Analysis Overview
Threat Level: Known bad
The file https://archive.org/details/malware-pack-2 was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Boot or Logon Autostart Execution: Active Setup
Event Triggered Execution: Image File Execution Options Injection
Modifies file permissions
Reads user/profile data of web browsers
Drops startup file
Loads dropped DLL
Executes dropped EXE
Drops desktop.ini file(s)
Checks installed software on the system
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Writes to the Master Boot Record (MBR)
Adds Run key to start application
Drops file in System32 directory
Sets desktop wallpaper using registry
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
Checks processor information in registry
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy WMI provider
Modifies Internet Explorer settings
Views/modifies file attributes
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Enumerates system info in registry
Modifies registry key
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-06 17:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-06 17:52
Reported
2024-07-06 18:09
Platform
win11-20240704-en
Max time kernel
964s
Max time network
1008s
Command Line
Signatures
Wannacry
Deletes shadow copies
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger = "rekt.exe" | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe\Debugger = "rekt.exe" | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonui.exe | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonui.exe\Debugger = "rekt.exe" | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "rekt.exe" | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "rekt.exe" | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe\Debugger = "rekt.exe" | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe\Debugger = "rekt.exe" | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD2D26.tmp | C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\[email protected] | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD2D2D.tmp | C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\[email protected] | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lknmewvzsp534 = "\"C:\\Users\\Admin\\Downloads\\Malware_pack_2\\Malware_pack_2\\WannaCrypt0r\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Windows\CurrentVersion\Run\DesktopXmasTree = "C:\\Users\\Admin\\AppData\\Roaming\\Data\\tree.exe" | C:\Users\Admin\AppData\Roaming\Data\tree.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
Checks installed software on the system
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini | C:\Users\Admin\AppData\Roaming\Data\Installer.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini | C:\Users\Admin\AppData\Roaming\Data\Installer.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini | C:\Users\Admin\AppData\Roaming\Data\Installer.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini | C:\Users\Admin\AppData\Roaming\Data\Installer.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini | C:\Users\Admin\AppData\Roaming\Data\Installer.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini | C:\Users\Admin\AppData\Roaming\Data\Installer.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini | C:\Users\Admin\AppData\Roaming\Data\Installer.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini | C:\Users\Admin\AppData\Roaming\Data\Installer.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\SET2AEE.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\SysWOW64\SET2AEE.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp50.dll | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Data\\Pussy.png" | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\fonts\SET2AAD.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET29F2.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET29F4.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET29F8.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\mslwvtts.dll | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\lhsp\tv\SET2A9B.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET2A9C.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\fonts\SET2AAD.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDPv.dll | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentMPx.dll | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET29F1.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET29F0.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\help\SET29F9.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET29F6.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\SET29F7.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET29F5.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\help\tv_enua.hlp | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSR.dll | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET29F6.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET29F8.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET2A0B.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\SET2AED.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\INF\SET2AED.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSvr.exe | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET29F0.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentPsh.dll | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\intl\Agt0409.dll | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\lhsp\tv\SET2A9C.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET29DF.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\intl\SET29FA.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET29F3.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET29F2.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\INF\SET29F7.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tvenuax.dll | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\MsAgent\chars\Bonzi.acs | C:\Users\Admin\AppData\Roaming\Data\Installer.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET29F5.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\help\SET29F9.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\lhsp\help\SET2AAC.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET29F1.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET2A0B.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET2A9B.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET29F4.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentCtl.dll | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentDp2.dll | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\help\Agt0409.hlp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\intl\SET29FA.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\tv_enua.inf | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET29DF.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgtCtl15.tlb | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tv_enua.dll | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\SET2AAC.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET29F3.tmp | C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Recovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.22000.1\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31117273" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main\SearchBandMigrationVersion = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "3353859568" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D1955345-3BC2-11EF-B03F-D69AC9ECD474} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\SearchScopesUpgradeVersion = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\BrowserEmulation | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1136334635-2482839916-910800802-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{065E6FD1-1BF9-11D2-BAE8-00104B9E0792} | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B976287-3692-11D0-9B8A-0000C0F04C96}\TypeLib\ = "{0A45DB48-BD0D-11D2-8D14-00104B9E072A}" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\MiscStatus\ = "0" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE9-8583-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4900F95-055F-11D4-8F9B-00104BA312D6}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus\1 | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.Slider.2\CLSID\ = "{F08DF954-8592-11D1-B16A-00C0F0283628}" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DECC98E1-EC4E-11D2-93E5-00104B9E078A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35053A21-8589-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F050-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E3867AA-8586-11D1-B16A-00C0F0283628}\TypeLib | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575}\InprocServer32\ = "C:\\Windows\\lhsp\\tv\\tvenuax.