Malware Analysis Report

2024-10-23 19:54

Sample ID 240706-wfyeysxepp
Target https://archive.org/details/malware-pack-2
Tags
wannacry bootkit defense_evasion discovery execution impact persistence ransomware spyware stealer worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://archive.org/details/malware-pack-2 was found to be: Known bad.

Malicious Activity Summary

wannacry bootkit defense_evasion discovery execution impact persistence ransomware spyware stealer worm

Wannacry

Deletes shadow copies

Boot or Logon Autostart Execution: Active Setup

Event Triggered Execution: Image File Execution Options Injection

Modifies file permissions

Reads user/profile data of web browsers

Drops startup file

Loads dropped DLL

Executes dropped EXE

Drops desktop.ini file(s)

Checks installed software on the system

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Writes to the Master Boot Record (MBR)

Adds Run key to start application

Drops file in System32 directory

Sets desktop wallpaper using registry

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Checks processor information in registry

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy WMI provider

Modifies Internet Explorer settings

Views/modifies file attributes

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Enumerates system info in registry

Modifies registry key

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-06 17:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-06 17:52

Reported

2024-07-06 18:09

Platform

win11-20240704-en

Max time kernel

964s

Max time network

1008s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://archive.org/details/malware-pack-2

Signatures

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger = "rekt.exe" C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe\Debugger = "rekt.exe" C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonui.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonui.exe\Debugger = "rekt.exe" C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "rekt.exe" C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "rekt.exe" C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe\Debugger = "rekt.exe" C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe\Debugger = "rekt.exe" C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD2D26.tmp C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\[email protected] N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD2D2D.tmp C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\[email protected] N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Data\tree.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lknmewvzsp534 = "\"C:\\Users\\Admin\\Downloads\\Malware_pack_2\\Malware_pack_2\\WannaCrypt0r\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Windows\CurrentVersion\Run\DesktopXmasTree = "C:\\Users\\Admin\\AppData\\Roaming\\Data\\tree.exe" C:\Users\Admin\AppData\Roaming\Data\tree.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\SET2AEE.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File created C:\Windows\SysWOW64\SET2AEE.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp50.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\[email protected] N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Data\\Pussy.png" C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\fonts\SET2AAD.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SET29F2.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET29F4.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET29F8.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\mslwvtts.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\lhsp\tv\SET2A9B.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\lhsp\tv\SET2A9C.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File created C:\Windows\fonts\SET2AAD.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentDPv.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentMPx.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET29F1.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\fonts\andmoipa.ttf C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET29F0.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\help\SET29F9.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET29F6.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\SET29F7.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET29F5.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\help\tv_enua.hlp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentSR.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET29F6.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET29F8.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET2A0B.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\SET2AED.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File created C:\Windows\INF\SET2AED.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentSvr.exe C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET29F0.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentPsh.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\intl\Agt0409.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\lhsp\tv\SET2A9C.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET29DF.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\intl\SET29FA.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET29F3.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET29F2.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\INF\SET29F7.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\tvenuax.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File created C:\Windows\MsAgent\chars\Bonzi.acs C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
File opened for modification C:\Windows\msagent\AgentAnm.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET29F5.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\help\SET29F9.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\lhsp\help\SET2AAC.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SET29F1.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET2A0B.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\SET2A9B.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SET29F4.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentCtl.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentDp2.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\help\Agt0409.hlp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\intl\SET29FA.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\tv_enua.inf C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\SET29DF.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgtCtl15.tlb C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\tv_enua.dll C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\lhsp\help\SET2AAC.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\INF\agtinst.inf C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET29F3.tmp C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Recovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.22000.1\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31117273" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main\SearchBandMigrationVersion = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "3353859568" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D1955345-3BC2-11EF-B03F-D69AC9ECD474} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\SearchScopesUpgradeVersion = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\BrowserEmulation C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{065E6FD1-1BF9-11D2-BAE8-00104B9E0792} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B976287-3692-11D0-9B8A-0000C0F04C96}\TypeLib\ = "{0A45DB48-BD0D-11D2-8D14-00104B9E072A}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\MiscStatus\ = "0" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4900F95-055F-11D4-8F9B-00104BA312D6}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus\1 C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.Slider.2\CLSID\ = "{F08DF954-8592-11D1-B16A-00C0F0283628}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32 C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DECC98E1-EC4E-11D2-93E5-00104B9E078A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F050-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}\TypeLib C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575}\InprocServer32\ = "C:\\Windows\\lhsp\\tv\\tvenuax.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD3-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{1D06B600-3AE3-11CF-87B9-00AA006C8166} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSFrame.3\CLSID C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD4-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\MiscStatus\1 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{159C2806-4A71-45B4-8D4E-74C181CD6842}\ = "_CCalendarVBPeriod" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0A45DB48-BD0D-11D2-8D14-00104B9E072A}\2.0\FLAGS C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D6589123-FC70-11D0-AC94-00C04FD97575}\2.0 C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{159C2806-4A71-45B4-8D4E-74C181CD6842}\ = "CCalendarVBPeriod" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageComboCtl.2\CLSID\ = "{DD9DA666-8594-11D1-B16A-00C0F0283628}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\MiscStatus\1 C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\MiscStatus\ = "0" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792}\ProgID\ = "Threed.SSPanel.3" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentCharacter" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl.2\ = "Microsoft ImageList Control, version 6.0" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A031FBF6-81A7-4440-9E20-51ABB2289E4B}\VERSION C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35053A20-8589-11D1-B16A-00C0F0283628} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}\ = "IImage" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792} C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DACB7A39-CC0D-4B85-908B-10D2451761A5}\TypeLib C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{62FCAC31-2581-11D2-BAF1-00104B9E0792}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FDE-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\Version = "3.0" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DECC98E1-EC4E-11D2-93E5-00104B9E078A}\ = "ISSImage" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{22EB59AE-1CB8-4153-9DFC-B5CE048357CF}\ProgID C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6B1BE80A-567F-11D1-B652-0060976C699F}\1.1 C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628}\TypeLib C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD5-1BF9-11D2-BAE8-00104B9E0792}\ = "ISSFrameBase" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04C-858B-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\Programmable C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{916694A9-8AD6-11D2-B6FD-0060976C699F}\TypeLib\ = "{6B1BE80A-567F-11D1-B652-0060976C699F}" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792}\ToolboxBitmap32 C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0A45DB4E-BD0D-11D2-8D14-00104B9E072A}\TypeLib\Version = "2.0" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}\ = "IListSubItem" C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.Toolbar C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\ProgID C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\LWVFile C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{916694A8-8AD6-11D2-B6FD-0060976C699F}\TypeLib C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Malware_pack_2.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Data\tree.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Data\Installer.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\MEMZ.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\ielowutil.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1492 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 4248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 4248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1492 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://archive.org/details/malware-pack-2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5268 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3780 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\[email protected]

"C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\[email protected]"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 90211720288678.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected] vs

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "lknmewvzsp534" /t REG_SZ /d "\"C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\tasksche.exe\"" /f

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "lknmewvzsp534" /t REG_SZ /d "\"C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\tasksche.exe\"" /f

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+buy+bitcoin

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,14417055205314558585,13687258338809242749,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,14417055205314558585,13687258338809242749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,14417055205314558585,13687258338809242749,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14417055205314558585,13687258338809242749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14417055205314558585,13687258338809242749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14417055205314558585,13687258338809242749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe

"C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe"

C:\Users\Admin\AppData\Roaming\MEMZ.exe

"C:\Users\Admin\AppData\Roaming\MEMZ.exe"

C:\Users\Admin\AppData\Roaming\MEMZ.exe

/watchdog

C:\Users\Admin\AppData\Roaming\MEMZ.exe

/watchdog

C:\Users\Admin\AppData\Roaming\MEMZ.exe

/watchdog

C:\Users\Admin\AppData\Roaming\MEMZ.exe

/main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe

"C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x00000000000004D0

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=pussy+destroyer

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2016 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4000 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x120,0x130,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=animated+christmas+tree+for+desktop

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=cat+desktop

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=how+to+get+cursormania+in+2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=mp3+midi+converter

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=grand+dad+rom+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xc0,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=fuck+bees

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/results?search_query=tootorals

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6568 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Roaming\Data\tree.exe

"C:\Users\Admin\AppData\Roaming\Data\tree.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7896 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=smash+mouth+all+star+midi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7592 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=cool+toolbars

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=limp+bizkit+mp3+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=stanky+danky+maymays

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:1

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=succ

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=expand+dong

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=john+cena+midi+legit+not+converted

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0x100,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9108 /prefetch:1

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=cortana+is+the+new+bonzi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=myfelix+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=free+midi+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=preventon+antivirus+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9332 /prefetch:1

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=snow+halation+midi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=smileystoolbar+download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=bad+ass+mafia+toolbar

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+bonzi+buddy+a+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x120,0x130,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9488 /prefetch:1

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Roaming\Data\Installer.exe

"C:\Users\Admin\AppData\Roaming\Data\Installer.exe"

C:\Windows\SysWOW64\CScript.exe

"C:\Windows\system32\CScript.exe" "C:\Users\Admin\AppData\Local\Temp\Bonzi\run.vbs" //e:vbscript //B //NOLOGO

C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE

"C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE" /Q

C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe

"C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe" /Q

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentSR.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"

C:\Windows\msagent\AgentSvr.exe

"C:\Windows\msagent\AgentSvr.exe" /regserver

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE

"C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE"

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3840 CREDAT:17410 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3840 CREDAT:82948 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3840 CREDAT:17414 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3840 CREDAT:82952 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3840 CREDAT:17420 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3840 CREDAT:82960 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3840 CREDAT:17428 /prefetch:2

