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| GB | 184.28.176.114:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 114.176.28.184.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:51953 | tcp | |
| UA | 78.24.75.53:9001 | tcp | |
| NL | 194.109.206.212:443 | tcp | |
| FR | 37.187.7.74:443 | tcp | |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.253.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| UA | 5.34.183.205:443 | tcp | |
| AT | 86.59.21.38:443 | tcp | |
| AT | 78.142.142.246:443 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp |
Files
\??\pipe\crashpad_4044_EOVBGQHDLKGHOBMD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b5a6308aae6d909b0afd133892d4baa9 |
| SHA1 | bb0d35678c29e1aad03b14862d1158fa5cdf7f38 |
| SHA256 | 85575c90ec72552eede6b297221a8ca7c11d3bd60480fdeeedfb6c37420ed1c6 |
| SHA512 | bf23afe587f6f5456c9e1b2f17d8619af8e119c47aacab44c56d91df5f70ad90f4c9ac5e1423610f5cd9582552900d2ca9534753b576f6e2c148ae0ad4dd3574 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | 9aeebc21d89fcf316436b9f87d57a061 |
| SHA1 | 8c3531aefb4632a527d30a9b8fe6725458d3d76c |
| SHA256 | f88de31b57740bf096749d60bd9c2cdae043585158afdd037a1f5e7fb0da833e |
| SHA512 | 6332226e785ecbfa92f93db09127adf2109f633d5007e0902401926b09fc2aa4b5db49aea2756bdbf9656a40419f24f022a68789cd10894ada4140fbc3f02ebf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 75eedee0412946b856814bb73cc58c9c |
| SHA1 | 47129a93768db919b8eb42e5e6b53f623da02311 |
| SHA256 | 37ba82ed6c8e447e89e14c9fcc5c4f9e047b2f6b23f0867063ae95b2c5ea7f3d |
| SHA512 | 2c768d76878467f12096eae85cac061c7c736f85fbc869d2f46bef035ef1872179a187eed93a807653116dd007ab4ff534732642588b7c9848583ad82efa44f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9ed2da9cca174612ebaf00c71e96347f |
| SHA1 | f16d99324147705ebe99c825ebd7868f89514456 |
| SHA256 | bb9d7a3e07aed6b538cae252509a1c6456fdd82dda729cdd30bda149d4eda080 |
| SHA512 | 97da700f736c1c7423d0cffc96ec5a2b63c8d6dbdd3ad6c91c1f7c9984b87d536729a8cbeda5064bf03514529e2923c3d1e8c1f34ba32ec5ac54dc8859c63abe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9f1bf67911b927f83c14d4fa76eeaa82 |
| SHA1 | 8808937aa1f06640c328f2955563894671c1db4e |
| SHA256 | 0f08bbff5185685269fc141927959939694306ca1c8784a61847f183fb887cc9 |
| SHA512 | 5608f4adf67cc35bd5220a1cd37964fe68ad6835d1690573f8d4911ca1833b34672d335e372dc237ad7d6102dacef3d16793eefa81e80eeda76f4e06cd09721e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | a0281835698b8c30edd55a417de122b0 |
| SHA1 | 952b60b2857aaa2feaacc0ee7d64b90494d4d124 |
| SHA256 | 4174a385348dbe9ca73a40ea917b220f2c5bbbf524bdd4defa7bff9d1e51692e |
| SHA512 | d3f8f0ef5bc354eeb5760e22bd693c55fac4857bc3339b944e14874dced7262eed8e6b5b189156e79bb52ef0fe201400fc5b1b5af5a34099d2012acf00134c7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fa6d4cbb4cb77075019acb264b2135f3 |
| SHA1 | fef901ba514a6faae1d58dfc3232381fa8fcaa50 |
| SHA256 | a2be24c9cc42946baeec358b200d35108119e66fea403c6c410375a0042d1a5c |
| SHA512 | 3f8fea2395d35131a7b8e5eb78f00743030612a5fa2816920ec3b9ec67e25c9bf4d5602475b1e863eb7ad3c8ce29eae84871ecfa0f40dd52ff4ee7b40f494ae1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_