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD3-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{1D06B600-3AE3-11CF-87B9-00AA006C8166} | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSFrame.3\CLSID | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66833FE5-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48E59292-9880-11CF-9754-00AA00C00908}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD4-1BF9-11D2-BAE8-00104B9E0792}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\MiscStatus\1 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{159C2806-4A71-45B4-8D4E-74C181CD6842}\ = "_CCalendarVBPeriod" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0A45DB48-BD0D-11D2-8D14-00104B9E072A}\2.0\FLAGS | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D6589123-FC70-11D0-AC94-00C04FD97575}\2.0 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{159C2806-4A71-45B4-8D4E-74C181CD6842}\ = "CCalendarVBPeriod" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageComboCtl.2\CLSID\ = "{DD9DA666-8594-11D1-B16A-00C0F0283628}" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\MiscStatus\1 | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FD8-1BF9-11D2-BAE8-00104B9E0792}\MiscStatus\ = "0" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792}\ProgID\ = "Threed.SSPanel.3" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentCharacter" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl.2\ = "Microsoft ImageList Control, version 6.0" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628} | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A031FBF6-81A7-4440-9E20-51ABB2289E4B}\VERSION | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{35053A20-8589-11D1-B16A-00C0F0283628} | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2C247F26-8591-11D1-B16A-00C0F0283628}\ = "IImage" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDF-1BF9-11D2-BAE8-00104B9E0792} | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DACB7A39-CC0D-4B85-908B-10D2451761A5}\TypeLib | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{62FCAC31-2581-11D2-BAF1-00104B9E0792}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FDE-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\Version = "3.0" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DECC98E1-EC4E-11D2-93E5-00104B9E078A}\ = "ISSImage" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{22EB59AE-1CB8-4153-9DFC-B5CE048357CF}\ProgID | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6B1BE80A-567F-11D1-B652-0060976C699F}\1.1 | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628}\TypeLib | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FD5-1BF9-11D2-BAE8-00104B9E0792}\ = "ISSFrameBase" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04C-858B-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\Programmable | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{916694A9-8AD6-11D2-B6FD-0060976C699F}\TypeLib\ = "{6B1BE80A-567F-11D1-B652-0060976C699F}" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FDC-1BF9-11D2-BAE8-00104B9E0792}\ToolboxBitmap32 | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0A45DB4E-BD0D-11D2-8D14-00104B9E072A}\TypeLib\Version = "2.0" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F055-858B-11D1-B16A-00C0F0283628}\ = "IListSubItem" | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.Toolbar | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\ProgID | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\LWVFile | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{916694A8-8AD6-11D2-B6FD-0060976C699F}\TypeLib | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Malware_pack_2.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://archive.org/details/malware-pack-2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5268 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3780 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14129984715017937412,11018984055383773752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\[email protected]
"C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\[email protected]"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 90211720288678.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "lknmewvzsp534" /t REG_SZ /d "\"C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "lknmewvzsp534" /t REG_SZ /d "\"C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\tasksche.exe\"" /f
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+buy+bitcoin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,14417055205314558585,13687258338809242749,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,14417055205314558585,13687258338809242749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,14417055205314558585,13687258338809242749,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14417055205314558585,13687258338809242749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14417055205314558585,13687258338809242749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14417055205314558585,13687258338809242749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe
"C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe"
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
C:\Users\Admin\AppData\Roaming\MEMZ.exe
/watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
/watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
/watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
/main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe
"C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x00000000000004D0
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=pussy+destroyer
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2016 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x120,0x130,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=animated+christmas+tree+for+desktop
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=cat+desktop
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=how+to+get+cursormania+in+2016
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=mp3+midi+converter
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=grand+dad+rom+download
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xc0,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=fuck+bees
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/results?search_query=tootorals
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6568 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Roaming\Data\tree.exe
"C:\Users\Admin\AppData\Roaming\Data\tree.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7896 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=smash+mouth+all+star+midi
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7592 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=cool+toolbars
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=limp+bizkit+mp3+download
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=stanky+danky+maymays
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:1
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=succ
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=expand+dong
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=john+cena+midi+legit+not+converted
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0x100,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9108 /prefetch:1
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=cortana+is+the+new+bonzi
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=myfelix+download
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=free+midi+download
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=preventon+antivirus+download
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9332 /prefetch:1
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=snow+halation+midi
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=smileystoolbar+download
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=bad+ass+mafia+toolbar
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+bonzi+buddy+a+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x120,0x130,0x7ffa16843cb8,0x7ffa16843cc8,0x7ffa16843cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,15608495741682676651,16114236704094877427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9488 /prefetch:1
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Roaming\Data\Installer.exe
"C:\Users\Admin\AppData\Roaming\Data\Installer.exe"
C:\Windows\SysWOW64\CScript.exe
"C:\Windows\system32\CScript.exe" "C:\Users\Admin\AppData\Local\Temp\Bonzi\run.vbs" //e:vbscript //B //NOLOGO
C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE
"C:\Users\Admin\AppData\Local\Temp\Runtimes\MSAGENT.EXE" /Q
C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe
"C:\Users\Admin\AppData\Local\Temp\Runtimes\tv_enua.exe" /Q
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE
"C:\Users\Admin\AppData\Local\Temp\BonziBDY_35.EXE"
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3840 CREDAT:17410 /prefetch:2
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3840 CREDAT:82948 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3840 CREDAT:17414 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3840 CREDAT:82952 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3840 CREDAT:17420 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3840 CREDAT:82960 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3840 CREDAT:17428 /prefetch:2
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
taskdl.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.239.241:443 | polyfill.archive.org | tcp |
| US | 8.8.8.8:53 | 241.239.241.207.in-addr.arpa | udp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 207.241.227.211:443 | ia600401.us.archive.org | tcp |
| GB | 92.123.142.177:443 | tcp | |
| US | 20.189.173.2:443 | browser.pipe.aria.microsoft.com | tcp |
| GB | 95.101.129.216:443 | r.bing.com | tcp |
| GB | 95.101.129.216:443 | r.bing.com | tcp |
| GB | 95.101.129.216:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 222.197.79.204.in-addr.arpa | udp |
| US | 52.111.227.13:443 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:51690 | tcp | |
| FR | 51.255.41.65:9001 | tcp | |
| US | 199.254.238.52:443 | tcp | |
| FR | 163.172.138.22:443 | tcp | |
| DE | 89.163.247.43:9001 | tcp | |
| NL | 194.109.206.212:443 | tcp | |
| FR | 163.172.194.53:9001 | tcp | |
| DE | 131.188.40.189:443 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| NL | 77.174.164.37:9001 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 92.123.142.177:443 | tcp | |
| US | 13.107.138.254:443 | spo-ring.msedge.net | tcp |
| US | 52.123.129.254:443 | dual-s-ring.msedge.net | tcp |
| US | 52.108.8.254:443 | wac-ring.msedge.net | tcp |
| US | 8.8.8.8:53 | 254.129.123.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 142.250.178.4:80 | google.co.ck | tcp |
| GB | 142.250.178.4:80 | google.co.ck | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | pcoptimizerpro.com | udp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| IE | 212.82.100.137:80 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | 137.100.82.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ask.com | udp |
| GB | 199.232.58.114:80 | ask.com | tcp |