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

taskdl.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 archive.org udp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.239.241:443 polyfill.archive.org tcp
US 8.8.8.8:53 241.239.241.207.in-addr.arpa udp
US 207.241.225.195:443 analytics.archive.org tcp
N/A 224.0.0.251:5353 udp
US 207.241.227.211:443 ia600401.us.archive.org tcp
GB 92.123.142.177:443 tcp
US 20.189.173.2:443 browser.pipe.aria.microsoft.com tcp
GB 95.101.129.216:443 r.bing.com tcp
GB 95.101.129.216:443 r.bing.com tcp
GB 95.101.129.216:443 r.bing.com tcp
US 8.8.8.8:53 222.197.79.204.in-addr.arpa udp
US 52.111.227.13:443 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:51690 tcp
FR 51.255.41.65:9001 tcp
US 199.254.238.52:443 tcp
FR 163.172.138.22:443 tcp
DE 89.163.247.43:9001 tcp
NL 194.109.206.212:443 tcp
FR 163.172.194.53:9001 tcp
DE 131.188.40.189:443 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
NL 77.174.164.37:9001 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
GB 92.123.142.177:443 tcp
US 13.107.138.254:443 spo-ring.msedge.net tcp
US 52.123.129.254:443 dual-s-ring.msedge.net tcp
US 52.108.8.254:443 wac-ring.msedge.net tcp
US 8.8.8.8:53 254.129.123.52.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.180.4:443 www.google.com udp
N/A 127.0.0.1:9050 tcp
GB 142.250.178.4:80 google.co.ck tcp
GB 142.250.178.4:80 google.co.ck tcp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 pcoptimizerpro.com udp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 50.63.8.124:80 pcoptimizerpro.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:80 search.yahoo.com tcp
IE 212.82.100.137:80 search.yahoo.com tcp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 ask.com udp
GB 199.232.58.114:80 ask.com tcp
GB 199.232.58.114:80 ask.com tcp
US 8.8.8.8:53 www.ask.com udp
US 151.101.66.114:443 www.ask.com tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 114.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 114.58.232.199.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 ak.staticimgfarm.com udp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
GB 173.222.210.169:443 ak.staticimgfarm.com tcp
US 151.101.194.137:443 code.jquery.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 216.58.204.78:443 syndicatedsearch.goog tcp
US 104.19.178.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 client.px-cloud.net udp
GB 92.123.140.34:443 client.px-cloud.net tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 216.58.204.78:443 syndicatedsearch.goog udp
GB 172.217.16.226:443 partner.googleadservices.com tcp
US 8.8.8.8:53 collector-px8zofp9vf.px-cloud.net udp
US 35.190.10.96:443 collector-px8zofp9vf.px-cloud.net tcp
US 8.8.8.8:53 cdn.aimtell.com udp
US 8.8.8.8:53 s3.amazonaws.com udp
US 54.231.134.168:443 s3.amazonaws.com tcp
US 104.18.4.165:443 cdn.aimtell.com tcp
US 8.8.8.8:53 52.178.19.104.in-addr.arpa udp
US 8.8.8.8:53 169.210.222.173.in-addr.arpa udp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 34.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 96.10.190.35.in-addr.arpa udp
US 104.20.94.138:443 c.statcounter.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 104.22.70.231:443 cdn.aimtell.io tcp
US 35.190.10.96:443 collector-px8zofp9vf.px-cloud.net udp
US 8.8.8.8:53 88.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 138.94.20.104.in-addr.arpa udp
US 8.8.8.8:53 231.70.22.104.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 t1.gstatic.com udp
US 8.8.8.8:53 t2.gstatic.com udp
GB 216.58.212.228:443 t2.gstatic.com tcp
GB 172.217.169.68:443 t1.gstatic.com tcp
GB 172.217.169.68:443 t1.gstatic.com tcp
GB 172.217.169.68:443 t1.gstatic.com tcp
US 8.8.8.8:53 228.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 68.169.217.172.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
IE 212.82.100.137:80 search.wow.com tcp
IE 212.82.100.137:80 search.wow.com tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 search.wow.com udp
IE 212.82.100.137:80 search.wow.com tcp
GB 142.250.178.4:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.204.78:80 www.youtube.com tcp
GB 216.58.204.78:80 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com tcp
GB 216.58.204.78:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
US 8.8.8.8:53 246.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 84.102.250.142.in-addr.arpa udp
GB 142.250.179.246:443 i.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.187.193:443 yt3.ggpht.com tcp
GB 142.250.187.193:443 yt3.ggpht.com tcp
US 8.8.8.8:53 yt3.googleusercontent.com udp
GB 142.250.178.1:443 yt3.googleusercontent.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.180.10:443 jnn-pa.googleapis.com tcp
GB 142.250.180.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 216.58.201.110:443 youtube.com tcp
GB 95.101.143.202:80 www.bing.com tcp
GB 95.101.143.202:80 www.bing.com tcp
GB 95.101.143.202:443 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.143.101.95.in-addr.arpa udp
GB 88.221.135.11:443 r.bing.com tcp
GB 88.221.135.35:443 r.bing.com tcp
GB 88.221.135.35:443 r.bing.com tcp
GB 88.221.135.11:443 r.bing.com tcp
US 8.8.8.8:53 35.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.75:443 login.microsoftonline.com tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
IE 212.82.100.137:80 search.wow.com tcp
IE 212.82.100.137:80 search.wow.com tcp
IE 212.82.100.137:443 search.wow.com tcp
IE 212.82.100.137:443 search.wow.com tcp
US 8.8.8.8:53 guce.yahoo.com udp
IE 34.251.112.118:443 guce.yahoo.com tcp
US 8.8.8.8:53 consent.yahoo.com udp
IE 34.242.212.22:443 consent.yahoo.com tcp
US 8.8.8.8:53 118.112.251.34.in-addr.arpa udp
US 8.8.8.8:53 s.yimg.com udp
IE 34.242.212.22:443 consent.yahoo.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
US 8.8.8.8:53 12.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 22.212.242.34.in-addr.arpa udp
GB 142.250.200.46:443 play.google.com udp
US 172.64.154.167:443 www2.bing.com tcp
GB 95.101.143.202:443 www.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 search.wow.com udp
IE 212.82.100.137:80 search.wow.com tcp
IE 212.82.100.137:80 search.wow.com tcp
IE 212.82.100.137:443 search.wow.com tcp
US 8.8.8.8:53 guce.wow.com udp
IE 34.251.112.118:443 guce.wow.com tcp
IE 34.242.212.22:443 guce.wow.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
US 8.8.8.8:53 edge-mcdn.secure.yahoo.com udp
US 8.8.8.8:53 csp.yahoo.com udp
GB 87.248.114.11:443 edge-mcdn.secure.yahoo.com tcp
IE 188.125.72.139:443 csp.yahoo.com tcp
GB 87.248.114.11:443 edge-mcdn.secure.yahoo.com tcp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 139.72.125.188.in-addr.arpa udp
GB 142.250.178.4:80 google.co.ck tcp
GB 142.250.178.4:80 google.co.ck tcp
GB 216.58.204.78:443 www.youtube.com udp
GB 216.58.204.78:443 www.youtube.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 184.28.176.113:443 r.bing.com tcp
GB 184.28.176.113:443 r.bing.com tcp
GB 184.28.176.115:443 th.bing.com tcp
GB 184.28.176.115:443 th.bing.com tcp
US 8.8.8.8:53 113.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 115.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 sydney.bing.com udp
GB 184.28.176.88:443 sydney.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 88.176.28.184.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 consent.yahoo.com udp
US 172.64.154.167:443 www2.bing.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 search.yahoo.com udp
IE 212.82.100.137:443 search.yahoo.com tcp
IE 212.82.100.137:443 search.yahoo.com tcp
US 8.8.8.8:53 guce.yahoo.com udp
IE 34.251.112.118:443 guce.yahoo.com tcp
GB 142.250.180.4:443 www.google.com udp
GB 184.28.176.32:443 r.bing.com tcp
US 8.8.8.8:53 32.176.28.184.in-addr.arpa udp
US 8.8.8.8:53 consent.yahoo.com udp
US 8.8.8.8:53 ask.com udp
GB 151.101.190.114:80 ask.com tcp
GB 151.101.190.114:80 ask.com tcp
US 8.8.8.8:53 www.ask.com udp
US 151.101.194.114:443 www.ask.com tcp
US 8.8.8.8:53 114.190.101.151.in-addr.arpa udp
GB 216.58.204.78:443 www.youtube.com udp
GB 173.222.210.233:443 ak.staticimgfarm.com tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 35.190.10.96:443 collector-px8zofp9vf.px-cloud.net udp
US 8.8.8.8:53 114.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 233.210.222.173.in-addr.arpa udp
US 104.20.94.138:443 c.statcounter.com tcp
US 104.18.4.165:443 signals.aimtell.com tcp
US 104.22.70.231:443 cdn.aimtell.io tcp
US 8.8.8.8:53 t0.gstatic.com udp
US 8.8.8.8:53 t3.gstatic.com udp
GB 216.58.212.228:443 t2.gstatic.com udp
GB 172.217.169.68:443 t1.gstatic.com udp
GB 216.58.201.100:443 t0.gstatic.com tcp
GB 216.58.201.100:443 t0.gstatic.com tcp
GB 142.250.180.4:443 t3.gstatic.com tcp
GB 142.250.180.4:443 t3.gstatic.com tcp
GB 142.250.180.4:443 t3.gstatic.com tcp
US 8.8.8.8:53 100.201.58.216.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 142.250.178.4:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
N/A 127.0.0.1:9050 tcp
US 35.190.10.96:443 collector-px8zofp9vf.px-cloud.net udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 www.bonzi.com udp
US 50.18.226.206:80 www.bonzi.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.67.3.58:80 www.bonzi.com tcp
US 8.8.8.8:53 206.226.18.50.in-addr.arpa udp
US 8.8.8.8:53 opensea.io udp
US 172.64.154.159:443 opensea.io tcp
US 8.8.8.8:53 x2.c.lencr.org udp
GB 95.100.245.168:80 x2.c.lencr.org tcp
US 8.8.8.8:53 58.3.67.54.in-addr.arpa udp
US 8.8.8.8:53 159.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 168.245.100.95.in-addr.arpa udp
GB 142.250.200.46:443 www.youtube.com udp
US 8.8.8.8:53 buddy.bonzi.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b88c419948b22d8f079311239c952096
SHA1 57bde0e55d3ad4c555f1dae4224a64a0d2375da9
SHA256 d424881e070ffbdcf8801a339813bcd5dbdd9c1d121d197e7924adceeed0ab4a
SHA512 76bcb75c16d21cb2f452f19562c2d311e3741c6aaf22128ec6b2c37159c9b28c3337ff6a57a38430b0c249d6d4eca7185a859ca32515dc44de106fb0a45d6c3b