| MD5 | b75206bdb15e6b70d0eea1d4358aed01 |
| SHA1 | e627ea8e46ed38393f61d9e5d7daf5795c3ae668 |
| SHA256 | a10c6a8d65fc1d5dc1ea74fd7bc6559932b6fdd8f7fb7f6fd34d5f43c43a117b |
| SHA512 | cc0ffebe2373032bb2e94fddabfe03463534a7cccc97df6ba65a4935d2d9aefaa385ed7d9c3a530a2d5e6177cebcd89f425d4b29f42b16621d650086952270f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
| MD5 | b6f7a6b03164d4bf8e3531a5cf721d30 |
| SHA1 | a2134120d4712c7c629cdceef9de6d6e48ca13fa |
| SHA256 | 3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39 |
| SHA512 | 4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | fcb359434556beb2d3bdcde17ff39801 |
| SHA1 | 098c7efa32e61feaf4aaf07774495fa7d5298d26 |
| SHA256 | 3120f3708ffa4933c5972aca8c442295a1221164d50c5e1998e7a41a294be8ed |
| SHA512 | 231d1719ff259efdcff086becf324828bdf486b1667734338847f810a5f18512699c6b267113a374434bff1d6e67786ac2686dc24f1f0afb4f578ca57d0bd83c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8409a850908ed58ae96361a53582d54c |
| SHA1 | d01944d09b84fd407f2f6f0e58a5f62519c4951d |
| SHA256 | 8f243d83a3dd7ec1744af9fac2ed19ef80aff85c596b5de924a12dbbaa468da1 |
| SHA512 | 951ba205266d44fc096c15e7c3edbd9edb2ef38ab0e4734fe0e6121673e1abd7e08fb53fd7cf83d7399812d6f7b2e2d1c13ce2ab74183f4109d79bb5a513b2db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eaa3b58ea0536e23a369d5c0d3e55122 |
| SHA1 | 0176f9765eccaf169b787559849a05d0906a208b |
| SHA256 | b7e6b3c44ed6867a953c0bcc9c709793b08c250a370e1594b2ba875c95208d02 |
| SHA512 | 39a2c090ce93324aa7e01e7f30775d6fc9e22febb07913f0ab380a1b61cc9f29c9ac2c48774ff543060d8d85085716aa1fa50b246808abb15fa48ae5052f1b99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 12eb7860763e7d43705f3f57fdc9c715 |
| SHA1 | a9a23a51b30f284012467f28d129885a6a00aa40 |
| SHA256 | 97598088476760d4b1d418f821c1469b7e6a6c0c5bbca5de814e5bff5305b0d0 |
| SHA512 | a95024ac8017e16f74833b44195bdc7ae8729ef5e829f1c1dab76269db94c84d62e9aa06a5b9bef43954274b3d4a2799fcbbd3c08eeeb832bb1a9c4498a7719d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 65b604514626be8e388b8fcc064c36a1 |
| SHA1 | 3aee93fea5ee71dca002c89a0b5ec6c56281777c |
| SHA256 | 76f7282db86332566cd230e3d223cb22b15ed32b1b46fdedb7084877f565e4be |
| SHA512 | 4042557c7cb219425ef39a4d9e220243e217c01431658ede226e788504f8d759c83967dd4763fdc73139811f2f75b1efc91fda9f172ade850ae63f00da4f9268 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fc5032d82697f4fd2573e7edfb369ac0 |
| SHA1 | 65c8493166caa71b384a51d3fd9821764e83496a |
| SHA256 | 76be5f5460d6b0a790c59d54c3bc2c54d045aef23253f7a213ed72c29b702bdd |
| SHA512 | 898680d26cacdd51be6b59ba641b1d8faa3061a08c4baa2de682bb0b553cba0e81c3c94fac6afdfb89b447f7347f795be8f72f4d8512b636625a41b4eb804d98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | a3f7dd3dbea8d2433c48367396c38a14 |
| SHA1 | 8f9aac525d0d3403cf027f557ee149892995b382 |
| SHA256 | 9ce49246a25beb656a01ac5452a1ae800753eb3d45518e2083f01e025a11c886 |