| GB | 199.232.58.114:80 | ask.com | tcp |
| US | 8.8.8.8:53 | www.ask.com | udp |
| US | 151.101.66.114:443 | www.ask.com | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | 114.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.58.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ak.staticimgfarm.com | udp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| GB | 173.222.210.169:443 | ak.staticimgfarm.com | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 216.58.204.78:443 | syndicatedsearch.goog | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | client.px-cloud.net | udp |
| GB | 92.123.140.34:443 | client.px-cloud.net | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 216.58.204.78:443 | syndicatedsearch.goog | udp |
| GB | 172.217.16.226:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | collector-px8zofp9vf.px-cloud.net | udp |
| US | 35.190.10.96:443 | collector-px8zofp9vf.px-cloud.net | tcp |
| US | 8.8.8.8:53 | cdn.aimtell.com | udp |
| US | 8.8.8.8:53 | s3.amazonaws.com | udp |
| US | 54.231.134.168:443 | s3.amazonaws.com | tcp |
| US | 104.18.4.165:443 | cdn.aimtell.com | tcp |
| US | 8.8.8.8:53 | 52.178.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.210.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.10.190.35.in-addr.arpa | udp |
| US | 104.20.94.138:443 | c.statcounter.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 104.22.70.231:443 | cdn.aimtell.io | tcp |
| US | 35.190.10.96:443 | collector-px8zofp9vf.px-cloud.net | udp |
| US | 8.8.8.8:53 | 88.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.94.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.70.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t1.gstatic.com | udp |
| US | 8.8.8.8:53 | t2.gstatic.com | udp |
| GB | 216.58.212.228:443 | t2.gstatic.com | tcp |
| GB | 172.217.169.68:443 | t1.gstatic.com | tcp |
| GB | 172.217.169.68:443 | t1.gstatic.com | tcp |
| GB | 172.217.169.68:443 | t1.gstatic.com | tcp |
| US | 8.8.8.8:53 | 228.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.169.217.172.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| IE | 212.82.100.137:80 | search.wow.com | tcp |
| IE | 212.82.100.137:80 | search.wow.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | search.wow.com | udp |
| IE | 212.82.100.137:80 | search.wow.com | tcp |
| GB | 142.250.178.4:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 216.58.204.78:80 | www.youtube.com | tcp |
| GB | 216.58.204.78:80 | www.youtube.com | tcp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| GB | 216.58.204.78:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 246.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.187.193:443 | yt3.ggpht.com | tcp |
| GB | 142.250.187.193:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | yt3.googleusercontent.com | udp |
| GB | 142.250.178.1:443 | yt3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 193.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.180.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.180.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 216.58.201.110:443 | youtube.com | tcp |
| GB | 95.101.143.202:80 | www.bing.com | tcp |
| GB | 95.101.143.202:80 | www.bing.com | tcp |
| GB | 95.101.143.202:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.143.101.95.in-addr.arpa | udp |
| GB | 88.221.135.11:443 | r.bing.com | tcp |
| GB | 88.221.135.35:443 | r.bing.com | tcp |
| GB | 88.221.135.35:443 | r.bing.com | tcp |
| GB | 88.221.135.11:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 35.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.75:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| IE | 212.82.100.137:80 | search.wow.com | tcp |
| IE | 212.82.100.137:80 | search.wow.com | tcp |
| IE | 212.82.100.137:443 | search.wow.com | tcp |
| IE | 212.82.100.137:443 | search.wow.com | tcp |
| US | 8.8.8.8:53 | guce.yahoo.com | udp |
| IE | 34.251.112.118:443 | guce.yahoo.com | tcp |
| US | 8.8.8.8:53 | consent.yahoo.com | udp |
| IE | 34.242.212.22:443 | consent.yahoo.com | tcp |
| US | 8.8.8.8:53 | 118.112.251.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| IE | 34.242.212.22:443 | consent.yahoo.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| US | 8.8.8.8:53 | 12.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.212.242.34.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| GB | 95.101.143.202:443 | www.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | search.wow.com | udp |
| IE | 212.82.100.137:80 | search.wow.com | tcp |
| IE | 212.82.100.137:80 | search.wow.com | tcp |
| IE | 212.82.100.137:443 | search.wow.com | tcp |
| US | 8.8.8.8:53 | guce.wow.com | udp |
| IE | 34.251.112.118:443 | guce.wow.com | tcp |
| IE | 34.242.212.22:443 | guce.wow.com | tcp |
| GB | 87.248.114.12:443 | s.yimg.com | tcp |
| US | 8.8.8.8:53 | edge-mcdn.secure.yahoo.com | udp |
| US | 8.8.8.8:53 | csp.yahoo.com | udp |
| GB | 87.248.114.11:443 | edge-mcdn.secure.yahoo.com | tcp |
| IE | 188.125.72.139:443 | csp.yahoo.com | tcp |
| GB | 87.248.114.11:443 | edge-mcdn.secure.yahoo.com | tcp |
| US | 8.8.8.8:53 | 11.114.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.72.125.188.in-addr.arpa | udp |
| GB | 142.250.178.4:80 | google.co.ck | tcp |
| GB | 142.250.178.4:80 | google.co.ck | tcp |
| GB | 216.58.204.78:443 | www.youtube.com | udp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 184.28.176.113:443 | r.bing.com | tcp |
| GB | 184.28.176.113:443 | r.bing.com | tcp |
| GB | 184.28.176.115:443 | th.bing.com | tcp |
| GB | 184.28.176.115:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 113.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sydney.bing.com | udp |
| GB | 184.28.176.88:443 | sydney.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 88.176.28.184.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | consent.yahoo.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | search.yahoo.com | udp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| US | 8.8.8.8:53 | guce.yahoo.com | udp |
| IE | 34.251.112.118:443 | guce.yahoo.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 184.28.176.32:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 32.176.28.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.yahoo.com | udp |
| US | 8.8.8.8:53 | ask.com | udp |
| GB | 151.101.190.114:80 | ask.com | tcp |
| GB | 151.101.190.114:80 | ask.com | tcp |
| US | 8.8.8.8:53 | www.ask.com | udp |
| US | 151.101.194.114:443 | www.ask.com | tcp |
| US | 8.8.8.8:53 | 114.190.101.151.in-addr.arpa | udp |
| GB | 216.58.204.78:443 | www.youtube.com | udp |
| GB | 173.222.210.233:443 | ak.staticimgfarm.com | tcp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 35.190.10.96:443 | collector-px8zofp9vf.px-cloud.net | udp |
| US | 8.8.8.8:53 | 114.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.210.222.173.in-addr.arpa | udp |
| US | 104.20.94.138:443 | c.statcounter.com | tcp |
| US | 104.18.4.165:443 | signals.aimtell.com | tcp |
| US | 104.22.70.231:443 | cdn.aimtell.io | tcp |
| US | 8.8.8.8:53 | t0.gstatic.com | udp |
| US | 8.8.8.8:53 | t3.gstatic.com | udp |
| GB | 216.58.212.228:443 | t2.gstatic.com | udp |
| GB | 172.217.169.68:443 | t1.gstatic.com | udp |
| GB | 216.58.201.100:443 | t0.gstatic.com | tcp |
| GB | 216.58.201.100:443 | t0.gstatic.com | tcp |
| GB | 142.250.180.4:443 | t3.gstatic.com | tcp |
| GB | 142.250.180.4:443 | t3.gstatic.com | tcp |
| GB | 142.250.180.4:443 | t3.gstatic.com | tcp |
| US | 8.8.8.8:53 | 100.201.58.216.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 142.250.178.4:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 35.190.10.96:443 | collector-px8zofp9vf.px-cloud.net | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 50.18.226.206:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 54.67.3.58:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | 206.226.18.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | opensea.io | udp |
| US | 172.64.154.159:443 | opensea.io | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| GB | 95.100.245.168:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | 58.3.67.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.245.100.95.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | buddy.bonzi.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b88c419948b22d8f079311239c952096 |
| SHA1 | 57bde0e55d3ad4c555f1dae4224a64a0d2375da9 |
| SHA256 | d424881e070ffbdcf8801a339813bcd5dbdd9c1d121d197e7924adceeed0ab4a |
| SHA512 | 76bcb75c16d21cb2f452f19562c2d311e3741c6aaf22128ec6b2c37159c9b28c3337ff6a57a38430b0c249d6d4eca7185a859ca32515dc44de106fb0a45d6c3b |
\??\pipe\LOCAL\crashpad_1492_BHUUYCNLIQOOKEEL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f99c482b569e51ec044a39d33e5aa9d |
| SHA1 | c4118d25e83679a64720b0c32ae30aa6fab0fe26 |
| SHA256 | cc73e826d62a46c84cc26263266fb7015c15180e3844062e35305875b1180895 |
| SHA512 | 2693cc5e9b465a2296700d2563469b53460b82b87125793a638e9efd6b69b30fe232206b194b31fd07b85f9dc50b7aed92bf96845827d695088638b8574a8ab8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8576744861b15829af5267eae1773644 |
| SHA1 | f576302fe23e76900d81688952e1fda3573d2e68 |
| SHA256 | 27b52729731111daf7ee050209ec94e9ee0250df86fff32c36b5a83248d4640c |
| SHA512 | a926996c14b15d24474d705a85cb077fe0330c9714215a58bd339f29672647f36c2e7ac2f395eb8c11e7c529bb3338eb148ff3aafe2594eca91e92b9096756a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6d0adef64dc968dbb43bf3827b05ac38 |
| SHA1 | 2b8b5022f15049cec37d96982fd0e8ee78a0ff32 |
| SHA256 | 902e916a8caa4040a0ccdb342b29f603463a486e7b16af8f77dfec5989476bb1 |
| SHA512 | 8b17042fb5ec21e51b3e65a91b446aa3947c9f48469527862fab5e4efc6550ad22b934fc853f0644cce8cbe512444dfc6a9b71e703896a943919ef52b5470602 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 759f563d759a50f86bc53f6121e9c2a4 |
| SHA1 | 7baa0241d271007807b584975b5fc2ca25d5a518 |
| SHA256 | f958e169e6ba36bb52bafcda55d7220b0db5edf042dd9f49be36580bc9295b69 |