\??\pipe\LOCAL\crashpad_1492_BHUUYCNLIQOOKEEL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f99c482b569e51ec044a39d33e5aa9d
SHA1 c4118d25e83679a64720b0c32ae30aa6fab0fe26
SHA256 cc73e826d62a46c84cc26263266fb7015c15180e3844062e35305875b1180895
SHA512 2693cc5e9b465a2296700d2563469b53460b82b87125793a638e9efd6b69b30fe232206b194b31fd07b85f9dc50b7aed92bf96845827d695088638b8574a8ab8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8576744861b15829af5267eae1773644
SHA1 f576302fe23e76900d81688952e1fda3573d2e68
SHA256 27b52729731111daf7ee050209ec94e9ee0250df86fff32c36b5a83248d4640c
SHA512 a926996c14b15d24474d705a85cb077fe0330c9714215a58bd339f29672647f36c2e7ac2f395eb8c11e7c529bb3338eb148ff3aafe2594eca91e92b9096756a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6d0adef64dc968dbb43bf3827b05ac38
SHA1 2b8b5022f15049cec37d96982fd0e8ee78a0ff32
SHA256 902e916a8caa4040a0ccdb342b29f603463a486e7b16af8f77dfec5989476bb1
SHA512 8b17042fb5ec21e51b3e65a91b446aa3947c9f48469527862fab5e4efc6550ad22b934fc853f0644cce8cbe512444dfc6a9b71e703896a943919ef52b5470602

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 759f563d759a50f86bc53f6121e9c2a4
SHA1 7baa0241d271007807b584975b5fc2ca25d5a518
SHA256 f958e169e6ba36bb52bafcda55d7220b0db5edf042dd9f49be36580bc9295b69
SHA512 a05e2184fb32b898852872cd360f3984e5b5f74cb74546010ebf7665a84fcfbffe26804e654db42c37831b6d451d04e78d206762de0d7cae9afec45107e9b6e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 aef4d4fc6a65806e48b4b1308911f066
SHA1 1994fdab1aec190f5996a013b24cc7f1d1ee32af
SHA256 057444e4aa32a9e685c4cfcc8d6070e3ce0264d8b117c484f0c9b22586e409a8
SHA512 c37aeb415986d48a7e6c658a0e6d20f8b92a4b37fc25b6b868b1b0e8b3593e2da2728674eeaa13e74a656177497519bf5949f84e183fd5f368dbff4be2252793

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6b8fc5a2a59c1067136ecc2eb52c3ad7
SHA1 fcf567dbad6bb8bc6b0d09712a34d49185477e84
SHA256 00eefc295be3aadc6b90636b39409301692ee8ab4b07079129b14d2e311e1b4b
SHA512 8278ffcffd5e09cf301e758fc5f0617276200a2979fcd6f7840fffaaeb7e1705c2caea8fb23d7e4c9ade594acc388c0fe7a0b7f3d490a0acbce16e2eaa925cc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 10a95f5f76b12d62c1ebba12f8e20577
SHA1 702ea2ee2ff2195753a080525119df0f53a31eb8
SHA256 01b0e2f12af6b634f51f178b1420b93bb18640d32a2b4824e7e3353421c5071b
SHA512 683dbd6ac3ed5627b440ae535b833f316e6b2d84b1e74265c988a556611df21a1148c1a41b4fc230cef6eebd65202f04c241213402fd047c3dce5ca16b3c8a09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5806d1.TMP

MD5 7770dcc3530cfce9010b1ca1377d4f93
SHA1 d8d4d4c966f209d34f15617aea9dfd845a285248
SHA256 7faff2250a0b163ecdf3c53a80054a331419e3bc6e7b47767f11febd38791ff0
SHA512 bcb83706c38490d1ce5b9cae0838a96d946d3d4767ac727e00e417526ef07df9a93a8decf26c60632e1140163aba9ded2911a8682cf8602f122b5a80e9c7e72b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ae6fbb6457f623c7c21c492b6b33b5c7
SHA1 fba4a6bebb56f355a09c67244a5af9ef3a13c6d3
SHA256 cd949e9cb515de66f125d8167adbd230ede982774e883fde615eb4b06b2a0bc6
SHA512 fc81c6ab72def923e7edce6dcbc8a8bb0d0fdf073bea90bcce3cf9e9a286c500f75860d3594525409bc3056e22c485aa068f4155f0f72c8f2760f810deaa8892

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cc0a134f3e3c6e0c8d8b14605e037de0
SHA1 266356c2571611fb6fbfba5d8e6125cd33008fb9
SHA256 ba63b8304ba29ec7e4744496478ab574521569aacdb33c1588f17364f2387cb5
SHA512 fab47ceeb082c0841b15f116eed8d14a8fbed8969cfffdbde4b3a6ed5dd0691deffc53fe45b74d721c6fdd68d47517ea550501dc7174b734f88d2fd0a11a4c87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cc759870b549c50183d5593a1707f9b9
SHA1 63cd136975d07ee4d0a87542f749e7d52b3ed54e
SHA256 5f8bec8f172575b2ed8607fd72d27b716c92f96d713a1dfd6c80b0ad8bfa9248
SHA512 c7ab6887b514cc702ae81f1b3a212cd6aad8fc88c0abf7f9543a1bb05fae76e2c73adb4af21196c00be889f676ef4ad8e2d752ed47c40e589ee37ae19c22decb

memory/3888-173-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp

memory/3888-174-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp

memory/3888-175-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp

memory/3888-185-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp

memory/3888-184-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp

memory/3888-183-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp

memory/3888-182-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp

memory/3888-181-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp

memory/3888-180-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp

memory/3888-179-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b06f61b95791ba910e893136e20f2d69
SHA1 c2641b95ab99ce37e78498018cf9d568f0452673
SHA256 d47bf18bba75c676e248152cdc2d437827a379e9cba0d4fcfeb0fe19cad10368
SHA512 c99148f19a5f925a905a5108cf208403fb1062e3a034bcb934041b70964ad17e6398998ddf63a6532599dde076c3b41f85894fe428c9ca5815891622a4d42b21

C:\Users\Admin\Downloads\Malware_pack_2.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 53420102ff9f209a07d283622380110c
SHA1 21e740a520410fcffb4160b1dcf1f8fa814f921d
SHA256 7a718e8e20d240d27baec7431ee50131f20d9f87dbac5f90d3a00f992d73c588
SHA512 e83b3390a1528f6b026f301c3846f4f7f46e3cd31774faf3a0a25e152748327d92b36d9973fd27b04858666562c801b690c0715dec69d42d5af615c681a3d212

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 51d23a9be4e9c7bf4311392106f1d3b2
SHA1 698bcf5dd5f0a3c91d113ba399a54a075e731363
SHA256 56d0aefb557660d6203d293f1bfc2d5ea6701524b68ed62bb8c3eef7157a9c48
SHA512 3524cb6780859d824ae2aa844967343f2976d1c587b96f3dea0714d1d876699ddbcb1da9c1f8bc54ad8dff1256e5fb8f7885b4fe9931637270b67357c00fd4fb

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

memory/4692-376-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_bulgarian.wnry

MD5 95673b0f968c0f55b32204361940d184
SHA1 81e427d15a1a826b93e91c3d2fa65221c8ca9cff
SHA256 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd
SHA512 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\u.wnry

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe

MD5 8495400f199ac77853c53b5a3f278f3e
SHA1 be5d6279874da315e3080b06083757aad9b32c23
SHA256 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d
SHA512 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe

MD5 4fef5e34143e646dbf9907c4374276f5
SHA1 47a9ad4125b6bd7c55e4e7da251e23f089407b8f
SHA256 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79
SHA512 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\t.wnry

MD5 5dcaac857e695a65f5c3ef1441a73a8f
SHA1 7b10aaeee05e7a1efb43d9f837e9356ad55c07dd
SHA256 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6
SHA512 06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\s.wnry

MD5 ad4c9de7c8c40813f200ba1c2fa33083
SHA1 d1af27518d455d432b62d73c6a1497d032f6120e
SHA256 e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b
SHA512 115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\r.wnry

MD5 3e0020fc529b1c2a061016dd2469ba96
SHA1 c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade
SHA256 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c
SHA512 5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_vietnamese.wnry

MD5 8419be28a0dcec3f55823620922b00fa
SHA1 2e4791f9cdfca8abf345d606f313d22b36c46b92
SHA256 1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8
SHA512 8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_turkish.wnry

MD5 531ba6b1a5460fc9446946f91cc8c94b
SHA1 cc56978681bd546fd82d87926b5d9905c92a5803
SHA256 6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415
SHA512 ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_swedish.wnry