| SHA512 | d799fce51dd59f0a8f77207796484c5e62e4b59ff5a378da3385b6dace925a45bde08363dd71e015aed956b2807f0103675e806c9019cf944c46772c6ef18450 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | c988d152593a0c7945af35f46c277887 |
| SHA1 | ffeb268edecd02a604d50e93af6c04206b4f492f |
| SHA256 | 167243bd70687857df0e608aae6bd22ca074c6761fcc6eddf27224f9c95d28ed |
| SHA512 | 6977dd91485435c8d6517c40b33b345bc93a9bd63d87c5b9c2734d3d7be18f906ce549542d34e8939ea938c00bb15842f3f3ebc48ef5c7476578a3ad235ca708 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1
| MD5 | 0c94fa254de01ba540f6236632f7f676 |
| SHA1 | 5106e5f996f945888fa1ce933eefa7f5619ff11d |
| SHA256 | 1da24fa8efdf1d72aa560d43281e0fada548e11c583508675ae20ce2b9a0526b |
| SHA512 | b8cbcb073280973780f20ac796795e6cbed1a468f0895755cd374d3ed1dff96c26f2f213c55b561887c8cfd3061502d0b9c49778113850921b26cee6420e9c32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 82ce47822609bd05d42b4384c1d1cf41 |
| SHA1 | 4e10f07650d559c85c5daf939b545c8c14991a79 |
| SHA256 | d06634eb76ccbd67eb252ab3846e0ccf28ba98ea6c51a94ea05807278341fc14 |
| SHA512 | 2636dd91d83d155a4f14f880ed58f2f7ad421a83c22a825767cb25f2a40189442dc2a4e55aab5cf11a691764cc6afcc0451305a6226d2596bdc256e94a1efb91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | da00cc91c3c178abab41ecfdf1309eb0 |
| SHA1 | 576211a83132ecdc2dce3173bb23be92a8e499c8 |
| SHA256 | 2fb6f37cdba68043a23ba9d83d99a053e3fa4608f22e8bb0d91a597a2cacb6de |
| SHA512 | f05c426ef44de4c1de5790e73c3b60a221f3ade3e06226677aa97a1c4bb88dd8a9b0bd26b7b3d059e33f05ff9e7f10601557948a1d3762ecbb00df29a80143c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | 0a2e34e0093c31d6a09a4bc7f92fb6c4 |
| SHA1 | 212c8d3a8f50a9f4e3daafc9667c7a20dd0b9aab |
| SHA256 | ab78d897569373a2959de1b876e6e037bf2a8d2010e52402c62010123afe38b0 |
| SHA512 | f2a2fb5e32f7ceeb6525d7e926c63bd7637deb0a40cede4f27e9931b68d0a73d7dd35ae5029b5ea7e1811656d52dc9e759b7b42ce29223acb904aa44fb72a619 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | e44e3b349871a63bcf9eed9aa687dd87 |
| SHA1 | 1a5acd400c59f707bed1b59d7d6a4055376905c4 |
| SHA256 | 635c3463f756d80b26219721af4b00a6a8f4eb1a9046513125cf1f2270df60dd |
| SHA512 | 3fc781c73d004638ab3702add2e1226e8872ba9587dcd686914895a195f3e9d7b5175cc1ddb16876658da9e55a7bfc84fe87f902e2c66ac17d1e3b5e19de6056 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 3a90703ada217fa8c048c1ab8542dc82 |
| SHA1 | ea8f73eee5fa0ed6e2d43c1c03aacaca86c031c5 |
| SHA256 | 184c6e96d4451c7d84127aa146a9e0b1c3c81127e83620579fbba19449c758cd |
| SHA512 | 94f24e3a1aea6f791b42fe567487631ede31be9e66578b6803308faf59266a82f8f159472dff3a19bf39480c4e3a1200854c8bf9564b02dfcb8603e5a88adaae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | a96ab0cf0131aeb963bb9adf2245d1d6 |
| SHA1 | 61d0f8f538407dbb94c34d273ecb4e572fc624ae |
| SHA256 | ddc11bbe87005eaa2db418a8130c25482a3da4ee0eb4af91cfbfdd371a62ef78 |
| SHA512 | 962a711cf495b3f495b304521a8432abbca69b0b1f57f1897ec0d3cd4f9cd582aeba224567da192d2d371805169a16841a16136f3da3893e94ae3476039b6c50 |
C:\Users\Admin\AppData\Local\Temp\cv_debug.log
| MD5 | f2671c887cb6b76672eece8bf9b84102 |
| SHA1 | a8e5bdbc868315ade174c1d26492e86beb628275 |