| SHA512 | a05e2184fb32b898852872cd360f3984e5b5f74cb74546010ebf7665a84fcfbffe26804e654db42c37831b6d451d04e78d206762de0d7cae9afec45107e9b6e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | aef4d4fc6a65806e48b4b1308911f066 |
| SHA1 | 1994fdab1aec190f5996a013b24cc7f1d1ee32af |
| SHA256 | 057444e4aa32a9e685c4cfcc8d6070e3ce0264d8b117c484f0c9b22586e409a8 |
| SHA512 | c37aeb415986d48a7e6c658a0e6d20f8b92a4b37fc25b6b868b1b0e8b3593e2da2728674eeaa13e74a656177497519bf5949f84e183fd5f368dbff4be2252793 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6b8fc5a2a59c1067136ecc2eb52c3ad7 |
| SHA1 | fcf567dbad6bb8bc6b0d09712a34d49185477e84 |
| SHA256 | 00eefc295be3aadc6b90636b39409301692ee8ab4b07079129b14d2e311e1b4b |
| SHA512 | 8278ffcffd5e09cf301e758fc5f0617276200a2979fcd6f7840fffaaeb7e1705c2caea8fb23d7e4c9ade594acc388c0fe7a0b7f3d490a0acbce16e2eaa925cc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 10a95f5f76b12d62c1ebba12f8e20577 |
| SHA1 | 702ea2ee2ff2195753a080525119df0f53a31eb8 |
| SHA256 | 01b0e2f12af6b634f51f178b1420b93bb18640d32a2b4824e7e3353421c5071b |
| SHA512 | 683dbd6ac3ed5627b440ae535b833f316e6b2d84b1e74265c988a556611df21a1148c1a41b4fc230cef6eebd65202f04c241213402fd047c3dce5ca16b3c8a09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5806d1.TMP
| MD5 | 7770dcc3530cfce9010b1ca1377d4f93 |
| SHA1 | d8d4d4c966f209d34f15617aea9dfd845a285248 |
| SHA256 | 7faff2250a0b163ecdf3c53a80054a331419e3bc6e7b47767f11febd38791ff0 |
| SHA512 | bcb83706c38490d1ce5b9cae0838a96d946d3d4767ac727e00e417526ef07df9a93a8decf26c60632e1140163aba9ded2911a8682cf8602f122b5a80e9c7e72b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ae6fbb6457f623c7c21c492b6b33b5c7 |
| SHA1 | fba4a6bebb56f355a09c67244a5af9ef3a13c6d3 |
| SHA256 | cd949e9cb515de66f125d8167adbd230ede982774e883fde615eb4b06b2a0bc6 |
| SHA512 | fc81c6ab72def923e7edce6dcbc8a8bb0d0fdf073bea90bcce3cf9e9a286c500f75860d3594525409bc3056e22c485aa068f4155f0f72c8f2760f810deaa8892 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cc0a134f3e3c6e0c8d8b14605e037de0 |
| SHA1 | 266356c2571611fb6fbfba5d8e6125cd33008fb9 |
| SHA256 | ba63b8304ba29ec7e4744496478ab574521569aacdb33c1588f17364f2387cb5 |
| SHA512 | fab47ceeb082c0841b15f116eed8d14a8fbed8969cfffdbde4b3a6ed5dd0691deffc53fe45b74d721c6fdd68d47517ea550501dc7174b734f88d2fd0a11a4c87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cc759870b549c50183d5593a1707f9b9 |
| SHA1 | 63cd136975d07ee4d0a87542f749e7d52b3ed54e |
| SHA256 | 5f8bec8f172575b2ed8607fd72d27b716c92f96d713a1dfd6c80b0ad8bfa9248 |
| SHA512 | c7ab6887b514cc702ae81f1b3a212cd6aad8fc88c0abf7f9543a1bb05fae76e2c73adb4af21196c00be889f676ef4ad8e2d752ed47c40e589ee37ae19c22decb |
memory/3888-173-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp
memory/3888-174-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp
memory/3888-175-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp
memory/3888-185-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp
memory/3888-184-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp
memory/3888-183-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp
memory/3888-182-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp
memory/3888-181-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp
memory/3888-180-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp
memory/3888-179-0x0000019CE5F90000-0x0000019CE5F91000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b06f61b95791ba910e893136e20f2d69 |
| SHA1 | c2641b95ab99ce37e78498018cf9d568f0452673 |
| SHA256 | d47bf18bba75c676e248152cdc2d437827a379e9cba0d4fcfeb0fe19cad10368 |
| SHA512 | c99148f19a5f925a905a5108cf208403fb1062e3a034bcb934041b70964ad17e6398998ddf63a6532599dde076c3b41f85894fe428c9ca5815891622a4d42b21 |
C:\Users\Admin\Downloads\Malware_pack_2.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 53420102ff9f209a07d283622380110c |
| SHA1 | 21e740a520410fcffb4160b1dcf1f8fa814f921d |
| SHA256 | 7a718e8e20d240d27baec7431ee50131f20d9f87dbac5f90d3a00f992d73c588 |
| SHA512 | e83b3390a1528f6b026f301c3846f4f7f46e3cd31774faf3a0a25e152748327d92b36d9973fd27b04858666562c801b690c0715dec69d42d5af615c681a3d212 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 51d23a9be4e9c7bf4311392106f1d3b2 |
| SHA1 | 698bcf5dd5f0a3c91d113ba399a54a075e731363 |
| SHA256 | 56d0aefb557660d6203d293f1bfc2d5ea6701524b68ed62bb8c3eef7157a9c48 |
| SHA512 | 3524cb6780859d824ae2aa844967343f2976d1c587b96f3dea0714d1d876699ddbcb1da9c1f8bc54ad8dff1256e5fb8f7885b4fe9931637270b67357c00fd4fb |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/4692-376-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_bulgarian.wnry
| MD5 | 95673b0f968c0f55b32204361940d184 |
| SHA1 | 81e427d15a1a826b93e91c3d2fa65221c8ca9cff |
| SHA256 | 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd |
| SHA512 | 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\u.wnry
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskse.exe
| MD5 | 8495400f199ac77853c53b5a3f278f3e |
| SHA1 | be5d6279874da315e3080b06083757aad9b32c23 |
| SHA256 | 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d |
| SHA512 | 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\taskdl.exe
| MD5 | 4fef5e34143e646dbf9907c4374276f5 |
| SHA1 | 47a9ad4125b6bd7c55e4e7da251e23f089407b8f |
| SHA256 | 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79 |
| SHA512 | 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\t.wnry
| MD5 | 5dcaac857e695a65f5c3ef1441a73a8f |
| SHA1 | 7b10aaeee05e7a1efb43d9f837e9356ad55c07dd |
| SHA256 | 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6 |
| SHA512 | 06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\s.wnry
| MD5 | ad4c9de7c8c40813f200ba1c2fa33083 |
| SHA1 | d1af27518d455d432b62d73c6a1497d032f6120e |
| SHA256 | e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b |
| SHA512 | 115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\r.wnry
| MD5 | 3e0020fc529b1c2a061016dd2469ba96 |
| SHA1 | c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade |
| SHA256 | 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c |
| SHA512 | 5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_vietnamese.wnry
| MD5 | 8419be28a0dcec3f55823620922b00fa |
| SHA1 | 2e4791f9cdfca8abf345d606f313d22b36c46b92 |
| SHA256 | 1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8 |
| SHA512 | 8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_turkish.wnry
| MD5 | 531ba6b1a5460fc9446946f91cc8c94b |
| SHA1 | cc56978681bd546fd82d87926b5d9905c92a5803 |
| SHA256 | 6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415 |
| SHA512 | ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_swedish.wnry
| MD5 | c7a19984eb9f37198652eaf2fd1ee25c |
| SHA1 | 06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae |
| SHA256 | 146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4 |
| SHA512 | 43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_spanish.wnry
| MD5 | 8d61648d34cba8ae9d1e2a219019add1 |
| SHA1 | 2091e42fc17a0cc2f235650f7aad87abf8ba22c2 |
| SHA256 | 72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1 |
| SHA512 | 68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_slovak.wnry
| MD5 | c911aba4ab1da6c28cf86338ab2ab6cc |
| SHA1 | fee0fd58b8efe76077620d8abc7500dbfef7c5b0 |
| SHA256 | e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729 |
| SHA512 | 3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_russian.wnry
| MD5 | 452615db2336d60af7e2057481e4cab5 |
| SHA1 | 442e31f6556b3d7de6eb85fbac3d2957b7f5eac6 |
| SHA256 | 02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078 |
| SHA512 | 7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_romanian.wnry
| MD5 | 313e0ececd24f4fa1504118a11bc7986 |
| SHA1 | e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d |
| SHA256 | 70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1 |
| SHA512 | c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_portuguese.wnry
| MD5 | fa948f7d8dfb21ceddd6794f2d56b44f |
| SHA1 | ca915fbe020caa88dd776d89632d7866f660fc7a |
| SHA256 | bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66 |
| SHA512 | 0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_polish.wnry
| MD5 | e79d7f2833a9c2e2553c7fe04a1b63f4 |
| SHA1 | 3d9f56d2381b8fe16042aa7c4feb1b33f2baebff |
| SHA256 | 519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e |
| SHA512 | e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_norwegian.wnry
| MD5 | ff70cc7c00951084175d12128ce02399 |
| SHA1 | 75ad3b1ad4fb14813882d88e952208c648f1fd18 |
| SHA256 | cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a |
| SHA512 | f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_latvian.wnry
| MD5 | c33afb4ecc04ee1bcc6975bea49abe40 |
| SHA1 | fbea4f170507cde02b839527ef50b7ec74b4821f |
| SHA256 | a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536 |
| SHA512 | 0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_korean.wnry
| MD5 | 6735cb43fe44832b061eeb3f5956b099 |
| SHA1 | d636daf64d524f81367ea92fdafa3726c909bee1 |
| SHA256 | 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0 |
| SHA512 | 60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_japanese.wnry
| MD5 | b77e1221f7ecd0b5d696cb66cda1609e |
| SHA1 | 51eb7a254a33d05edf188ded653005dc82de8a46 |
| SHA256 | 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e |
| SHA512 | f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_italian.wnry
| MD5 | 30a200f78498990095b36f574b6e8690 |
| SHA1 | c4b1b3c087bd12b063e98bca464cd05f3f7b7882 |
| SHA256 | 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07 |
| SHA512 | c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_indonesian.wnry
| MD5 | 3788f91c694dfc48e12417ce93356b0f |
| SHA1 | eb3b87f7f654b604daf3484da9e02ca6c4ea98b7 |
| SHA256 | 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4 |
| SHA512 | b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_greek.wnry
| MD5 | fb4e8718fea95bb7479727fde80cb424 |
| SHA1 | 1088c7653cba385fe994e9ae34a6595898f20aeb |
| SHA256 | e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9 |