MD5 c7a19984eb9f37198652eaf2fd1ee25c
SHA1 06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae
SHA256 146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4
SHA512 43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_spanish.wnry

MD5 8d61648d34cba8ae9d1e2a219019add1
SHA1 2091e42fc17a0cc2f235650f7aad87abf8ba22c2
SHA256 72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1
SHA512 68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_slovak.wnry

MD5 c911aba4ab1da6c28cf86338ab2ab6cc
SHA1 fee0fd58b8efe76077620d8abc7500dbfef7c5b0
SHA256 e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729
SHA512 3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_russian.wnry

MD5 452615db2336d60af7e2057481e4cab5
SHA1 442e31f6556b3d7de6eb85fbac3d2957b7f5eac6
SHA256 02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078
SHA512 7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_romanian.wnry

MD5 313e0ececd24f4fa1504118a11bc7986
SHA1 e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d
SHA256 70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1
SHA512 c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_portuguese.wnry

MD5 fa948f7d8dfb21ceddd6794f2d56b44f
SHA1 ca915fbe020caa88dd776d89632d7866f660fc7a
SHA256 bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66
SHA512 0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_polish.wnry

MD5 e79d7f2833a9c2e2553c7fe04a1b63f4
SHA1 3d9f56d2381b8fe16042aa7c4feb1b33f2baebff
SHA256 519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e
SHA512 e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_norwegian.wnry

MD5 ff70cc7c00951084175d12128ce02399
SHA1 75ad3b1ad4fb14813882d88e952208c648f1fd18
SHA256 cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a
SHA512 f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_latvian.wnry

MD5 c33afb4ecc04ee1bcc6975bea49abe40
SHA1 fbea4f170507cde02b839527ef50b7ec74b4821f
SHA256 a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536
SHA512 0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_korean.wnry

MD5 6735cb43fe44832b061eeb3f5956b099
SHA1 d636daf64d524f81367ea92fdafa3726c909bee1
SHA256 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0
SHA512 60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_japanese.wnry

MD5 b77e1221f7ecd0b5d696cb66cda1609e
SHA1 51eb7a254a33d05edf188ded653005dc82de8a46
SHA256 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e
SHA512 f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_italian.wnry

MD5 30a200f78498990095b36f574b6e8690
SHA1 c4b1b3c087bd12b063e98bca464cd05f3f7b7882
SHA256 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07
SHA512 c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_indonesian.wnry

MD5 3788f91c694dfc48e12417ce93356b0f
SHA1 eb3b87f7f654b604daf3484da9e02ca6c4ea98b7
SHA256 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4
SHA512 b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_greek.wnry

MD5 fb4e8718fea95bb7479727fde80cb424
SHA1 1088c7653cba385fe994e9ae34a6595898f20aeb
SHA256 e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9
SHA512 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_german.wnry

MD5 3d59bbb5553fe03a89f817819540f469
SHA1 26781d4b06ff704800b463d0f1fca3afd923a9fe
SHA256 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61
SHA512 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_french.wnry

MD5 4e57113a6bf6b88fdd32782a4a381274
SHA1 0fccbc91f0f94453d91670c6794f71348711061d
SHA256 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc
SHA512 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_filipino.wnry

MD5 08b9e69b57e4c9b966664f8e1c27ab09
SHA1 2da1025bbbfb3cd308070765fc0893a48e5a85fa
SHA256 d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324
SHA512 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_english.wnry

MD5 fe68c2dc0d2419b38f44d83f2fcf232e
SHA1 6c6e49949957215aa2f3dfb72207d249adf36283
SHA256 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5
SHA512 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_dutch.wnry

MD5 7a8d499407c6a647c03c4471a67eaad7
SHA1 d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b
SHA256 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c
SHA512 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_danish.wnry

MD5 2c5a3b81d5c4715b7bea01033367fcb5
SHA1 b548b45da8463e17199daafd34c23591f94e82cd
SHA256 a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6
SHA512 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_czech.wnry

MD5 537efeecdfa94cc421e58fd82a58ba9e
SHA1 3609456e16bc16ba447979f3aa69221290ec17d0
SHA256 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150
SHA512 e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_croatian.wnry

MD5 17194003fa70ce477326ce2f6deeb270
SHA1 e325988f68d327743926ea317abb9882f347fa73
SHA256 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171
SHA512 dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_chinese (traditional).wnry

MD5 2efc3690d67cd073a9406a25005f7cea
SHA1 52c07f98870eabace6ec370b7eb562751e8067e9
SHA256 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a
SHA512 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_chinese (simplified).wnry

MD5 0252d45ca21c8e43c9742285c48e91ad
SHA1 5c14551d2736eef3a1c1970cc492206e531703c1
SHA256 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a
SHA512 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\c.wnry

MD5 8124a611153cd3aceb85a7ac58eaa25d
SHA1 c1d5cd8774261d810dca9b6a8e478d01cd4995d6
SHA256 0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e
SHA512 b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\b.wnry

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\90211720288678.bat

MD5 3e433b682f41724f624a531b2c98df39
SHA1 fe29b0a628d7d4d22c0150d68fed947a30dde83e
SHA256 99976352dd5a0ebb20a77ce0bfa3c01e91593fbefd0f394a17df73e25472cf68
SHA512 c7e7ad3c4c7ff386aeef7e2e893c6daf2d9bc72cc7b9f9c977fde2eb3cd033a4e70f925030d4fedbd5bae77041028c4fdbe48682aba3398894bc6e052d857652

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\m.vbs

MD5 9372a73cb46d421301ddfe06eee72018
SHA1 5c7fe4464559c539f18f7367740ad52a8c815879
SHA256 6801c787f82a0952ce62bfa1ef59cc5312016c0babee33d68a9f0c073f1f9d1c
SHA512 6fa0cc896d5022fa708f9cc7ba10285edbfcbef76c18701ab42a73b4e2f8232d87ba3c6173fe57d19264046b9bef13e5f485d471a5fcb26d6e4c443d0b685c92

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

MD5 7a2726bb6e6a79fb1d092b7f2b688af0
SHA1 b3effadce8b76aee8cd6ce2eccbb8701797468a2
SHA256 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5
SHA512 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]

MD5 e68d476ff9ebebbbe4a98d6f37cbe7d1
SHA1 d61c34cc87997270e5dfe562f3879f363c35d80f
SHA256 88ed138f356e33d9f45fc263bd3636ffb77ae7256a62351531ae0c8dc38427b1
SHA512 ff482bf26935b545cc5113f86df320b6dbc98c2b815e1b36ad1f3d2653b0afd8be54794f85d2ba723e5298660d6183d3214d0c42e52d72cad30033b7ffa7830d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 79c7bf6d8845e7df22d8b602bed859b0
SHA1 8b929c230af1fd850437c80e71d4d6909dc13ad2
SHA256 a0a1a1d50bc5df84800457611b46a2350be137d651464a5961f4a8ca89db90bf
SHA512 53ad3d2c9fa9f9ca9fea31747fe0ab7aa9bebaaf65b8a6805fee9a62080ac7f112224fe5eb5b0e52a4ffffc9fc2e44981614662e3af29ae3fe3212659aa61916

C:\$Recycle.Bin\S-1-5-21-1136334635-2482839916-910800802-1000\$I2KWNUF.zip.WNCRYT

MD5 9de2d268b160cf0176b2fbb03d6d9972
SHA1 fbc62289519af64e97a0dcfc929f9bae4bd9b519
SHA256 bf2251b5ea23f52991aba9c37f28067ce81a603ec4bf23cd56ecf674bd53eaf1
SHA512 7384db017f32fdb62d67951f470c100ee47e48df1df3dbc1d6518c8bbdf1e855f2b221f3e2df67b328c7abefbcee21dc8e9e397bc97f2d6aa21e0e0375a74671

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

MD5 58bd615fb45879f61a8eb8952844f436
SHA1 20369fcb77c50008b6cc3ec32755f53c73328652
SHA256 df7c623b4cb551bbe5e0e2a0bb577f22463c36c728246aa214c483a6d9431286
SHA512 a402e8a030fd527327480a691fb32649fcf884eba37b49a460bb6d4fced191246b09a70c58620faa6137f4600510cacd5a8a8bcf2b16dbe3a82a9008c18b7102

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\TaskData\Tor\tor.exe

MD5 fe7eb54691ad6e6af77f8a9a0b6de26d
SHA1 53912d33bec3375153b7e4e68b78d66dab62671a
SHA256 e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA512 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

memory/4248-1900-0x0000000073D10000-0x0000000073D92000-memory.dmp

memory/4248-1903-0x0000000073BB0000-0x0000000073BD2000-memory.dmp

memory/4248-1904-0x0000000000C10000-0x0000000000F0E000-memory.dmp

memory/4248-1902-0x0000000073C60000-0x0000000073CE2000-memory.dmp

memory/4248-1901-0x0000000073990000-0x0000000073BAC000-memory.dmp

memory/4248-1908-0x0000000073D10000-0x0000000073D92000-memory.dmp

memory/4248-1913-0x0000000073990000-0x0000000073BAC000-memory.dmp

memory/4248-1912-0x0000000073BB0000-0x0000000073BD2000-memory.dmp

memory/4248-1911-0x0000000073BE0000-0x0000000073C57000-memory.dmp

memory/4248-1910-0x0000000073C60000-0x0000000073CE2000-memory.dmp

memory/4248-1909-0x0000000073CF0000-0x0000000073D0C000-memory.dmp

memory/4248-1907-0x0000000000C10000-0x0000000000F0E000-memory.dmp

memory/4248-1917-0x0000000000C10000-0x0000000000F0E000-memory.dmp

memory/4248-1924-0x0000000000C10000-0x0000000000F0E000-memory.dmp

memory/4248-1930-0x0000000073990000-0x0000000073BAC000-memory.dmp

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 a5f1842e78f5f2df67265fea8c85cfcd
SHA1 459b1c154986b937d2b3dca023ae5490a0defaab
SHA256 3c99a9a58855d68fe571ba3bb56a79dd0e77338b18f65b0905966643418fac8c
SHA512 7dc7595aa6a0cb9ff3f494fdbbad263fe1795436b522e6f6fac3fad9bd21a082ce3f910c3971a980cdbd695ad7c341af233bbcc510a39e67a20633bf60808052