| SHA256 | 12522fa78a8c54eb8b65b4ae67453eebdab1ec2258b1e4151eec29382346518a |
| SHA512 | 5fa83a6633067cb19b6ee95a0ceff6a3c87bdc22cab3f10cc221edb57295ca021d2e36cce6936f8dfd18b88110d6196696d062cbedd75019091444bb5c4d1edf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
| MD5 | a397e5983d4a1619e36143b4d804b870 |
| SHA1 | aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4 |
| SHA256 | 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4 |
| SHA512 | 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase
| MD5 | 0022e7c22fb5ab43648bb06c71f3b200 |
| SHA1 | d5dfb0240b230cc0d3d48572ea4840ca18d2f0bd |
| SHA256 | dba5b139091e12072bc11850db99153838055e207af65239f75da2f07768ec19 |
| SHA512 | d34f8b820246dd54ef1aad14099e6414b373607f126f5ba0299b514df964fbde0aabb9c41764c5f71f016e927fd6b6638aec3148bb37fc3b0a954f979bfa3323 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000007.log
| MD5 | 17a3b5d17d63462bfb0abecead1d16fd |
| SHA1 | 8a24f1631588a2c8ef414d64c3afc24cd899b977 |
| SHA256 | 605bb8304f914f0cface8889ec2803d44393f3f4d3567a5e6381279b0d9fa087 |
| SHA512 | 3148795298f2197a90ed184c4ab231bd77e52f5204b5dedf4d5e34faa5fe4df6ebf92c298a30f20a7ca71a03426c5342133231477ccefb9571e9043daba3a908 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001
| MD5 | 4c454dc816063e7c565d2ca0ec37fd54 |
| SHA1 | bd5b87344b299da254917c9541a4b072b8afdbfd |
| SHA256 | 969429947a548a291101cd170d8100aa69b75e82c935a77ad705bb14c7ec9f90 |
| SHA512 | ad89ae2cdcd98f39f893a956235d9ee9202ed48d99f93da0c58dbdcbf73cd611cbca334d66c14a86dd4456676c69a356335dc587d792c7eaf8b9a19e8855c71b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG
| MD5 | 763dde077bfc9b08f21307ef4ef05c42 |
| SHA1 | a41e52edaa3c3741106aad4644c2639e020d5600 |
| SHA256 | be2fd27f6d4e839198c518b676a60cddc2c480354ac5c51ef6c6b19c73a5d412 |
| SHA512 | 9beaa836726cc6a8a0617496fa3cf730aa7f41ab13ed484a0fda11a3b2628a6285fd85c8c0e478f2e92648aaaeef0045ddf90f56ae771ac680483b23c52a7728 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma
| MD5 | cfab81b800edabacbf6cb61aa78d5258 |
| SHA1 | 2730d4da1be7238d701dc84eb708a064b8d1cf27 |
| SHA256 | 452a5479b9a2e03612576c30d30e6f51f51274cd30ef576ea1e71d20c657376f |
| SHA512 | ec188b0ee4d3daabc26799b34ee471bee988bdd7ceb011ed7df3d4cf26f98932bbbb4b70dc2b7fd4df9a3981b3ce22f4b5be4a0db97514d526e521575efb2ec6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 9cd3d4c5ff4e2c6739484335070f25da |
| SHA1 | a1a3bd68795aac0a47a74f3e292621333caaabcd |
| SHA256 | 4bb0e2643e1ced608f1edfab0c45cf23fb88a8f7a37df0d8f85e486f5ff67305 |
| SHA512 | 2ceeb9ce810665176939ab245569e5573b0d320e01619e3bb4bd8b7fb3dc9865e1949a13a2774c4fd12021ee61f12875f1456223217f80ee44dfa2b18a54a149 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | 24983e0591c254a3a77c9bdf5b966471 |
| SHA1 | b8e9bcad72b4dc31d245a86c999f6059e61fd892 |
| SHA256 | 462517c91c4858c67a0005e4d64cc99f1082804d2706eb06c8b4a1e4c6778c32 |
| SHA512 | f0a62f1ed5ccc3a38c5713c8799976f4f5e35fbd6d1a8b43c28a72287d4c24caac442491aadf6818d01890ae47aa3e1ea1726f17cdbf8c43d0880a0da63e0506 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json