| SHA512 | 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_german.wnry
| MD5 | 3d59bbb5553fe03a89f817819540f469 |
| SHA1 | 26781d4b06ff704800b463d0f1fca3afd923a9fe |
| SHA256 | 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61 |
| SHA512 | 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_french.wnry
| MD5 | 4e57113a6bf6b88fdd32782a4a381274 |
| SHA1 | 0fccbc91f0f94453d91670c6794f71348711061d |
| SHA256 | 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc |
| SHA512 | 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_filipino.wnry
| MD5 | 08b9e69b57e4c9b966664f8e1c27ab09 |
| SHA1 | 2da1025bbbfb3cd308070765fc0893a48e5a85fa |
| SHA256 | d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324 |
| SHA512 | 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_english.wnry
| MD5 | fe68c2dc0d2419b38f44d83f2fcf232e |
| SHA1 | 6c6e49949957215aa2f3dfb72207d249adf36283 |
| SHA256 | 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5 |
| SHA512 | 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_dutch.wnry
| MD5 | 7a8d499407c6a647c03c4471a67eaad7 |
| SHA1 | d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b |
| SHA256 | 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c |
| SHA512 | 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_danish.wnry
| MD5 | 2c5a3b81d5c4715b7bea01033367fcb5 |
| SHA1 | b548b45da8463e17199daafd34c23591f94e82cd |
| SHA256 | a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6 |
| SHA512 | 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_czech.wnry
| MD5 | 537efeecdfa94cc421e58fd82a58ba9e |
| SHA1 | 3609456e16bc16ba447979f3aa69221290ec17d0 |
| SHA256 | 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150 |
| SHA512 | e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_croatian.wnry
| MD5 | 17194003fa70ce477326ce2f6deeb270 |
| SHA1 | e325988f68d327743926ea317abb9882f347fa73 |
| SHA256 | 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171 |
| SHA512 | dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_chinese (traditional).wnry
| MD5 | 2efc3690d67cd073a9406a25005f7cea |
| SHA1 | 52c07f98870eabace6ec370b7eb562751e8067e9 |
| SHA256 | 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a |
| SHA512 | 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\msg\m_chinese (simplified).wnry
| MD5 | 0252d45ca21c8e43c9742285c48e91ad |
| SHA1 | 5c14551d2736eef3a1c1970cc492206e531703c1 |
| SHA256 | 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a |
| SHA512 | 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\c.wnry
| MD5 | 8124a611153cd3aceb85a7ac58eaa25d |
| SHA1 | c1d5cd8774261d810dca9b6a8e478d01cd4995d6 |
| SHA256 | 0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e |
| SHA512 | b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\b.wnry
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\90211720288678.bat
| MD5 | 3e433b682f41724f624a531b2c98df39 |
| SHA1 | fe29b0a628d7d4d22c0150d68fed947a30dde83e |
| SHA256 | 99976352dd5a0ebb20a77ce0bfa3c01e91593fbefd0f394a17df73e25472cf68 |
| SHA512 | c7e7ad3c4c7ff386aeef7e2e893c6daf2d9bc72cc7b9f9c977fde2eb3cd033a4e70f925030d4fedbd5bae77041028c4fdbe48682aba3398894bc6e052d857652 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\m.vbs
| MD5 | 9372a73cb46d421301ddfe06eee72018 |
| SHA1 | 5c7fe4464559c539f18f7367740ad52a8c815879 |
| SHA256 | 6801c787f82a0952ce62bfa1ef59cc5312016c0babee33d68a9f0c073f1f9d1c |
| SHA512 | 6fa0cc896d5022fa708f9cc7ba10285edbfcbef76c18701ab42a73b4e2f8232d87ba3c6173fe57d19264046b9bef13e5f485d471a5fcb26d6e4c443d0b685c92 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
| MD5 | 7a2726bb6e6a79fb1d092b7f2b688af0 |
| SHA1 | b3effadce8b76aee8cd6ce2eccbb8701797468a2 |
| SHA256 | 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5 |
| SHA512 | 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\@[email protected]
| MD5 | e68d476ff9ebebbbe4a98d6f37cbe7d1 |
| SHA1 | d61c34cc87997270e5dfe562f3879f363c35d80f |
| SHA256 | 88ed138f356e33d9f45fc263bd3636ffb77ae7256a62351531ae0c8dc38427b1 |
| SHA512 | ff482bf26935b545cc5113f86df320b6dbc98c2b815e1b36ad1f3d2653b0afd8be54794f85d2ba723e5298660d6183d3214d0c42e52d72cad30033b7ffa7830d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 79c7bf6d8845e7df22d8b602bed859b0 |
| SHA1 | 8b929c230af1fd850437c80e71d4d6909dc13ad2 |
| SHA256 | a0a1a1d50bc5df84800457611b46a2350be137d651464a5961f4a8ca89db90bf |
| SHA512 | 53ad3d2c9fa9f9ca9fea31747fe0ab7aa9bebaaf65b8a6805fee9a62080ac7f112224fe5eb5b0e52a4ffffc9fc2e44981614662e3af29ae3fe3212659aa61916 |
C:\$Recycle.Bin\S-1-5-21-1136334635-2482839916-910800802-1000\$I2KWNUF.zip.WNCRYT
| MD5 | 9de2d268b160cf0176b2fbb03d6d9972 |
| SHA1 | fbc62289519af64e97a0dcfc929f9bae4bd9b519 |
| SHA256 | bf2251b5ea23f52991aba9c37f28067ce81a603ec4bf23cd56ecf674bd53eaf1 |
| SHA512 | 7384db017f32fdb62d67951f470c100ee47e48df1df3dbc1d6518c8bbdf1e855f2b221f3e2df67b328c7abefbcee21dc8e9e397bc97f2d6aa21e0e0375a74671 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | 58bd615fb45879f61a8eb8952844f436 |
| SHA1 | 20369fcb77c50008b6cc3ec32755f53c73328652 |
| SHA256 | df7c623b4cb551bbe5e0e2a0bb577f22463c36c728246aa214c483a6d9431286 |
| SHA512 | a402e8a030fd527327480a691fb32649fcf884eba37b49a460bb6d4fced191246b09a70c58620faa6137f4600510cacd5a8a8bcf2b16dbe3a82a9008c18b7102 |
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\WannaCrypt0r\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/4248-1900-0x0000000073D10000-0x0000000073D92000-memory.dmp
memory/4248-1903-0x0000000073BB0000-0x0000000073BD2000-memory.dmp
memory/4248-1904-0x0000000000C10000-0x0000000000F0E000-memory.dmp
memory/4248-1902-0x0000000073C60000-0x0000000073CE2000-memory.dmp
memory/4248-1901-0x0000000073990000-0x0000000073BAC000-memory.dmp
memory/4248-1908-0x0000000073D10000-0x0000000073D92000-memory.dmp
memory/4248-1913-0x0000000073990000-0x0000000073BAC000-memory.dmp
memory/4248-1912-0x0000000073BB0000-0x0000000073BD2000-memory.dmp
memory/4248-1911-0x0000000073BE0000-0x0000000073C57000-memory.dmp
memory/4248-1910-0x0000000073C60000-0x0000000073CE2000-memory.dmp
memory/4248-1909-0x0000000073CF0000-0x0000000073D0C000-memory.dmp
memory/4248-1907-0x0000000000C10000-0x0000000000F0E000-memory.dmp
memory/4248-1917-0x0000000000C10000-0x0000000000F0E000-memory.dmp
memory/4248-1924-0x0000000000C10000-0x0000000000F0E000-memory.dmp
memory/4248-1930-0x0000000073990000-0x0000000073BAC000-memory.dmp
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | a5f1842e78f5f2df67265fea8c85cfcd |
| SHA1 | 459b1c154986b937d2b3dca023ae5490a0defaab |
| SHA256 | 3c99a9a58855d68fe571ba3bb56a79dd0e77338b18f65b0905966643418fac8c |
| SHA512 | 7dc7595aa6a0cb9ff3f494fdbbad263fe1795436b522e6f6fac3fad9bd21a082ce3f910c3971a980cdbd695ad7c341af233bbcc510a39e67a20633bf60808052 |
memory/4248-1957-0x0000000000C10000-0x0000000000F0E000-memory.dmp
memory/4248-1963-0x0000000073990000-0x0000000073BAC000-memory.dmp
memory/4248-1999-0x0000000000C10000-0x0000000000F0E000-memory.dmp
memory/4248-2008-0x0000000000C10000-0x0000000000F0E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 17b52c0cf63ccf5faded109797ce9556 |
| SHA1 | 1bd5f5a9f76483626f1b6a17b50bfc6cd901131b |
| SHA256 | 1d30166cc84e6d462e96924931cfd431c9cddefc3d6c275d3f942a34608e68c7 |
| SHA512 | cf35dc8117a3e6cf4cfffeaf8a7b0d3832b17619c2e33a97168c661f969225baa77dc2c2358b1f5cd6e46f7469a5e3cdeca844bcca8450a1a13086ebc71cf4d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 353027f20a07242f3d17a4bf7c5ce09b |
| SHA1 | 7c1cb25a398ecdc493e16a75f1743253c7107c3c |
| SHA256 | b2e9c94a2045b57fa50a75899a3434ba7e16040e508db0fc54f0737a3c52d495 |
| SHA512 | 776075b8ce9d415593f87b5f71110f83ad84eb0a7c01770d62f03c47d8eb648dd53587022c5d423a699819aba50b4fdf847e15e9dd5363ed137ba8a0b2b024d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 9e05fd7d84c810866af4beea3401ee6b |
| SHA1 | dbe7910f220351a60e802fe7ca9c28f4118b703b |
| SHA256 | 2edf3dd3df9ee57e526b4752b989772414c6cf6016783ed99b060eb61be5c1bc |
| SHA512 | 96ae07a31e9ed24caba4f541e5048e883ccb708660b20295dc497db640829f3958501b0c39c1d6ab5326e2e5a9c6ec2e8392e4a948b81493f2caee2635921c85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cfa8c142069bac2d031490435fb5e291 |
| SHA1 | 8c90857903e3df36b8358a355c016999850d6d3e |
| SHA256 | d2c904ac467cb4acb5acab8e0fa15873a35bccc866db2bcd8644a9072b99639e |
| SHA512 | 278d48972a479b7312b7ad7aca75ed2312c1f33b17a85c632ce597fb6566366de153b4a6f6ebddfad6aa6f56c2fa9adf0b4a47d1d225bf378bef89cfaf7915e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8dda984ebe10afcfafddf327c7f56345 |
| SHA1 | 7fd6372e7c3da6089de48b26b76772deb9b1cc71 |
| SHA256 | 0d2b3bdb6fa0a36c183a2d221993282171a2cdca1cccff830284403ca764eced |
| SHA512 | 639972b8ec55ff536e7745aab469198d95393cd33745047bb2f57c297332e534a67f7e5b52cb67eb56239695b9c1512406690d4f394d2e89253f35fde80030dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5e8d1b.TMP
| MD5 | 6ca53e55096eb77d67bc970d74307b87 |
| SHA1 | 2aa5ac4c49664508b2a84a7c8504723366c5dd61 |
| SHA256 | 2c1b660d04c1d59bf56d19e2c43fe3ec97236886a113e4eaf021c8fec058d919 |
| SHA512 | 3cb501dc7939d01b499ef51971a6522752a6b4da016cb415330a3cafa4fefaf7001c2c97522a040a2d39808f2b4f9e7235c76e3b66bc9de295f58ee69e575ea9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3822c070ab33114c37bb7f6f502e4452 |
| SHA1 | e6406e9d145daedd9334c31ba2229528597faee7 |
| SHA256 | 2be7a1aed91ad99e3f30e14420c3738a4399ef36dd9dfda28785fb8e426cc1a4 |
| SHA512 | 805ca8135f56db61d486c6e77c6b48aa3aac6355bffe7ef2590ae564cc3a37f29d914cfe32482f043b94033d2f584c251fbdcc6db027f696f224235bedd15ba6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a997ac6bd7d787a6d0a7802afc238afb |
| SHA1 | 6738ea885e70936071f7467e0de68d842b8588e0 |
| SHA256 | c9772dd49166cfda9f428aa3aca63f087f8bede55e3e306151cf9e574f244c19 |
| SHA512 | a0270fad66bf042de359ca72a338d9341a4e6fb23056d317b9ecd08dbb767e37ad7d1a1a3c7235623923287ec25928817da9ebf75cd7d374fb2869f214704a18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 45bb76dd40a061145cde79f2c70a56aa |
| SHA1 | 3c71dbd51ca9549caa62b94f8a246a7a26dde6fb |