memory/4248-1957-0x0000000000C10000-0x0000000000F0E000-memory.dmp

memory/4248-1963-0x0000000073990000-0x0000000073BAC000-memory.dmp

memory/4248-1999-0x0000000000C10000-0x0000000000F0E000-memory.dmp

memory/4248-2008-0x0000000000C10000-0x0000000000F0E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 17b52c0cf63ccf5faded109797ce9556
SHA1 1bd5f5a9f76483626f1b6a17b50bfc6cd901131b
SHA256 1d30166cc84e6d462e96924931cfd431c9cddefc3d6c275d3f942a34608e68c7
SHA512 cf35dc8117a3e6cf4cfffeaf8a7b0d3832b17619c2e33a97168c661f969225baa77dc2c2358b1f5cd6e46f7469a5e3cdeca844bcca8450a1a13086ebc71cf4d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 353027f20a07242f3d17a4bf7c5ce09b
SHA1 7c1cb25a398ecdc493e16a75f1743253c7107c3c
SHA256 b2e9c94a2045b57fa50a75899a3434ba7e16040e508db0fc54f0737a3c52d495
SHA512 776075b8ce9d415593f87b5f71110f83ad84eb0a7c01770d62f03c47d8eb648dd53587022c5d423a699819aba50b4fdf847e15e9dd5363ed137ba8a0b2b024d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 9e05fd7d84c810866af4beea3401ee6b
SHA1 dbe7910f220351a60e802fe7ca9c28f4118b703b
SHA256 2edf3dd3df9ee57e526b4752b989772414c6cf6016783ed99b060eb61be5c1bc
SHA512 96ae07a31e9ed24caba4f541e5048e883ccb708660b20295dc497db640829f3958501b0c39c1d6ab5326e2e5a9c6ec2e8392e4a948b81493f2caee2635921c85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cfa8c142069bac2d031490435fb5e291
SHA1 8c90857903e3df36b8358a355c016999850d6d3e
SHA256 d2c904ac467cb4acb5acab8e0fa15873a35bccc866db2bcd8644a9072b99639e
SHA512 278d48972a479b7312b7ad7aca75ed2312c1f33b17a85c632ce597fb6566366de153b4a6f6ebddfad6aa6f56c2fa9adf0b4a47d1d225bf378bef89cfaf7915e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8dda984ebe10afcfafddf327c7f56345
SHA1 7fd6372e7c3da6089de48b26b76772deb9b1cc71
SHA256 0d2b3bdb6fa0a36c183a2d221993282171a2cdca1cccff830284403ca764eced
SHA512 639972b8ec55ff536e7745aab469198d95393cd33745047bb2f57c297332e534a67f7e5b52cb67eb56239695b9c1512406690d4f394d2e89253f35fde80030dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5e8d1b.TMP

MD5 6ca53e55096eb77d67bc970d74307b87
SHA1 2aa5ac4c49664508b2a84a7c8504723366c5dd61
SHA256 2c1b660d04c1d59bf56d19e2c43fe3ec97236886a113e4eaf021c8fec058d919
SHA512 3cb501dc7939d01b499ef51971a6522752a6b4da016cb415330a3cafa4fefaf7001c2c97522a040a2d39808f2b4f9e7235c76e3b66bc9de295f58ee69e575ea9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3822c070ab33114c37bb7f6f502e4452
SHA1 e6406e9d145daedd9334c31ba2229528597faee7
SHA256 2be7a1aed91ad99e3f30e14420c3738a4399ef36dd9dfda28785fb8e426cc1a4
SHA512 805ca8135f56db61d486c6e77c6b48aa3aac6355bffe7ef2590ae564cc3a37f29d914cfe32482f043b94033d2f584c251fbdcc6db027f696f224235bedd15ba6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a997ac6bd7d787a6d0a7802afc238afb
SHA1 6738ea885e70936071f7467e0de68d842b8588e0
SHA256 c9772dd49166cfda9f428aa3aca63f087f8bede55e3e306151cf9e574f244c19
SHA512 a0270fad66bf042de359ca72a338d9341a4e6fb23056d317b9ecd08dbb767e37ad7d1a1a3c7235623923287ec25928817da9ebf75cd7d374fb2869f214704a18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 45bb76dd40a061145cde79f2c70a56aa
SHA1 3c71dbd51ca9549caa62b94f8a246a7a26dde6fb
SHA256 6e665927e0115dfee5767a5d7de83e57881354e15505b43db63704c8d1c30b8c
SHA512 435b5c1ffa2a2cb171119c2bb40e3329afe5cbab9414fffa5ba661f9e9c49a801d1cb7edb036288da840d2fbd430a0240c91044df768fd850fed5de821d1c2bd

C:\Users\Admin\AppData\Roaming\MEMZ.exe

MD5 5761ae6b5665092c45fc8e9292627f88
SHA1 a7f18d7cf5438ee7dcb4e644163f495d3fa9c0ef
SHA256 7acabca3631db2a73a5e20abd050097e44390ead1d74717aed936601904b73c2
SHA512 1d743b407663e00a296c2ae45cb5a05a0866657afafbc9e8220e4c1839cbab2c09bf2a3510ec8016f902ccb7254edddf2a3412e7f5a4cafcabbeb5724a67b46e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0bd51565-e1c5-4c17-b4af-e7210a5fb0fa.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1efa1e5f617fbf860f9ac4bd75665e45
SHA1 f5533c31c5560fbae0e20d0f1f2fe05d8a4f7252
SHA256 8fab51d31860370080d78ea31357caae7c57171c8c837733e5b19ff41e25e416
SHA512 c52ba23cf53d2ac8739b22109d3e2479b23a25d124b64e9914290ef766b26bf11dd9fc94a7764f5376004e6ebdf9281bedc1be5e9931e0fdfa78ca3813490842

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1e2d8732cce4bea9926cb7f0a0749edd
SHA1 6d1538eb1a236a1db38e36ee8d15399cab539652
SHA256 8f81c17e6c28e69297f18c70cc028a553cb3b481a2b2583abf540c23a56510f1
SHA512 1ded4ee42841ceb6410fc9d3ecc25252520c6e3992a9ce45466084b71f4d69c7e149b6d9f3265ea01d84765b3ef7a10407a0dc5b065fbdcd76a904c071a51ba0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 13a22a7df077544623c1b80ebe9bd4d5
SHA1 d0c5dbb77e833cee2c36c317940c0a1708443153
SHA256 308ec245b9f82961828522bbb449c631fc9ea99460ab1e0d404c12870c5d467f
SHA512 f9260df1be3d37a79e887f3d706171cf920bb84efb5943f97d1795c0671cf8f8d71753259cc97785dcdce1e84f344e4f3771bad47561392c96abba82aeb08162

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fced5e7fe112496c2438141d134bae44
SHA1 0aedd644d9dd87a43ada47a8e3e8b4b6a17ff797
SHA256 0a8c09e1fe511c098ad9a4676f2630cfe06e576e09b88bb88f0a5f9f32714b36
SHA512 626a5d87e12b71032619aa857008f763f9b8e74cce763eb2d1170bb640c05801e6cffb1dab1de5a5f0894f48bc37dce533c3a6c8165ed7f8c8673fe99a407ea3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7332eed54101a07cae14d46ae00419d9
SHA1 2722d74e4e862516f0544beddd63f223119f229b
SHA256 6854c8755f353ccb2353b60f8fae5e36038e675aaf2fc49ac5052dc8e5a44180
SHA512 fc39fba2749deae4d730ce261de2cfd41562faac2252f2c1965e6324cd714be66b06dcb4eea6e885ae569936a500193d563c5509e17eb4422f0904c96955ae7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 088a0daf9e81ea9c51e415bf2b3a6aad
SHA1 dc223b85120995e18349322a58921ae5d10725a0
SHA256 c44a8ba630cd1d5cd419336dd7c1f20121a919b462c41e86a8fe1db8e6d6a7d2
SHA512 c932028a8de5a90a2c0283bd3f887e7aa5ab0536072f259d4379f4ebec991ac5eddb4be639a797b9ccbd680a269c3fe269e2983851302a8e521bb73874621ad8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5b4da7f1c0a5cdc187926aa4da2e4081
SHA1 6a257b540d6cb20863d89901d5028e34ac33284f
SHA256 7bd4c943083f8d44c3cee0ff2599c91e90dedc13266877f5ec761d3bf09c68bd
SHA512 2070289c8dcd46791632aed2572a2289d6c425b74130eed29f205b2628d1e5c9bbbc5f17a7cb4f55ca01dee70c7e7d21a27305b8293fdedfd37fa0c226c94dc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.ask.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3af706d76dc55495659cdae118377660
SHA1 75ef5558bb64132da44e6920b85df14ef8620824
SHA256 46b1a4188b68ea9b267a732749653d54d6f124afbc80ff6e2b91a23402cf5219
SHA512 c29e7835f9b57b5bebff0da2108c46c4e181812d60e23e9ec75f2dbbebd5924ca2b1e0f5ff43a50fadd505af86b4d11bdb0731de3f8d26e8f8f6b7b76524ca3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f4243586d7b2f3dbfdf8db66e1921c46
SHA1 db62dd377709a1780dfd6e94821c9227f933c372
SHA256 448c31bd268a5578f87aec0980dc1865a77e0dbf7059b299fb0a1191ad91de8e
SHA512 41c9511b3c71fb3e491bb4cfebc5591340e5f48da2eec5581b45878cff20feba9028d955a299c208a2a5fb25ae0231c9968c5da35e7ea088a59c6cf97eb3399d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d9cdabea96afe16260d25e814c03b967
SHA1 8ccf9c2bdb3c616fefdb4734c2e231bd36e14d83
SHA256 e12d306d7cc3bb2290e2e2431d65b911e96b3d80c535b0c98580bf9500ae82f0
SHA512 f14af2bed435c2c8360b042706bc298700b41335593a8d067356e7ce30afbe0ed38130dfa196c31442c5be2347cfac6a50583c03460b68c896b878967d51fc1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3f7c866de59026ec0aee046d1a64643c
SHA1 0f9c95d592e032770e0062edf0e4296be1717e0c
SHA256 e826787717dd350624965d815c03077ae49b3544c67e82074e769b064bdefe6c
SHA512 f629d73f6179d99d5c65f0f6b990380b283149511531c584cba93f64d0d702df733936f5e0bbe774f24563c694b605882fae22d921965f0cdf1424a76d21f1fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 5b0cabfeb52b3b7088ffdda529f58cae
SHA1 a887229bc238d49ef6e7bb4fe106c748f1623656
SHA256 6fea072674d376b2bc6c69ca653f13191e2f157940686e499f9ec4f268ae48ce
SHA512 2396a7e0d7491015e5bcf6ef9bc7557d8db55fa1a67de624c1aabe88e8cce8d48e6a26f6227523316f8a16b46e4f8de47d8300635be8f4cf7cb9203185964796