| MD5 | 270849270327e981a44aa886afcf542e |
| SHA1 | 41e10b616d2f2d9f1ce40ab5b65fc0a676601322 |
| SHA256 | ec83efdb268f396853abc79d7d0c8b2933bd610e7bdafd6fdef0d397ce715b57 |
| SHA512 | b8bc9d322b46d79a665757e44b430ae2ddb85ca4e73217eb94ce737a61202cbe7b59177bc40bda5feb010756ba864c0cf47242579a757e7e6279959ed121ea51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db
| MD5 | 58d59ca6392e7c050c196e8017adac02 |
| SHA1 | b11341bafc5f13af3536d3bfbea4e32022e583a8 |
| SHA256 | 560bf28b9d15f428701949fae14ceabe6eadec4647754ad46e1f46df20612cc3 |
| SHA512 | 8503bb8102c3ae1106d92bae0aee95002f13461bea200637283746435786d6658627dbc542be2f44a0f7db37bd692559485c999620aac13fa477890a138c811b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Vpn Tokens
| MD5 | 2ab963a9d95973b9b2a2726616127e17 |
| SHA1 | 8da5503720ffe3f1a928ed13ced1deafc4940388 |
| SHA256 | be64bb3000369aae846965ee2ee80b8a6bd1067137434daab66ac5caebf86413 |
| SHA512 | 0f8b03998abce721d8baf0a3a6e02e1fad2dc0b6b5647f32d0d3a8e2ae64fd69279638eed892574fe7d0eccf9fe094772fce494b9203871c3b300e1793a2d7cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history
| MD5 | bcf5d7089ad1e61d759a27a5e7edd055 |
| SHA1 | 2881198f7c50c1167169ab13acc46e366f29117f |
| SHA256 | 399e944d4f8254fba7ff853117b6e9da2831a7de411ce45c546c10782069699a |
| SHA512 | b9a499e775390b201abe303ade1fa990a6cfb4f23190246b459aa87aa317c969f669e177fd8525f086bcbbcb0291c22409266652155b62c9c9d38db67ee8c02e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history
| MD5 | db901c9b19d5f0f93a7750193aa55c58 |
| SHA1 | 9062b2a68b7a9a37da6ae6bf5b0dbca3e213eef9 |
| SHA256 | 299884b78fb5407a42f78719751fbac4e26b7665cc02971985140d1fe1a6b2ac |
| SHA512 | bfd0e422332e05a9edd0bc443acc16dc6f863eab8647a9107b9bb5cb0c060a3a04dad5efce9bf3b9586f78de4820286fca6b6994e0fc0531dcdd7fb3ae27d684 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\54d5a2b3-35b6-4e1c-8f4e-209a1f8771c2.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 9bbbca5685c0c568c192b4f94fec7abe |
| SHA1 | bd89519bb21e865cfa83d38d6165ea8abe9bf2c3 |
| SHA256 | ca146c211d1a372ccf67c6096d70960328a498acc47230bbbc4fb317018a9369 |
| SHA512 | 9555b995db37ff6663589ff7b8f931c66c625bfadae42f23a20d4434e0f1a57369ad8c472674f54c07a4ff99d6b2d56610033473c56feaf3f5e89f28381728a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 02afd0b94678a95133f7a09b2f69534b |
| SHA1 | 4a1f0b25651d5b8516e9d9c8d34f88fdfa0c14b2 |
| SHA256 | 4e576787ada87ee425c7c314481080f62eccd50862908181a0bc6bb2be762c72 |
| SHA512 | 0481e65e36047acd76dbb476fa8c30075c69bd41a8d85d4dfebf2ee8c4b8a3ed3a89f16b65989a133af22d0e09083bb29cfd0b3acac85a9fed4746f3f4377918 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL
| MD5 | 2c5e8c311187490cdc1e24f31f35d1fa |
| SHA1 | 71e6de6f33f965c59d001cca01e778286a77ee15 |
| SHA256 | 9b70e027ff644e15b9c36fa615981e9b56e3f5bb032a65c3bfdaf0468875a1f6 |
| SHA512 | 1fd9e2020a4fe0fb0b20f8648b8a75ca15922bcb6267999cc4e59ac68ff648121fb7c2f41766609a8eb0b6b25bfd66305f057a0317c2274f1d0d3f7c9d2848b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
| MD5 | 646bda10074079ef16131fced060d8f1 |