| SHA256 | 6e665927e0115dfee5767a5d7de83e57881354e15505b43db63704c8d1c30b8c |
| SHA512 | 435b5c1ffa2a2cb171119c2bb40e3329afe5cbab9414fffa5ba661f9e9c49a801d1cb7edb036288da840d2fbd430a0240c91044df768fd850fed5de821d1c2bd |
C:\Users\Admin\AppData\Roaming\MEMZ.exe
| MD5 | 5761ae6b5665092c45fc8e9292627f88 |
| SHA1 | a7f18d7cf5438ee7dcb4e644163f495d3fa9c0ef |
| SHA256 | 7acabca3631db2a73a5e20abd050097e44390ead1d74717aed936601904b73c2 |
| SHA512 | 1d743b407663e00a296c2ae45cb5a05a0866657afafbc9e8220e4c1839cbab2c09bf2a3510ec8016f902ccb7254edddf2a3412e7f5a4cafcabbeb5724a67b46e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0bd51565-e1c5-4c17-b4af-e7210a5fb0fa.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1efa1e5f617fbf860f9ac4bd75665e45 |
| SHA1 | f5533c31c5560fbae0e20d0f1f2fe05d8a4f7252 |
| SHA256 | 8fab51d31860370080d78ea31357caae7c57171c8c837733e5b19ff41e25e416 |
| SHA512 | c52ba23cf53d2ac8739b22109d3e2479b23a25d124b64e9914290ef766b26bf11dd9fc94a7764f5376004e6ebdf9281bedc1be5e9931e0fdfa78ca3813490842 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e2d8732cce4bea9926cb7f0a0749edd |
| SHA1 | 6d1538eb1a236a1db38e36ee8d15399cab539652 |
| SHA256 | 8f81c17e6c28e69297f18c70cc028a553cb3b481a2b2583abf540c23a56510f1 |
| SHA512 | 1ded4ee42841ceb6410fc9d3ecc25252520c6e3992a9ce45466084b71f4d69c7e149b6d9f3265ea01d84765b3ef7a10407a0dc5b065fbdcd76a904c071a51ba0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 13a22a7df077544623c1b80ebe9bd4d5 |
| SHA1 | d0c5dbb77e833cee2c36c317940c0a1708443153 |
| SHA256 | 308ec245b9f82961828522bbb449c631fc9ea99460ab1e0d404c12870c5d467f |
| SHA512 | f9260df1be3d37a79e887f3d706171cf920bb84efb5943f97d1795c0671cf8f8d71753259cc97785dcdce1e84f344e4f3771bad47561392c96abba82aeb08162 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fced5e7fe112496c2438141d134bae44 |
| SHA1 | 0aedd644d9dd87a43ada47a8e3e8b4b6a17ff797 |
| SHA256 | 0a8c09e1fe511c098ad9a4676f2630cfe06e576e09b88bb88f0a5f9f32714b36 |
| SHA512 | 626a5d87e12b71032619aa857008f763f9b8e74cce763eb2d1170bb640c05801e6cffb1dab1de5a5f0894f48bc37dce533c3a6c8165ed7f8c8673fe99a407ea3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7332eed54101a07cae14d46ae00419d9 |
| SHA1 | 2722d74e4e862516f0544beddd63f223119f229b |
| SHA256 | 6854c8755f353ccb2353b60f8fae5e36038e675aaf2fc49ac5052dc8e5a44180 |
| SHA512 | fc39fba2749deae4d730ce261de2cfd41562faac2252f2c1965e6324cd714be66b06dcb4eea6e885ae569936a500193d563c5509e17eb4422f0904c96955ae7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 088a0daf9e81ea9c51e415bf2b3a6aad |
| SHA1 | dc223b85120995e18349322a58921ae5d10725a0 |
| SHA256 | c44a8ba630cd1d5cd419336dd7c1f20121a919b462c41e86a8fe1db8e6d6a7d2 |
| SHA512 | c932028a8de5a90a2c0283bd3f887e7aa5ab0536072f259d4379f4ebec991ac5eddb4be639a797b9ccbd680a269c3fe269e2983851302a8e521bb73874621ad8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5b4da7f1c0a5cdc187926aa4da2e4081 |
| SHA1 | 6a257b540d6cb20863d89901d5028e34ac33284f |
| SHA256 | 7bd4c943083f8d44c3cee0ff2599c91e90dedc13266877f5ec761d3bf09c68bd |
| SHA512 | 2070289c8dcd46791632aed2572a2289d6c425b74130eed29f205b2628d1e5c9bbbc5f17a7cb4f55ca01dee70c7e7d21a27305b8293fdedfd37fa0c226c94dc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.ask.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3af706d76dc55495659cdae118377660 |
| SHA1 | 75ef5558bb64132da44e6920b85df14ef8620824 |
| SHA256 | 46b1a4188b68ea9b267a732749653d54d6f124afbc80ff6e2b91a23402cf5219 |
| SHA512 | c29e7835f9b57b5bebff0da2108c46c4e181812d60e23e9ec75f2dbbebd5924ca2b1e0f5ff43a50fadd505af86b4d11bdb0731de3f8d26e8f8f6b7b76524ca3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f4243586d7b2f3dbfdf8db66e1921c46 |
| SHA1 | db62dd377709a1780dfd6e94821c9227f933c372 |
| SHA256 | 448c31bd268a5578f87aec0980dc1865a77e0dbf7059b299fb0a1191ad91de8e |
| SHA512 | 41c9511b3c71fb3e491bb4cfebc5591340e5f48da2eec5581b45878cff20feba9028d955a299c208a2a5fb25ae0231c9968c5da35e7ea088a59c6cf97eb3399d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d9cdabea96afe16260d25e814c03b967 |
| SHA1 | 8ccf9c2bdb3c616fefdb4734c2e231bd36e14d83 |
| SHA256 | e12d306d7cc3bb2290e2e2431d65b911e96b3d80c535b0c98580bf9500ae82f0 |
| SHA512 | f14af2bed435c2c8360b042706bc298700b41335593a8d067356e7ce30afbe0ed38130dfa196c31442c5be2347cfac6a50583c03460b68c896b878967d51fc1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3f7c866de59026ec0aee046d1a64643c |
| SHA1 | 0f9c95d592e032770e0062edf0e4296be1717e0c |
| SHA256 | e826787717dd350624965d815c03077ae49b3544c67e82074e769b064bdefe6c |
| SHA512 | f629d73f6179d99d5c65f0f6b990380b283149511531c584cba93f64d0d702df733936f5e0bbe774f24563c694b605882fae22d921965f0cdf1424a76d21f1fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 5b0cabfeb52b3b7088ffdda529f58cae |
| SHA1 | a887229bc238d49ef6e7bb4fe106c748f1623656 |
| SHA256 | 6fea072674d376b2bc6c69ca653f13191e2f157940686e499f9ec4f268ae48ce |
| SHA512 | 2396a7e0d7491015e5bcf6ef9bc7557d8db55fa1a67de624c1aabe88e8cce8d48e6a26f6227523316f8a16b46e4f8de47d8300635be8f4cf7cb9203185964796 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe60c76b.TMP
| MD5 | 308adfd68de5be71aaaa625a1b1a489d |
| SHA1 | e8e50d2971c54fac0bc6e1c941194c6b7bef8934 |
| SHA256 | cd09d2e81e76f33ab9215e1fb135505b300c159eeac2cef5894c1b56b44b2a00 |
| SHA512 | a1bdf26f92a10df8bd13701dcadcce3d3c76f9ca57f4ae0e19bd825ff23cd52fca2efc38e61361a61cc8322d6c4f6c66f1379cc8a5d1fc2924821fe277c822d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 71c26818b23243d137633106a9468586 |
| SHA1 | 81650c3a7dac030a1b2d21707baed07cc4a5ade2 |
| SHA256 | 3394a87d5e5fa2483e7794081961753ceac3270ab625360a54611759bbd14568 |
| SHA512 | 94d90c85dae87048f6fe10db86fa5eefbde629162fee7fac39effa55349597d8785f73fedb9d7352cc13c6b4198b03ab88859c8a1b224af1bf93fad93ce6c47d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bc25fa31e3b3cc085b6616b6ce752519 |
| SHA1 | 9d088677be5f380a1aba38b82830a3493dc8cffd |
| SHA256 | 108dddfde8fd86eb0de153150092a42bf2ddfb63b03f7e719c1be42bb1d39461 |
| SHA512 | 8a8cc5811bc36af0f75220dec9d15b19daf1a98336c2914e56a4c46278c287038c2f656984b4779e45da1dd1529efb9647e1dc31e6735166d79d45351f8b9b57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 65a0eab9a7d4395f8172dcf9ba4d140c |
| SHA1 | 384a1462383438100f59a2034f27b823c9a3775d |
| SHA256 | 04070a6f7a51cd4596297a94a1081c300b9f17fe0a9179b71a1db559dc67753a |
| SHA512 | c0cc424e4d16b54ecbfa6679115c224a0b6a1698cc7cbbcc05c7f99d3c30dcc9fcc17f9d503983f0c6056d9579f24a2637b7cc4455eee54a1b3fa433cc2ba4bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | bee68f0afaf927da9bec7b3fbef79afe |
| SHA1 | fa44c942a08c4d9a8f70e7c02496ae96a837ad65 |
| SHA256 | 36ed16ddefc15330accc21e6ef63b8cd3bdec0baef94766a0841243bc6362303 |
| SHA512 | f92d81daff3a6f3838d726514d73ea6533005906058e569a04c2c8d066a61b14799dc2be0d6b0bb737159472a4b6c631b46d0e38be3ad96ea6f93d841a9e9ddd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe615737.TMP
| MD5 | e41dae1264160ccc5850f67861228838 |
| SHA1 | 9c66f31e0167ab2b680dd4500b7e4a1f15026b1f |
| SHA256 | b6428ca842697f0b2efe269607ce5a9181f911142eb2cdb6b454ba6511ecf86a |
| SHA512 | 180b2b5d37b937e3ec4b516972e8e70d0e69fd0e6150b3cc3c9c2b9856d18385ce55f83992c1f22d8b3b7deb44405047df1cbdd5cddea63a7f5ea80ddf7ba722 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd52158e97f3a336b650421f8fabb7a0 |
| SHA1 | ca200aaeb923cadb238bcdeff35f8ea16024d786 |
| SHA256 | 4a9629952ef3bbd5ed7b33ca1486f16ed5a1b0cd39ea62fc4de34d3e1f2a0733 |
| SHA512 | eff02e7a5aecd021c164f8c51b4719a9c6ce83b6b967576089b8af87bbf2e8362ff30457ffb339c59ac0e05293d7c66ade1b49cfc332ce3d84542c8a1bdfaf88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 76dacbbae7c23241821e0ceb3e752f4d |
| SHA1 | 35f879772a2d32efffd06104da92a47f88c7cf9d |
| SHA256 | 4619ca84cce91e298a19e651c6a091a90ea01f0a9aa6aa6cf172122db26499f5 |
| SHA512 | 2f9f7b597100982b2c0b5d0ea8df3c169b7c3261419f720aebd2c0051cfcefd466465580fa96706c8c93a6647db871ca15ba52d7066e768f4fe118e11c4d739f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d5c860ad056f86684b6f11eeec856d2c |
| SHA1 | 27fcb1baf42c08ad57a858ed5136d385ff49342c |
| SHA256 | d5fad695d88e248026de1f3b11d068c86de2e4621c17c23650e1bf48af00415f |
| SHA512 | 2572ab5ddfc31cc80269dd9b0cc9873e155e2260e74dc488574ac6ca5340a1be0e5b35210ff50ca550c462477b092690549da98d9db8ee365f03d1e618dc1c8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4df98cc8b0dec8ac414d1645d20fd478 |
| SHA1 | 8a799d1cf15cbf116e4614c58b78312d005ba230 |
| SHA256 | d359b0781511705076ae8fe044ce0c7d643b995158c1d7253d2392fdcb5a0b5c |
| SHA512 | d8ba3569436de8dd19717815eac51ce6eb34860846362fed94aeb56b9a999a19e526d43d25a8419b15f5774672e6e94e9991d019836dd265f86ed60e137932af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 62269e31a624ad214b7438a905e5351b |
| SHA1 | 1504908891366dbcd3fb10802dcdb718a2272046 |
| SHA256 | fe329509fff1c8730da1c5433e24fabf4af0feed32e8ceff1c1335ebf64d770a |
| SHA512 | 2690e19eeae28c0e1989388387874ac147f17062c0354ffe1993b8401c31e7fc7237a0c31836cdcf41de2c800a0dd57832289f7012003dd2ba518afb0927ac64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d200ce09-af6f-4da3-a4d9-6495ad2b66cd\index-dir\the-real-index~RFe61b054.TMP
| MD5 | 2b672dfb8d6a87c55088c940a32e5b61 |
| SHA1 | 2c6cca941cde045d96c558e5023ea7b2be1d691d |
| SHA256 | 91cc46164d89e3dd5daa7cc758ea7e421a5d09b8cb662a882ed007ff9009f913 |
| SHA512 | abbb238eec0bcfc8f51585a9bcb8dc543c5eb3c9ca14aba0378820bc39272193fd97b8aa1d0a23bc25e5956522f70bca94de89e6351dd7d12e3560f7da835c8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d200ce09-af6f-4da3-a4d9-6495ad2b66cd\index-dir\the-real-index
| MD5 | 799d4667410a662aa81ab7f72b272854 |
| SHA1 | 9c1a90d48f197e0ad72c34506ae1850e2eb22297 |
| SHA256 | 48923e1d118d698518bf75fc6c1be0cf71a94f505d2a9e8eb19d34b952aa6bd2 |
| SHA512 | 1c587a1f6cf2fc3f7ec97eac5d55a85061477969ffc3583740cd555b594712c4fc462dceea3530f6625611650be84db53f4ab13d90fda74fb362828cd646c51b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | b5ca68b2014611f21f65786a6102e833 |
| SHA1 | 6c8798a2355af6ebd03c0531f6465fa6a49428b7 |