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe60c76b.TMP

MD5 308adfd68de5be71aaaa625a1b1a489d
SHA1 e8e50d2971c54fac0bc6e1c941194c6b7bef8934
SHA256 cd09d2e81e76f33ab9215e1fb135505b300c159eeac2cef5894c1b56b44b2a00
SHA512 a1bdf26f92a10df8bd13701dcadcce3d3c76f9ca57f4ae0e19bd825ff23cd52fca2efc38e61361a61cc8322d6c4f6c66f1379cc8a5d1fc2924821fe277c822d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 71c26818b23243d137633106a9468586
SHA1 81650c3a7dac030a1b2d21707baed07cc4a5ade2
SHA256 3394a87d5e5fa2483e7794081961753ceac3270ab625360a54611759bbd14568
SHA512 94d90c85dae87048f6fe10db86fa5eefbde629162fee7fac39effa55349597d8785f73fedb9d7352cc13c6b4198b03ab88859c8a1b224af1bf93fad93ce6c47d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bc25fa31e3b3cc085b6616b6ce752519
SHA1 9d088677be5f380a1aba38b82830a3493dc8cffd
SHA256 108dddfde8fd86eb0de153150092a42bf2ddfb63b03f7e719c1be42bb1d39461
SHA512 8a8cc5811bc36af0f75220dec9d15b19daf1a98336c2914e56a4c46278c287038c2f656984b4779e45da1dd1529efb9647e1dc31e6735166d79d45351f8b9b57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 65a0eab9a7d4395f8172dcf9ba4d140c
SHA1 384a1462383438100f59a2034f27b823c9a3775d
SHA256 04070a6f7a51cd4596297a94a1081c300b9f17fe0a9179b71a1db559dc67753a
SHA512 c0cc424e4d16b54ecbfa6679115c224a0b6a1698cc7cbbcc05c7f99d3c30dcc9fcc17f9d503983f0c6056d9579f24a2637b7cc4455eee54a1b3fa433cc2ba4bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 bee68f0afaf927da9bec7b3fbef79afe
SHA1 fa44c942a08c4d9a8f70e7c02496ae96a837ad65
SHA256 36ed16ddefc15330accc21e6ef63b8cd3bdec0baef94766a0841243bc6362303
SHA512 f92d81daff3a6f3838d726514d73ea6533005906058e569a04c2c8d066a61b14799dc2be0d6b0bb737159472a4b6c631b46d0e38be3ad96ea6f93d841a9e9ddd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe615737.TMP

MD5 e41dae1264160ccc5850f67861228838
SHA1 9c66f31e0167ab2b680dd4500b7e4a1f15026b1f
SHA256 b6428ca842697f0b2efe269607ce5a9181f911142eb2cdb6b454ba6511ecf86a
SHA512 180b2b5d37b937e3ec4b516972e8e70d0e69fd0e6150b3cc3c9c2b9856d18385ce55f83992c1f22d8b3b7deb44405047df1cbdd5cddea63a7f5ea80ddf7ba722

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dd52158e97f3a336b650421f8fabb7a0
SHA1 ca200aaeb923cadb238bcdeff35f8ea16024d786
SHA256 4a9629952ef3bbd5ed7b33ca1486f16ed5a1b0cd39ea62fc4de34d3e1f2a0733
SHA512 eff02e7a5aecd021c164f8c51b4719a9c6ce83b6b967576089b8af87bbf2e8362ff30457ffb339c59ac0e05293d7c66ade1b49cfc332ce3d84542c8a1bdfaf88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 76dacbbae7c23241821e0ceb3e752f4d
SHA1 35f879772a2d32efffd06104da92a47f88c7cf9d
SHA256 4619ca84cce91e298a19e651c6a091a90ea01f0a9aa6aa6cf172122db26499f5
SHA512 2f9f7b597100982b2c0b5d0ea8df3c169b7c3261419f720aebd2c0051cfcefd466465580fa96706c8c93a6647db871ca15ba52d7066e768f4fe118e11c4d739f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d5c860ad056f86684b6f11eeec856d2c
SHA1 27fcb1baf42c08ad57a858ed5136d385ff49342c
SHA256 d5fad695d88e248026de1f3b11d068c86de2e4621c17c23650e1bf48af00415f
SHA512 2572ab5ddfc31cc80269dd9b0cc9873e155e2260e74dc488574ac6ca5340a1be0e5b35210ff50ca550c462477b092690549da98d9db8ee365f03d1e618dc1c8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4df98cc8b0dec8ac414d1645d20fd478
SHA1 8a799d1cf15cbf116e4614c58b78312d005ba230
SHA256 d359b0781511705076ae8fe044ce0c7d643b995158c1d7253d2392fdcb5a0b5c
SHA512 d8ba3569436de8dd19717815eac51ce6eb34860846362fed94aeb56b9a999a19e526d43d25a8419b15f5774672e6e94e9991d019836dd265f86ed60e137932af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 62269e31a624ad214b7438a905e5351b
SHA1 1504908891366dbcd3fb10802dcdb718a2272046
SHA256 fe329509fff1c8730da1c5433e24fabf4af0feed32e8ceff1c1335ebf64d770a
SHA512 2690e19eeae28c0e1989388387874ac147f17062c0354ffe1993b8401c31e7fc7237a0c31836cdcf41de2c800a0dd57832289f7012003dd2ba518afb0927ac64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d200ce09-af6f-4da3-a4d9-6495ad2b66cd\index-dir\the-real-index~RFe61b054.TMP

MD5 2b672dfb8d6a87c55088c940a32e5b61
SHA1 2c6cca941cde045d96c558e5023ea7b2be1d691d
SHA256 91cc46164d89e3dd5daa7cc758ea7e421a5d09b8cb662a882ed007ff9009f913
SHA512 abbb238eec0bcfc8f51585a9bcb8dc543c5eb3c9ca14aba0378820bc39272193fd97b8aa1d0a23bc25e5956522f70bca94de89e6351dd7d12e3560f7da835c8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d200ce09-af6f-4da3-a4d9-6495ad2b66cd\index-dir\the-real-index

MD5 799d4667410a662aa81ab7f72b272854
SHA1 9c1a90d48f197e0ad72c34506ae1850e2eb22297
SHA256 48923e1d118d698518bf75fc6c1be0cf71a94f505d2a9e8eb19d34b952aa6bd2
SHA512 1c587a1f6cf2fc3f7ec97eac5d55a85061477969ffc3583740cd555b594712c4fc462dceea3530f6625611650be84db53f4ab13d90fda74fb362828cd646c51b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b5ca68b2014611f21f65786a6102e833
SHA1 6c8798a2355af6ebd03c0531f6465fa6a49428b7
SHA256 7e92faefb0e1dd2937c9bc4472a20147313f1570d9723f6d7b10884e1104d129
SHA512 7f71c04ee14e2dc65fd9d8ee9206fd46692a42d46f49b99024b691a65fc0f26f108f5706ce624ff1fa8fb6a94ebe78d4ce38ced7cba293ba1ed594067908d0e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da628c997240874f_0

MD5 af898388f3cc40338a25832a03ef071e
SHA1 16c46198cf645febf5435255bf00f93b039034a1
SHA256 6688ac508c55eeb345913375381eb9e84ca54eb8d9db9c7a4ae3e27ad6d4b3f1
SHA512 aa044bd538d89bca26ab09957a8289e751c79181741ff2c7e685667bd1c3e2748d1c0e26c50af703878097d0c4fb5d61b1a80899f8ecda656a1c83035e976d9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec5ea768045d5c65_0