| SHA1 | 5d988e1bcb9d05c2ec69088375c49a79c3d7e758 |
| SHA256 | 488a8a6cb927d2ce6362022e1a4ec0590298db5bf2c4bfe6414b8c2d4c104a93 |
| SHA512 | 3a9fc12ad775cb4bf6073e12a590a0d09b1f84f69609e30b88dcbbf21d954ade08f9fd6f1713fed6b08d4954e35def48bd608f0545a3d4103e5b0deed37651b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000021
| MD5 | c3befc7a937bcd0da82ddf90093d8094 |
| SHA1 | 7ae5c02ed8dec73154ccb342d5baa8e96d746e99 |
| SHA256 | 7a9ce009e5165daee0a71e882a9ed9b1af0f6b08ca6790981cd74ac7905c0856 |
| SHA512 | 7bccdc6fbdf4cd65ce0b710d5b1f263bb5921d4c4ce1c6ba8c3d3c91913f2d76294e884af19391d85b0a61d52d91f90122c9ef404a6e80622e2662ac4a2a3cb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | 29065d1103867a21002252c6879ba310 |
| SHA1 | 0f49d51281bc10ab79a68e2d939f9c2dc09f4bea |
| SHA256 | e9627725e613d6324634ead6b112937eed6c5429da940cef20d98748adf570f6 |
| SHA512 | 27e9fe36796e80a97c91e33fd8b04bb38b96e452bb9d68e1197d382c6414c83a6868ee6fcf1804409da67d08777ff1de94bb990b74e0bb6c7c756cf6fcfd7b82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3
| MD5 | b99cde9240bf4f55ef5f5849a2682957 |
| SHA1 | 11464ec4c0d0f3bc8a02a6b06dd635deb60f5034 |
| SHA256 | 9c6a3a9f512835bab2500d2dcce4a4f940996d93a5cf6b666dea39d6f592ca0f |
| SHA512 | 31269be230e0e35ff8b01525d415f41f454e87c27b666f2e6c80fe2d5c5a2e428270f983f7171c37b8b999b73889a12607794aa22db64867e1dd1dc8c684f894 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2
| MD5 | ddc703609b170372c810a7155925f94f |
| SHA1 | 5ead5e606a78dae6179c93fafe3b92321e8c1c09 |
| SHA256 | 24f500cbc7a07893160313ecf105057c792cd0561297f781228ca99564450849 |
| SHA512 | e26ad5b418e5c861302f846c0c3ff490d2ad583b22296a0517870a44b49ca2a5b8d440277366595998150f8ed09e3ccd6a5864c58997a532fde05dfc51ef5c26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 767c6fc2637939e3b6b8234310b2b21a |
| SHA1 | 44595c3e8099986e7dbd9fe2a3918166561155f5 |
| SHA256 | fe7e5c4719fedf8cb2a66d8cb7ce25a9bdd616b43b628d89297633efb9d30fe4 |
| SHA512 | d3d7227a27b34b20d7bf2725a556387b1695aa4ba8b3b00f935de701fe110f04d6448d56d0617d8d6bf53761cf65572612fb1896811ec2cb3af9fae1493cb7d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0
| MD5 | 5197052bdc0e3d8ddb2dfff3ad4b140d |
| SHA1 | 11fdcd6eae11430f2af56878e62cc678a709c9a2 |
| SHA256 | 19cb9f55831d28b7ca55d96785caaea8bf674ba63523c57d56b0e98516b00930 |
| SHA512 | daf2a2697d02f53671e28b86427721917b8b2f5d6b731089ce0ea55fca2e678e007f22f0c9b1e65eaeb429077ba0c7a83ae0b235592b37bd0f34ffe393462654 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | fda4fb887511a3e663f2a3947b0bcd6f |
| SHA1 | 767e0b6becbab17b09c6b2c428923ddfded07e6d |
| SHA256 | 6f84847a4bcab32f78ce2dbae1961ab4c890782993b6e930b6f7a27f04302660 |
| SHA512 | 0ba68348298b85922b44e8b9011be445127b6092374246a685f3fb92f02399f254e29ac59737de790d96093d04a776026f05fe56f70cfa50837892d7fb7119fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1
| MD5 | 0d3ccf6d7d455856606cbcd136903ae1 |
| SHA1 | 646860c6a3a6ad509988757d6d4e3e0721b100e5 |
| SHA256 | 205170104c472de225d58550bc58f648bcbcf2c26e646ff32eaa00b8a9404af2 |