| SHA256 | 7e92faefb0e1dd2937c9bc4472a20147313f1570d9723f6d7b10884e1104d129 |
| SHA512 | 7f71c04ee14e2dc65fd9d8ee9206fd46692a42d46f49b99024b691a65fc0f26f108f5706ce624ff1fa8fb6a94ebe78d4ce38ced7cba293ba1ed594067908d0e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da628c997240874f_0
| MD5 | af898388f3cc40338a25832a03ef071e |
| SHA1 | 16c46198cf645febf5435255bf00f93b039034a1 |
| SHA256 | 6688ac508c55eeb345913375381eb9e84ca54eb8d9db9c7a4ae3e27ad6d4b3f1 |
| SHA512 | aa044bd538d89bca26ab09957a8289e751c79181741ff2c7e685667bd1c3e2748d1c0e26c50af703878097d0c4fb5d61b1a80899f8ecda656a1c83035e976d9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec5ea768045d5c65_0
| MD5 | 913c9b00d4e57ce2c573d343bd5a08e7 |
| SHA1 | 2be252c1f7255578e4a37aae8341e3f500b4a6d9 |
| SHA256 | 630fc7f44abb94d9efa471c06702fea9c7b1abd5c08aa4125e40ecdf910f427c |
| SHA512 | 536890702e115b92af2784accc387e752e8c7823df78da16bac8f4b8378045ddc3e69ce513908e27569be9fa2beb71ccc3cc89ab11536a3ac6a699d48313000b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bf44a7f84e1780af548291778173faaf |
| SHA1 | 5ae9dbbd858d81ff857680ee67db9237c5ab00e5 |
| SHA256 | 32cdd97619744a14fc9a2be1217ce57bf7e80cb775d0a94609bf164a4fc8821b |
| SHA512 | 545c3ccac82c37338b6fc63e2aecfef7ff6bf38f90a64edd8c5e80de4cc410123c17bccdf4e9d11962e70f2cb5742a9e10bcc0afedccf62af0a77edcb824e2b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 11f6705e166f1d4a31f9e0d1856ee92f |
| SHA1 | 5c92f753dadc9fb1eb159177ca8d39510c1e5b48 |
| SHA256 | e4016b4889f3d3724b6f7c4dd3a46f4b5a1d0cd35039f140d064218fffdc2361 |
| SHA512 | d383eacddb345cf3dec5b7ffb9cc8ed8ee164afde48bcb9cb0acee9b0ac6b3dd7594b4f4d975754558103a90bef61fa299f1c833b9736b705002f3b024d319a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | 3358e831188c51a7d8c6be54efafc248 |
| SHA1 | 4b909f88f7b6d0a633824e354185748474a902a5 |
| SHA256 | c4cd0c2e26c152032764362954c276c86bd51e525a742d1f86b3e4f860f360ff |
| SHA512 | c96a6aae518d99be0c184c70be83a6a21fca3dab82f028567b224d7ac547c5ef40f0553d56f006b53168f9bba1637fdec8cf79175fd03c9c954a16c62a9c935e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 7d5e1b1b9e9321b9e89504f2c2153b10 |
| SHA1 | 37847cc4c1d46d16265e0e4659e6b5611d62b935 |
| SHA256 | adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af |
| SHA512 | 6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | b55b8baf9ced2da93c17f6b749734870 |
| SHA1 | b7a0adbe14b12fd8f7bc3fbc27a5611693057cec |
| SHA256 | 38f98d8fffec9928c61be37a6d4a3da72e027dfc239b53d784964cc922a201a4 |
| SHA512 | 69c98fb523179d002566ec88bfcd12800ec0154ef76efc017d05c1dc5f2ea479e5ced0e9c6158a2e8546f88fe19d58a3627bbea546e4ab6905f4f340767fffe8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ebdc8f42dbffbae8b4baf3a30bfd9606 |
| SHA1 | 791024bb67a2bbed1d5ef4164129373a0f4eb222 |
| SHA256 | 57646408995c3caab8c115a3f87758bf59a4860274c97b0287b5bb336f378ac4 |
| SHA512 | f1f2aa0e8d728b880f3f8c82dc4c58f63de014d63b51c0cea6b7f8a1084456bc6832f56e2d9a976b6f6c259b4b054a25646c951c0795e0e7514f23c10e254bcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 64c7154a33bac7eb2138e44d9e87481b |
| SHA1 | 3304b066bd154d0f78306b05d9fcd374b6577511 |
| SHA256 | b2c06f7cf26b0586852fe05f6974d82a161d92a3f47818670adf4fdb40cd397d |
| SHA512 | 12701758f5af653948273851d2fe0c20e7f6b16997509dd9875c0b133f0953900a641337e1bffdb8593bd03505e5e06ce128291768926ff08c782257882b32b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c5fa1012f0469d9b0650571af5beb609 |
| SHA1 | b075a5f081bdd446ae10277c15107da4d73d27cd |
| SHA256 | c3f5b80f5195372f45063ca69944b504687b59dfe8a42851c8f3aa4c8dba1ed8 |
| SHA512 | a19655c090c7dbb6755d6be6bd38900ef1d1eaabbbeeda4f61337583afcdef7b23da8168f11b7eee8e07cf1f6fbd76a7d1df64855e4ddcaa30a6f6328839b6a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0533041017f3888f16b5387e48a693cc |
| SHA1 | b16422b2f1a55ae8511822b579f106430df4a30a |
| SHA256 | 4f1080db3bdf065d31341190683324e41517464da1bfce0e443a7ff56e22947d |
| SHA512 | 02df7a9d1635c76f6451217d93c2298c041ebb83ecf27d10a474243056a0b12902a1ff8208e4d2067830e98d90e027391ed783614df406ae75438577adc724bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fa7287a094f81b521568bd01170ab6d0 |
| SHA1 | 7f5dc61af64d270619f814f6e6ff793708e9844d |
| SHA256 | e9ac9d921d29d3677502ce20d967a2cbf376ffbeb442d55fbf695a3c1ab7dcdc |
| SHA512 | 6799e9931eebc4914f72649d0a5d30d6ed88ef1418a5818d54632f1a360f26bc5a57c5812719a0afbf6fecbd68e58da4bb51eb76347950092f3ba63014f0c876 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7dc5fe2eb5fa052153f55bc5377d7673 |
| SHA1 | 9a1b907604648b566788ed455b7df8232cf8ece5 |
| SHA256 | 416da30a4edd7f59fd1cd97c2f54bc88cda5c0ebe317c0a6c9f74e2cf127f8e1 |
| SHA512 | ed8f393016448191dceb82b844cfc2dd0d5855808e0002ead4372d2f20aaf9bf1c08fc9f05e90a9b26ba01cf856142cbd448d9656f77630877ec27762d7add7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | 7322a4b055089c74d35641df8ed19efa |
| SHA1 | b9130bf21364c84ac5ed20d58577f5213ec957a1 |
| SHA256 | c27e6cbe88590ba6a04271b99d56aa22212ccf811a5d17a544ee816530d5fd44 |
| SHA512 | bad26b076fa0888bf7680f416b39417abe0c76c6366b87e5a420f7bc5a881cc81f65b3ef4af4ba792aa6030bcf08bdc56b462775f38c4dbf48ff4d842c971bea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | 209af4da7e0c3b2a6471a968ba1fc992 |
| SHA1 | 2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f |
| SHA256 | ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403 |
| SHA512 | 09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e
| MD5 | de7e997ddc4f38c66cebade234a692bc |
| SHA1 | 65ef7e7dfcf4d5fcb94c64ae45a35db0bcfb913d |
| SHA256 | c342b5f8d7a4e7f4ef8b45d9716b93ff9e1dffa73b730d30e4bd8a2fdd7ff04e |
| SHA512 | ca419922e920955857ed32d59622397ad3949189db2ed1b1eee3da3369f15802d0aed852bb85dae748c08be2fe6353f1eac9e07e9065543476c0da3d4e399482 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | 68f0a51fa86985999964ee43de12cdd5 |
| SHA1 | bbfc7666be00c560b7394fa0b82b864237a99d8c |
| SHA256 | f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f |
| SHA512 | 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | 3051c1e179d84292d3f84a1a0a112c80 |
| SHA1 | c11a63236373abfe574f2935a0e7024688b71ccb |
| SHA256 | 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3 |
| SHA512 | df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | 4f6875803e0a9a11f922be9475faca68 |
| SHA1 | b12a9805a4f1a76155714c1fd1cee1428afe9580 |
| SHA256 | 0638fbbd994d7bccbe9a0d05cb3b031d3f1291ed4c70d4f1b08ea687b8b30aac |
| SHA512 | a0492243a8891d704e8734b4f9d002fa82fa2b106ab09bb233f6e9542faf0beafb117d015559784285141d7e05975032edb77158f21a961c957cc91b773844a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | 4da08e95702be2c98662c6e62a19994a |
| SHA1 | b665be7a9177147ef9b72870fdfee58d4daedb80 |
| SHA256 | 69fed175cc1393b9c0fb7a21b7b80d1160d2b6d02502d02cd97e9a5c2dbcd803 |
| SHA512 | 1ece99b45362786fcb8e7aae6cd1273013a1049cf2657e568d9c2d5fb36f446fb18bb4b42cde12f07d86bc934c36798ae6b87e460bb32d890cd9b5a9dbcf5752 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 11a0308c92dc2b37d668097da95a6c2b |
| SHA1 | 92dccc23200d04f141da45d37d89a1e666a52da3 |
| SHA256 | 30fae230a2fe4100e9b581fb5e5e06a98fd59edc67468d086262723e7bf91cf1 |
| SHA512 | 0d108cf2ff06ad54d88abc1f615ca6f0da4ad26fcf7ab54c1b4dc138b515e01216a24aebb6b0c0e135e677e39bd6cdd7935c050a568c249418da71e50aa5702d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ce2ed1ffe3ac1a02119b392ac0e3fa3d |
| SHA1 | e401ed492e3acb94a498d918280182ba355e026d |
| SHA256 | 477177bb59986c0d9c714ddc78bf486b0b75ee363a8e414f889b33f4cf433d60 |
| SHA512 | 3d3eda1dfe4388c63806fdc0fa231df6fb7afa065ab2a1c5f21d40066873e3bb9e291f340d7186f6547274b03f707b521277d7e46085cf1b3997acd6016b143e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d628bace90128654_0
| MD5 | c43e312e640e509626e594292c0156ae |
| SHA1 | a1a0eaddfd17ca5b05b62e4f976b65ba7bb98304 |
| SHA256 | 0d261651929c687340398eabdc2685f28276f8a077d478965a05ec5f7f293109 |
| SHA512 | ef7a2dcc0bade0a4fbd32f72a284ec375da4fc97786c818fb51cde728e1ba2a720138a01792eca352750c3a26e86aba4928952120637e1ab1e2bb6bc31a30984 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0ed0a6ae69d59782a8fe52c559505ed4 |
| SHA1 | 653be999fed990d0162442cc92a7f39a55d46662 |
| SHA256 | bd1b3f5f0f009a29f89be9db46f05e112a54c71bd3b73d82fac0d336ee3f67c0 |
| SHA512 | e73fe25caf68f882586bad94526d93153af19749c0f94b1541606f0322f4ec1d7094d205b89dcb201c8654c89f7b51bb83c359ad8f962d7ac9c6c33ed3ec547f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | db1bed174fb81ad4a378288a55bca7d7 |
| SHA1 | ba61bfc7f744ced32b69f962bc436cc14d791353 |
| SHA256 | 768eeaa48ec58bc80cc2a3dfb6bea1bbfbfcc40a7eaddee396e34a2cae667cc8 |
| SHA512 | d3283bc7e02eda801c6758660253f1777f44cdcb83de8f5c84a9ae5344f91b9ea21423ef62b2bb3bd2664fb348c1bf49b9bae9f81ccd1dd9a620f6f328f2519f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8b06ac494e0e6b6eb89ed9adccbee7b3 |
| SHA1 | 93615aac29d4f0816d0e04736e9a4d22c7815718 |
| SHA256 | 5aa6b9fa0537d991ecfa6db90912d86fa6564e71441bcf2ad3ed51f4c1f6ab3d |
| SHA512 | 528a2a87e96e7e8122e1ca5c3f99357d5dd0437b337083638093faf272b3f3ef9f706d4f3f16273952fc17437868138230c67fcf29b245e7f8e55e8827ff607f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | f42dddddc6bf1b96e0b0b2fe10e0c8ef |
| SHA1 | 23425ba1dae6a8a450124bf540f5f86ec22769f2 |
| SHA256 | f2723d2cf1a36bcbec35fb1bf95400a81d8517d4009f9fb8c43f274bf1dc02fb |
| SHA512 | c5e2011a2482f1d6b4392c0f885c9d8f85542928f481b00fe593b6324ff5544458281aec955eb61d60d0eb3b2193951cd8ac1f1311eecd9a3bf6395130ae808f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0074c1f7f98d23f3063286fbbb086ed4 |
| SHA1 | a4922ee368521267443bb1b257aa40c2abae2e25 |
| SHA256 | 349748f908830b67c6cc4d3f276cbe6ea890a4faaf79e0e658a698a456e8bc87 |
| SHA512 | e6f9f3bc58afa19f4b71b79588077fdb3e73ecce17a7eefd9d0f7e9e031e187361dd8d9793923f7f65e232d3028b7ba869a821934c853da3859a4414b6a66601 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1a31c8159c2a48dc0d9c310c8c45803b |
| SHA1 | 288314f51eacb7086452e44d13e21761619a9fbd |
| SHA256 | f60bcf92ec0530d6a5777029345b22c00048de92ba0723be3c6f5aba7548c36e |