MD5 913c9b00d4e57ce2c573d343bd5a08e7
SHA1 2be252c1f7255578e4a37aae8341e3f500b4a6d9
SHA256 630fc7f44abb94d9efa471c06702fea9c7b1abd5c08aa4125e40ecdf910f427c
SHA512 536890702e115b92af2784accc387e752e8c7823df78da16bac8f4b8378045ddc3e69ce513908e27569be9fa2beb71ccc3cc89ab11536a3ac6a699d48313000b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bf44a7f84e1780af548291778173faaf
SHA1 5ae9dbbd858d81ff857680ee67db9237c5ab00e5
SHA256 32cdd97619744a14fc9a2be1217ce57bf7e80cb775d0a94609bf164a4fc8821b
SHA512 545c3ccac82c37338b6fc63e2aecfef7ff6bf38f90a64edd8c5e80de4cc410123c17bccdf4e9d11962e70f2cb5742a9e10bcc0afedccf62af0a77edcb824e2b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 11f6705e166f1d4a31f9e0d1856ee92f
SHA1 5c92f753dadc9fb1eb159177ca8d39510c1e5b48
SHA256 e4016b4889f3d3724b6f7c4dd3a46f4b5a1d0cd35039f140d064218fffdc2361
SHA512 d383eacddb345cf3dec5b7ffb9cc8ed8ee164afde48bcb9cb0acee9b0ac6b3dd7594b4f4d975754558103a90bef61fa299f1c833b9736b705002f3b024d319a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 3358e831188c51a7d8c6be54efafc248
SHA1 4b909f88f7b6d0a633824e354185748474a902a5
SHA256 c4cd0c2e26c152032764362954c276c86bd51e525a742d1f86b3e4f860f360ff
SHA512 c96a6aae518d99be0c184c70be83a6a21fca3dab82f028567b224d7ac547c5ef40f0553d56f006b53168f9bba1637fdec8cf79175fd03c9c954a16c62a9c935e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 7d5e1b1b9e9321b9e89504f2c2153b10
SHA1 37847cc4c1d46d16265e0e4659e6b5611d62b935
SHA256 adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af
SHA512 6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 b55b8baf9ced2da93c17f6b749734870
SHA1 b7a0adbe14b12fd8f7bc3fbc27a5611693057cec
SHA256 38f98d8fffec9928c61be37a6d4a3da72e027dfc239b53d784964cc922a201a4
SHA512 69c98fb523179d002566ec88bfcd12800ec0154ef76efc017d05c1dc5f2ea479e5ced0e9c6158a2e8546f88fe19d58a3627bbea546e4ab6905f4f340767fffe8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ebdc8f42dbffbae8b4baf3a30bfd9606
SHA1 791024bb67a2bbed1d5ef4164129373a0f4eb222
SHA256 57646408995c3caab8c115a3f87758bf59a4860274c97b0287b5bb336f378ac4
SHA512 f1f2aa0e8d728b880f3f8c82dc4c58f63de014d63b51c0cea6b7f8a1084456bc6832f56e2d9a976b6f6c259b4b054a25646c951c0795e0e7514f23c10e254bcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 64c7154a33bac7eb2138e44d9e87481b
SHA1 3304b066bd154d0f78306b05d9fcd374b6577511
SHA256 b2c06f7cf26b0586852fe05f6974d82a161d92a3f47818670adf4fdb40cd397d
SHA512 12701758f5af653948273851d2fe0c20e7f6b16997509dd9875c0b133f0953900a641337e1bffdb8593bd03505e5e06ce128291768926ff08c782257882b32b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c5fa1012f0469d9b0650571af5beb609
SHA1 b075a5f081bdd446ae10277c15107da4d73d27cd
SHA256 c3f5b80f5195372f45063ca69944b504687b59dfe8a42851c8f3aa4c8dba1ed8
SHA512 a19655c090c7dbb6755d6be6bd38900ef1d1eaabbbeeda4f61337583afcdef7b23da8168f11b7eee8e07cf1f6fbd76a7d1df64855e4ddcaa30a6f6328839b6a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0533041017f3888f16b5387e48a693cc
SHA1 b16422b2f1a55ae8511822b579f106430df4a30a
SHA256 4f1080db3bdf065d31341190683324e41517464da1bfce0e443a7ff56e22947d
SHA512 02df7a9d1635c76f6451217d93c2298c041ebb83ecf27d10a474243056a0b12902a1ff8208e4d2067830e98d90e027391ed783614df406ae75438577adc724bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa7287a094f81b521568bd01170ab6d0
SHA1 7f5dc61af64d270619f814f6e6ff793708e9844d
SHA256 e9ac9d921d29d3677502ce20d967a2cbf376ffbeb442d55fbf695a3c1ab7dcdc
SHA512 6799e9931eebc4914f72649d0a5d30d6ed88ef1418a5818d54632f1a360f26bc5a57c5812719a0afbf6fecbd68e58da4bb51eb76347950092f3ba63014f0c876

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7dc5fe2eb5fa052153f55bc5377d7673
SHA1 9a1b907604648b566788ed455b7df8232cf8ece5
SHA256 416da30a4edd7f59fd1cd97c2f54bc88cda5c0ebe317c0a6c9f74e2cf127f8e1
SHA512 ed8f393016448191dceb82b844cfc2dd0d5855808e0002ead4372d2f20aaf9bf1c08fc9f05e90a9b26ba01cf856142cbd448d9656f77630877ec27762d7add7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 7322a4b055089c74d35641df8ed19efa
SHA1 b9130bf21364c84ac5ed20d58577f5213ec957a1
SHA256 c27e6cbe88590ba6a04271b99d56aa22212ccf811a5d17a544ee816530d5fd44
SHA512 bad26b076fa0888bf7680f416b39417abe0c76c6366b87e5a420f7bc5a881cc81f65b3ef4af4ba792aa6030bcf08bdc56b462775f38c4dbf48ff4d842c971bea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 209af4da7e0c3b2a6471a968ba1fc992
SHA1 2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f
SHA256 ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403
SHA512 09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

MD5 de7e997ddc4f38c66cebade234a692bc
SHA1 65ef7e7dfcf4d5fcb94c64ae45a35db0bcfb913d
SHA256 c342b5f8d7a4e7f4ef8b45d9716b93ff9e1dffa73b730d30e4bd8a2fdd7ff04e
SHA512 ca419922e920955857ed32d59622397ad3949189db2ed1b1eee3da3369f15802d0aed852bb85dae748c08be2fe6353f1eac9e07e9065543476c0da3d4e399482

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 68f0a51fa86985999964ee43de12cdd5
SHA1 bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256 f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA512 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

MD5 3051c1e179d84292d3f84a1a0a112c80
SHA1 c11a63236373abfe574f2935a0e7024688b71ccb
SHA256 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512 df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 4f6875803e0a9a11f922be9475faca68
SHA1 b12a9805a4f1a76155714c1fd1cee1428afe9580
SHA256 0638fbbd994d7bccbe9a0d05cb3b031d3f1291ed4c70d4f1b08ea687b8b30aac
SHA512 a0492243a8891d704e8734b4f9d002fa82fa2b106ab09bb233f6e9542faf0beafb117d015559784285141d7e05975032edb77158f21a961c957cc91b773844a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 4da08e95702be2c98662c6e62a19994a
SHA1 b665be7a9177147ef9b72870fdfee58d4daedb80
SHA256 69fed175cc1393b9c0fb7a21b7b80d1160d2b6d02502d02cd97e9a5c2dbcd803
SHA512 1ece99b45362786fcb8e7aae6cd1273013a1049cf2657e568d9c2d5fb36f446fb18bb4b42cde12f07d86bc934c36798ae6b87e460bb32d890cd9b5a9dbcf5752

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 11a0308c92dc2b37d668097da95a6c2b
SHA1 92dccc23200d04f141da45d37d89a1e666a52da3
SHA256 30fae230a2fe4100e9b581fb5e5e06a98fd59edc67468d086262723e7bf91cf1
SHA512 0d108cf2ff06ad54d88abc1f615ca6f0da4ad26fcf7ab54c1b4dc138b515e01216a24aebb6b0c0e135e677e39bd6cdd7935c050a568c249418da71e50aa5702d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ce2ed1ffe3ac1a02119b392ac0e3fa3d
SHA1 e401ed492e3acb94a498d918280182ba355e026d
SHA256 477177bb59986c0d9c714ddc78bf486b0b75ee363a8e414f889b33f4cf433d60
SHA512 3d3eda1dfe4388c63806fdc0fa231df6fb7afa065ab2a1c5f21d40066873e3bb9e291f340d7186f6547274b03f707b521277d7e46085cf1b3997acd6016b143e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d628bace90128654_0

MD5 c43e312e640e509626e594292c0156ae
SHA1 a1a0eaddfd17ca5b05b62e4f976b65ba7bb98304
SHA256 0d261651929c687340398eabdc2685f28276f8a077d478965a05ec5f7f293109
SHA512 ef7a2dcc0bade0a4fbd32f72a284ec375da4fc97786c818fb51cde728e1ba2a720138a01792eca352750c3a26e86aba4928952120637e1ab1e2bb6bc31a30984