| SHA512 | 15233cc3f11b92c09b8f69b7dc32710b5c4bd715d41689b4f5ecb7a8a4d85b18a875bf33daa0c0927014d34e19b844c470c39db33084ec3d0c63613833089db6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | b995edfca912e9c6731719efe5f60253 |
| SHA1 | ab36643a65a016224fdd9af2ac39843cc8af6240 |
| SHA256 | 2e67899f713a9d2498cb38e53f4d7172793be560596316c18231beda50ab3b75 |
| SHA512 | 68ea74bb3a5f7d9c6cace307c33b3d1e8bb979ad6005103aa34303b5a8b2866ac8042ef059cca88d1371b1b35d62fd025c45cde8ef6ddef6fd40971529e2c20b |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/2336-571-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
| MD5 | f97d2e6f8d820dbd3b66f21137de4f09 |
| SHA1 | 596799b75b5d60aa9cd45646f68e9c0bd06df252 |
| SHA256 | 0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a |
| SHA512 | efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0 |
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
| MD5 | 4050b28341710d81199706f62a3f2ada |
| SHA1 | c3e80830dc572062a36ac3cfee1ea27668068da0 |
| SHA256 | e5d3703e7e3ba7bf8045aa0e8ebd90282d009a2caac1e2e8c0188939f35a8ac5 |
| SHA512 | a4d5a2156dc8740a0ed64d119058d2b658d655c112d6193fee23f6e2d0051dc60848de036503a7f7de824f85f2e42764a41fd26960d66311724f6f068f1a6df9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | da2b045421a1a61efdc863121b52cccd |
| SHA1 | 7c93a940e8c100874cfcfda54172e1f367ee01cc |
| SHA256 | 6788c4c37964d1b2ce3cd50d74edf9f0e188212cc9d03d636fde54e782a75bbf |
| SHA512 | 35427d0d2306d9910e06a37763ed0d8f0ff8ee3d1928f97ca2fc9fb68d9fe86389cd09938e889bcc7e244dc691981296acce93aa6790bc61d55ca690217b6969 |
C:\Users\Default\Desktop\@[email protected]
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/3296-1989-0x0000000073B60000-0x0000000073BE2000-memory.dmp
memory/3296-1993-0x0000000000F70000-0x000000000126E000-memory.dmp
memory/3296-1992-0x0000000073B10000-0x0000000073B32000-memory.dmp
memory/3296-1991-0x0000000073A80000-0x0000000073B02000-memory.dmp
memory/3296-1990-0x00000000737E0000-0x00000000739FC000-memory.dmp
memory/3296-2010-0x0000000073A80000-0x0000000073B02000-memory.dmp
memory/3296-2011-0x0000000073A00000-0x0000000073A77000-memory.dmp
memory/3296-2009-0x0000000073B10000-0x0000000073B32000-memory.dmp
memory/3296-2008-0x0000000073B40000-0x0000000073B5C000-memory.dmp
memory/3296-2006-0x0000000000F70000-0x000000000126E000-memory.dmp
memory/3296-2007-0x0000000073B60000-0x0000000073BE2000-memory.dmp
memory/3296-2012-0x00000000737E0000-0x00000000739FC000-memory.dmp
memory/3296-2021-0x0000000000F70000-0x000000000126E000-memory.dmp
memory/3296-2046-0x0000000000F70000-0x000000000126E000-memory.dmp
memory/3296-2052-0x00000000737E0000-0x00000000739FC000-memory.dmp
memory/3296-2084-0x00000000737E0000-0x00000000739FC000-memory.dmp
memory/3296-2059-0x0000000000F70000-0x000000000126E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 90a26c8e0167e3552c973da52a5eef3f |
| SHA1 | 5a264611e1d8ed2266d99582f77575e77eb05774 |
| SHA256 | ff6fb5354416d4e75564425347fcb1e397f5e617a0a7f0eae9e2ba8aa335dc6f |
| SHA512 | 23c5dbecaa766d10b367db017209bad232d7fe9e2778fce29154899c1eadb26ea3ddbe41b166bd90ec2bf2d2de70e541a3a48e3d957336fd3ddeb21c60b67103 |