| SHA512 | f7dca7919e65b4666d61ba20fadc92d2131d389e195bb8212b289f81d205e1f4d605867c0af900cbb12e256bc5a20b6febf65f5ad7b7909dead226631877ed5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | ffc507ab662c24424f3fcb9e8d2eecf9 |
| SHA1 | f447984c038d8ece67915c0492e8610894dbc255 |
| SHA256 | 0468c9bba7e5bb67ac35bc4f4609a257e6fc542e4faddcb494e285e60e9bf170 |
| SHA512 | 6cecb73607062e2f7280b2cd0f33c014b1fc5190c34120452bd297001b0ed585dc35a451fda300de6864098896a76006a6577ffcc98fd8c0b0d4ed7f961ebece |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25de1eb133c2ae6e_0
| MD5 | b0e3365994cfdd8aa6f43cfac4361141 |
| SHA1 | 9a6e741fdd6761590f60ca66878d60111e34a4b5 |
| SHA256 | 15da97890599c7dbf70f456e62d696ffac8681814a44666ed3629a1f4421b607 |
| SHA512 | ff5b585e7414a0488053f75ce5d77d37a8492ad907cb6dbf55ecb6d9d97d9aa71e397886542a0fe2ae3f4450cd9180950f50b33aa0aa06be6d657cba2a3408fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 507a1148e53314fe31b6c1e26da41eb3 |
| SHA1 | d3086046228feda47a668e87d0546cb4e708b20e |
| SHA256 | 292b2edf76d7b559053fa792286bc9b1592c877249185185fab733bb2a54636a |
| SHA512 | c4d5a0608571a7b140e2ee9e791126b06210528e1da08aac0c0b1d37ea2dffacf6d4177b8a83627315e5e1d733d2950e25fe40e74edf6579ac8b25b41e39b1c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ccbff0b914d857d54b37187e7c7c0e6c |
| SHA1 | 04f78beee3626dbf2bbacb801bf8bbcbbd4782c9 |
| SHA256 | 4d2a793f514b1bd555afd32b5682baedf2371f807c3053300077308495404c5a |
| SHA512 | 9e96308f842a790af179ded6144999ba6690d2f4fb105587ea9dd754db88e46d621e1fbdc3af24307ca2f11e091ced618a105b183cd112cd42b2a6ca53582503 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 16d4a4f78376c745a94f792f5e6cd31e |
| SHA1 | d5960e7efa0265ebb13f50fda8e3713fadd1017a |
| SHA256 | 9365c63e8816fdc4529d850e9f234336d3379974962a3cbd6c540fa4f41be1bf |
| SHA512 | 40f289803c5e14306ee97e17ac662c2d006620b5b838f70943116d28cbd5a0d4aa4d5e05d095a272dc95da659837ef1a74fe32186e42e71a2ab73b3690afa71f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f4f6eec23f8b7c2a3bacb15b1f47aee8 |
| SHA1 | fd0d2edadd45bb79ed8959db48bcf59173d0c3f6 |
| SHA256 | 081f11dd15c8810956b429e6e8b69ea9808fcb90f273d4db5b25ee86b8f3f20a |
| SHA512 | dac653eb8fe09562bd7618985f856abcff61a0bf7438988537faf969bbe3b7c5a5c2f52229bab6b6b539209b5317ae8984233f1ac98d72c1305aa47a4a2199b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3a92f1b2a64a1c993e52f1a75f148678 |
| SHA1 | 60f2da350fc5785ae2ed24743a733d7b3d117a30 |
| SHA256 | 34cbd7b621b843635626057b359d2f619f6e28e674032a4978930a738ae31cc8 |
| SHA512 | bf9be90d66e0d6e534e119a41c3f44167708acfe6ebf70c6e91ab78c2a707ab9ce033e8c4faf2dba240fb6d3d5a203f6dd6f4bdcef2eae1532baef40da433b67 |
C:\Users\Admin\AppData\Local\uninst.exe
| MD5 | 6207aefc46ac857f836bf3669d91f7bd |
| SHA1 | a7df873db5acdbf3bfc6eb03401114a613e64946 |
| SHA256 | f01ecaaa5bfb32d500a79ea28a64c5a25ec81c03f7cbf4206706e7580508ce4e |
| SHA512 | 0a3e9d8e69b12ce2900e0daf249d0dbb571c43caaa39a3952f126d958a14d5265fee777f4ffca0da521e61d87375efd2e58135926220acae45e442e81a7c4162 |
C:\Users\Admin\AppData\Local\Temp\nsh23C6.tmp\UAC.dll
| MD5 | adb29e6b186daa765dc750128649b63d |
| SHA1 | 160cbdc4cb0ac2c142d361df138c537aa7e708c9 |
| SHA256 | 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08 |
| SHA512 | b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
| MD5 | e4a499b9e1fe33991dbcfb4e926c8821 |
| SHA1 | 951d4750b05ea6a63951a7667566467d01cb2d42 |
| SHA256 | 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d |
| SHA512 | a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
| MD5 | f1656b80eaae5e5201dcbfbcd3523691 |
| SHA1 | 6f93d71c210eb59416e31f12e4cc6a0da48de85b |
| SHA256 | 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2 |
| SHA512 | e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003 |
C:\Users\Admin\AppData\Local\Temp\nsh23C6.tmp\nsExec.dll
| MD5 | 132e6153717a7f9710dcea4536f364cd |
| SHA1 | e39bc82c7602e6dd0797115c2bd12e872a5fb2ab |
| SHA256 | d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2 |
| SHA512 | 9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
| MD5 | 0cbf0f4c9e54d12d34cd1a772ba799e1 |
| SHA1 | 40e55eb54394d17d2d11ca0089b84e97c19634a7 |
| SHA256 | 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1 |
| SHA512 | bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\andmoipa.ttf
| MD5 | c3e8aeabd1b692a9a6c5246f8dcaa7c9 |
| SHA1 | 4567ea5044a3cef9cb803210a70866d83535ed31 |
| SHA256 | 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e |
| SHA512 | f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Msvcirt.dll
| MD5 | e7cd26405293ee866fefdd715fc8b5e5 |
| SHA1 | 6326412d0ea86add8355c76f09dfc5e7942f9c11 |
| SHA256 | 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255 |
| SHA512 | 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Msvcp50.dll
| MD5 | 497fd4a8f5c4fcdaaac1f761a92a366a |
| SHA1 | 81617006e93f8a171b2c47581c1d67fac463dc93 |
| SHA256 | 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a |
| SHA512 | 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.hlp
| MD5 | 80d09149ca264c93e7d810aac6411d1d |
| SHA1 | 96e8ddc1d257097991f9cc9aaf38c77add3d6118 |
| SHA256 | 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42 |
| SHA512 | 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tvenuax.dll
| MD5 | 1587bf2e99abeeae856f33bf98d3512e |
| SHA1 | aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9 |
| SHA256 | c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0 |
| SHA512 | 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.dll
| MD5 | ed98e67fa8cc190aad0757cd620e6b77 |
| SHA1 | 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d |
| SHA256 | e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d |
| SHA512 | ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tv_enua.inf
| MD5 | 0a250bb34cfa851e3dd1804251c93f25 |
| SHA1 | c10e47a593c37dbb7226f65ad490ff65d9c73a34 |
| SHA256 | 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae |
| SHA512 | 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ADVPACK.DLL
| MD5 | 81e5c8596a7e4e98117f5c5143293020 |
| SHA1 | 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081 |
| SHA256 | 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004 |
| SHA512 | 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
| MD5 | 466d35e6a22924dd846a043bc7dd94b8 |
| SHA1 | 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10 |
| SHA256 | e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801 |
| SHA512 | 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
| MD5 | 316999655fef30c52c3854751c663996 |
| SHA1 | a7862202c3b075bdeb91c5e04fe5ff71907dae59 |
| SHA256 | ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0 |
| SHA512 | 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
| MD5 | b127d9187c6dbb1b948053c7c9a6811f |
| SHA1 | b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9 |
| SHA256 | bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00 |
| SHA512 | 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
| MD5 | b4ac608ebf5a8fdefa2d635e83b7c0e8 |
| SHA1 | d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9 |
| SHA256 | 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f |
| SHA512 | 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
| MD5 | 9fafb9d0591f2be4c2a846f63d82d301 |
| SHA1 | 1df97aa4f3722b6695eac457e207a76a6b7457be |
| SHA256 | e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d |
| SHA512 | ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\W95INF32.DLL
| MD5 | 4be7661c89897eaa9b28dae290c3922f |
| SHA1 | 4c9d25195093fea7c139167f0c5a40e13f3000f2 |
| SHA256 | e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5 |
| SHA512 | 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\W95INF16.DLL
| MD5 | 7210d5407a2d2f52e851604666403024 |
| SHA1 | 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9 |
| SHA256 | 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af |
| SHA512 | 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
| MD5 | 48c00a7493b28139cbf197ccc8d1f9ed |
| SHA1 | a25243b06d4bb83f66b7cd738e79fccf9a02b33b |
| SHA256 | 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7 |
| SHA512 | c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
| MD5 | 4fbbaac42cf2ecb83543f262973d07c0 |
| SHA1 | ab1b302d7cce10443dfc14a2eba528a0431e1718 |
| SHA256 | 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5 |
| SHA512 | 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
| MD5 | 5c91bf20fe3594b81052d131db798575 |
| SHA1 | eab3a7a678528b5b2c60d65b61e475f1b2f45baa |
| SHA256 | e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175 |
| SHA512 | face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
| MD5 | a334bbf5f5a19b3bdb5b7f1703363981 |
| SHA1 | 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c |
| SHA256 | c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de |
| SHA512 | 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
| MD5 | 7c5aefb11e797129c9e90f279fbdf71b |
| SHA1 | cb9d9cbfbebb5aed6810a4e424a295c27520576e |
| SHA256 | 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed |
| SHA512 | df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
| MD5 | 237e13b95ab37d0141cf0bc585b8db94 |
| SHA1 | 102c6164c21de1f3e0b7d487dd5dc4c5249e0994 |
| SHA256 | d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a |
| SHA512 | 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb |
C:\Users\Admin\AppData\Local\Temp\Reg.nbd
| MD5 | a8ed45f8bfdc5303b7b52ae2cce03a14 |
| SHA1 | fb9bee69ef99797ac15ba4d8a57988754f2c0c6b |
| SHA256 | 375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b |
| SHA512 | 37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c |
C:\Users\Admin\AppData\Local\Temp\Reg.nbd
| MD5 | 4de674e08ea9abd1273dde18b1197621 |
| SHA1 | 7592a51cf654f0438f8947b5a2362c7053689fd8 |
| SHA256 | 56010f4c8f146425eb326c79cbad23367301e6a3bc1e91fdcd671ce9f5fc4b63 |
| SHA512 | 976d5772c2b42616cf948f215a78fa47d8154798abf1148f7f750545ed3de9ec1ecdf2e7e16b99c1459e5519a81301b9c1e6864e992a807b78257f0abaecc4c8 |