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0ed0a6ae69d59782a8fe52c559505ed4
SHA1 653be999fed990d0162442cc92a7f39a55d46662
SHA256 bd1b3f5f0f009a29f89be9db46f05e112a54c71bd3b73d82fac0d336ee3f67c0
SHA512 e73fe25caf68f882586bad94526d93153af19749c0f94b1541606f0322f4ec1d7094d205b89dcb201c8654c89f7b51bb83c359ad8f962d7ac9c6c33ed3ec547f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 db1bed174fb81ad4a378288a55bca7d7
SHA1 ba61bfc7f744ced32b69f962bc436cc14d791353
SHA256 768eeaa48ec58bc80cc2a3dfb6bea1bbfbfcc40a7eaddee396e34a2cae667cc8
SHA512 d3283bc7e02eda801c6758660253f1777f44cdcb83de8f5c84a9ae5344f91b9ea21423ef62b2bb3bd2664fb348c1bf49b9bae9f81ccd1dd9a620f6f328f2519f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8b06ac494e0e6b6eb89ed9adccbee7b3
SHA1 93615aac29d4f0816d0e04736e9a4d22c7815718
SHA256 5aa6b9fa0537d991ecfa6db90912d86fa6564e71441bcf2ad3ed51f4c1f6ab3d
SHA512 528a2a87e96e7e8122e1ca5c3f99357d5dd0437b337083638093faf272b3f3ef9f706d4f3f16273952fc17437868138230c67fcf29b245e7f8e55e8827ff607f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 f42dddddc6bf1b96e0b0b2fe10e0c8ef
SHA1 23425ba1dae6a8a450124bf540f5f86ec22769f2
SHA256 f2723d2cf1a36bcbec35fb1bf95400a81d8517d4009f9fb8c43f274bf1dc02fb
SHA512 c5e2011a2482f1d6b4392c0f885c9d8f85542928f481b00fe593b6324ff5544458281aec955eb61d60d0eb3b2193951cd8ac1f1311eecd9a3bf6395130ae808f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0074c1f7f98d23f3063286fbbb086ed4
SHA1 a4922ee368521267443bb1b257aa40c2abae2e25
SHA256 349748f908830b67c6cc4d3f276cbe6ea890a4faaf79e0e658a698a456e8bc87
SHA512 e6f9f3bc58afa19f4b71b79588077fdb3e73ecce17a7eefd9d0f7e9e031e187361dd8d9793923f7f65e232d3028b7ba869a821934c853da3859a4414b6a66601

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1a31c8159c2a48dc0d9c310c8c45803b
SHA1 288314f51eacb7086452e44d13e21761619a9fbd
SHA256 f60bcf92ec0530d6a5777029345b22c00048de92ba0723be3c6f5aba7548c36e
SHA512 f7dca7919e65b4666d61ba20fadc92d2131d389e195bb8212b289f81d205e1f4d605867c0af900cbb12e256bc5a20b6febf65f5ad7b7909dead226631877ed5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 ffc507ab662c24424f3fcb9e8d2eecf9
SHA1 f447984c038d8ece67915c0492e8610894dbc255
SHA256 0468c9bba7e5bb67ac35bc4f4609a257e6fc542e4faddcb494e285e60e9bf170
SHA512 6cecb73607062e2f7280b2cd0f33c014b1fc5190c34120452bd297001b0ed585dc35a451fda300de6864098896a76006a6577ffcc98fd8c0b0d4ed7f961ebece

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25de1eb133c2ae6e_0

MD5 b0e3365994cfdd8aa6f43cfac4361141
SHA1 9a6e741fdd6761590f60ca66878d60111e34a4b5
SHA256 15da97890599c7dbf70f456e62d696ffac8681814a44666ed3629a1f4421b607
SHA512 ff5b585e7414a0488053f75ce5d77d37a8492ad907cb6dbf55ecb6d9d97d9aa71e397886542a0fe2ae3f4450cd9180950f50b33aa0aa06be6d657cba2a3408fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 507a1148e53314fe31b6c1e26da41eb3
SHA1 d3086046228feda47a668e87d0546cb4e708b20e
SHA256 292b2edf76d7b559053fa792286bc9b1592c877249185185fab733bb2a54636a
SHA512 c4d5a0608571a7b140e2ee9e791126b06210528e1da08aac0c0b1d37ea2dffacf6d4177b8a83627315e5e1d733d2950e25fe40e74edf6579ac8b25b41e39b1c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ccbff0b914d857d54b37187e7c7c0e6c
SHA1 04f78beee3626dbf2bbacb801bf8bbcbbd4782c9
SHA256 4d2a793f514b1bd555afd32b5682baedf2371f807c3053300077308495404c5a
SHA512 9e96308f842a790af179ded6144999ba6690d2f4fb105587ea9dd754db88e46d621e1fbdc3af24307ca2f11e091ced618a105b183cd112cd42b2a6ca53582503

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 16d4a4f78376c745a94f792f5e6cd31e
SHA1 d5960e7efa0265ebb13f50fda8e3713fadd1017a
SHA256 9365c63e8816fdc4529d850e9f234336d3379974962a3cbd6c540fa4f41be1bf
SHA512 40f289803c5e14306ee97e17ac662c2d006620b5b838f70943116d28cbd5a0d4aa4d5e05d095a272dc95da659837ef1a74fe32186e42e71a2ab73b3690afa71f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f4f6eec23f8b7c2a3bacb15b1f47aee8
SHA1 fd0d2edadd45bb79ed8959db48bcf59173d0c3f6
SHA256 081f11dd15c8810956b429e6e8b69ea9808fcb90f273d4db5b25ee86b8f3f20a
SHA512 dac653eb8fe09562bd7618985f856abcff61a0bf7438988537faf969bbe3b7c5a5c2f52229bab6b6b539209b5317ae8984233f1ac98d72c1305aa47a4a2199b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3a92f1b2a64a1c993e52f1a75f148678
SHA1 60f2da350fc5785ae2ed24743a733d7b3d117a30
SHA256 34cbd7b621b843635626057b359d2f619f6e28e674032a4978930a738ae31cc8
SHA512 bf9be90d66e0d6e534e119a41c3f44167708acfe6ebf70c6e91ab78c2a707ab9ce033e8c4faf2dba240fb6d3d5a203f6dd6f4bdcef2eae1532baef40da433b67

C:\Users\Admin\AppData\Local\uninst.exe

MD5 6207aefc46ac857f836bf3669d91f7bd
SHA1 a7df873db5acdbf3bfc6eb03401114a613e64946
SHA256 f01ecaaa5bfb32d500a79ea28a64c5a25ec81c03f7cbf4206706e7580508ce4e
SHA512 0a3e9d8e69b12ce2900e0daf249d0dbb571c43caaa39a3952f126d958a14d5265fee777f4ffca0da521e61d87375efd2e58135926220acae45e442e81a7c4162

C:\Users\Admin\AppData\Local\Temp\nsh23C6.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

MD5 e4a499b9e1fe33991dbcfb4e926c8821
SHA1 951d4750b05ea6a63951a7667566467d01cb2d42
SHA256 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512 a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

MD5 f1656b80eaae5e5201dcbfbcd3523691
SHA1 6f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA256 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512 e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

C:\Users\Admin\AppData\Local\Temp\nsh23C6.tmp\nsExec.dll

MD5 132e6153717a7f9710dcea4536f364cd
SHA1 e39bc82c7602e6dd0797115c2bd12e872a5fb2ab
SHA256 d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2
SHA512 9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

MD5 0cbf0f4c9e54d12d34cd1a772ba799e1
SHA1 40e55eb54394d17d2d11ca0089b84e97c19634a7
SHA256 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512 bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\andmoipa.ttf

MD5 c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA1 4567ea5044a3cef9cb803210a70866d83535ed31
SHA256 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512 f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Msvcirt.dll

MD5 e7cd26405293ee866fefdd715fc8b5e5
SHA1 6326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA512 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Msvcp50.dll

MD5 497fd4a8f5c4fcdaaac1f761a92a366a
SHA1 81617006e93f8a171b2c47581c1d67fac463dc93
SHA256 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA512 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.hlp

MD5 80d09149ca264c93e7d810aac6411d1d
SHA1 96e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA512 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tvenuax.dll

MD5 1587bf2e99abeeae856f33bf98d3512e
SHA1 aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256 c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA512 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.dll

MD5 ed98e67fa8cc190aad0757cd620e6b77
SHA1 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256 e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512 ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.inf

MD5 0a250bb34cfa851e3dd1804251c93f25
SHA1 c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA256 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA512 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ADVPACK.DLL

MD5 81e5c8596a7e4e98117f5c5143293020
SHA1 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA256 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA512 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

MD5 466d35e6a22924dd846a043bc7dd94b8
SHA1 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256 e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA512 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

MD5 316999655fef30c52c3854751c663996
SHA1 a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256 ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA512 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

MD5 b127d9187c6dbb1b948053c7c9a6811f
SHA1 b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256 bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA512 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

MD5 b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1 d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA256 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA512 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

MD5 9fafb9d0591f2be4c2a846f63d82d301
SHA1 1df97aa4f3722b6695eac457e207a76a6b7457be
SHA256 e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512 ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\W95INF32.DLL

MD5 4be7661c89897eaa9b28dae290c3922f
SHA1 4c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256 e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA512 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\W95INF16.DLL

MD5 7210d5407a2d2f52e851604666403024
SHA1 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA512 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

MD5 48c00a7493b28139cbf197ccc8d1f9ed
SHA1 a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512 c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

MD5 4fbbaac42cf2ecb83543f262973d07c0
SHA1 ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA256 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA512 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

MD5 5c91bf20fe3594b81052d131db798575
SHA1 eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256 e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512 face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

MD5 a334bbf5f5a19b3bdb5b7f1703363981
SHA1 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256 c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA512 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

MD5 7c5aefb11e797129c9e90f279fbdf71b
SHA1 cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512 df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

MD5 237e13b95ab37d0141cf0bc585b8db94
SHA1 102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256 d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA512 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

C:\Users\Admin\AppData\Local\Temp\Reg.nbd

MD5 a8ed45f8bfdc5303b7b52ae2cce03a14
SHA1 fb9bee69ef99797ac15ba4d8a57988754f2c0c6b
SHA256 375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b
SHA512 37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

C:\Users\Admin\AppData\Local\Temp\Reg.nbd

MD5 4de674e08ea9abd1273dde18b1197621
SHA1 7592a51cf654f0438f8947b5a2362c7053689fd8
SHA256 56010f4c8f146425eb326c79cbad23367301e6a3bc1e91fdcd671ce9f5fc4b63
SHA512 976d5772c2b42616cf948f215a78fa47d8154798abf1148f7f750545ed3de9ec1ecdf2e7e16b99c1459e5519a81301b9c1e6864e992a807b78257f0abaecc4c8