Analysis Overview
Threat Level: Known bad
The file http://google.com was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
Wannacry
Deletes shadow copies
Modifies file permissions
Executes dropped EXE
UPX packed file
Loads dropped DLL
Drops startup file
Reads user/profile data of web browsers
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Blocklisted process makes network request
Enumerates connected drives
Adds Run key to start application
Sets desktop wallpaper using registry
Drops file in Windows directory
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Program crash
Browser Information Discovery
Modifies registry key
Views/modifies file attributes
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Kills process with taskkill
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-11 20:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-11 20:00
Reported
2024-08-11 20:14
Platform
win10v2004-20240802-en
Max time kernel
849s
Max time network
852s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Program Files (x86)\\Windows\\Error file remover\\fatalerror.exe" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Program Files (x86)\\Windows\\Error file remover\\fatalerror.exe" | C:\Windows\system32\msiexec.exe | N/A |
Wannacry
Deletes shadow copies
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD5930.tmp | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCrypt0r.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD5937.tmp | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCrypt0r.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD6513.tmp | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCry.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD652A.tmp | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCry.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qyedrxmniilpouj597 = "\"C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Ransomware\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Ransomware\\WannaCry.exe\" /r" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCry.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Enumerates connected drives
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCrypt0r.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp" | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Windows\Error file remover\fatalerror.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Windows\Error file remover\Windows Logoff Sound.wav | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI32C2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3301.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Tasks\sys.job | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3272.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{C452D4E2-DE24-48B6-B5C3-ACB240A01606} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI33CE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI356A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3616.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI31C4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3213.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI32A1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3360.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI33DF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI342F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e633156.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e633156.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI33FF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI34DC.tmp | C:\Windows\system32\msiexec.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Xyeta.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Xyeta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCry.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCrypt0r.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{41CE93C5-5F1A-493C-B623-7D6287343552} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{0F91E8FB-1F89-4B30-BCCF-05CCFABF80F7} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff526546f8,0x7fff52654708,0x7fff52654718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2600 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x468 0x4c0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff526546f8,0x7fff52654708,0x7fff52654718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2032 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1348 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5376 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5360 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4036 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Xyeta.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Xyeta.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4392 -ip 4392
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 452
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\0A01606\Error file remover.msi" AI_SETUPEXEPATH=C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe SETUPEXEDIR=C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\ EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs "
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B5C8C8C43F238C4F2F0D1ABA62C4D37E
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B34711238E3C64B457CD896A4EAC71BC E Global\MSI0000
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCrypt0r.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCrypt0r.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 46681723407181.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCry.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCry.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 100761723407183.bat
C:\Windows\SysWOW64\cscript.exe
cscript //nologo c.vbs
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im MSExchange*
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Microsoft.Exchange.*
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlserver.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlwriter.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6944 /prefetch:8
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected]
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe
!WannaDecryptor!.exe c
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b !WannaDecryptor!.exe v
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe
!WannaDecryptor!.exe v
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskse.exe
taskse.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected]
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "qyedrxmniilpouj597" /t REG_SZ /d "\"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "qyedrxmniilpouj597" /t REG_SZ /d "\"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\tasksche.exe\"" /f
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskse.exe
taskse.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected]
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 172.217.23.206:80 | google.com | tcp |
| NL | 172.217.23.206:80 | google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:80 | www.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | support.google.com | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| GB | 88.221.135.33:443 | www.bing.com | tcp |
| GB | 88.221.135.33:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 33.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 95.101.143.201:443 | r.bing.com | tcp |
| GB | 95.101.143.201:443 | r.bing.com | tcp |
| GB | 95.101.143.201:443 | r.bing.com | tcp |
| GB | 95.101.143.201:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 201.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 40.126.31.71:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| GB | 92.123.142.88:443 | www.bing.com | tcp |
| GB | 92.123.142.88:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 88.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.142.96:443 | r.bing.com | tcp |
| GB | 92.123.142.96:443 | r.bing.com | tcp |
| GB | 92.123.142.169:443 | th.bing.com | tcp |
| GB | 92.123.142.169:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 96.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.142.123.92.in-addr.arpa | udp |
| GB | 92.123.142.96:443 | r.bing.com | udp |
| GB | 92.123.142.169:443 | th.bing.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| GB | 92.123.142.96:443 | r.bing.com | udp |
| GB | 92.123.142.169:443 | th.bing.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | tcp |
| GB | 173.222.211.41:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 41.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| GB | 92.123.142.114:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 114.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.142.91:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.142.97:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 91.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.142.123.92.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
| GB | 92.123.142.97:443 | r.bing.com | udp |
| GB | 92.123.142.91:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| GB | 92.123.142.104:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.142.82:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 104.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.142.123.92.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collect.installeranalytics.com | udp |
| US | 54.156.199.125:80 | collect.installeranalytics.com | tcp |
| US | 8.8.8.8:53 | 125.199.156.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| NO | 185.11.180.67:9001 | tcp | |
| SE | 171.25.193.9:80 | tcp | |
| FR | 212.47.233.86:9001 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:64698 | tcp | |
| US | 8.8.8.8:53 | 9.193.25.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.233.47.212.in-addr.arpa | udp |
| DE | 144.76.163.93:9001 | tcp | |
| NL | 194.109.206.212:443 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| DE | 81.7.10.93:31337 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| FR | 51.254.136.195:443 | tcp | |
| US | 154.35.175.225:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 719923124ee00fb57378e0ebcbe894f7 |
| SHA1 | cc356a7d27b8b27dc33f21bd4990f286ee13a9f9 |
| SHA256 | aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808 |
| SHA512 | a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc |
\??\pipe\LOCAL\crashpad_5020_CYRQIGACLVJJGDBS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d7114a6cd851f9bf56cf771c37d664a2 |
| SHA1 | 769c5d04fd83e583f15ab1ef659de8f883ecab8a |
| SHA256 | d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e |
| SHA512 | 33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 810fbd8a97b828ed919b33de7470c79a |
| SHA1 | 9968e14493ec2f1a599a2ae3c244b73990ec6ec5 |
| SHA256 | c120dcc877cb810f8b09cee56afdbf6a1c663710859fad7953cbdfbf153554e7 |
| SHA512 | e56eef5b46a162526a2605a54476a94a3accef7e082cbd6739a541a4727c1a50849756938eac5ea375e8207f1f95a3a0e3babae9b5181126ab322ffa8cdb217b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 48d2860dd3168b6f06a4f27c6791bcaa |
| SHA1 | f5f803efed91cd45a36c3d6acdffaaf0e863bf8c |
| SHA256 | 04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77 |
| SHA512 | 172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2b7baa683331bd72089fad6d95944b2c |
| SHA1 | 610b5fb62ab766cf729824bb5b1bdee3bf58880d |
| SHA256 | 16c960c8dfc2e41f40325b5e31e4dd1b4d51544b20bbbc12962f21f0e335210d |
| SHA512 | a430677cafee065ee191e428c01821c2c212b8c9b1f4f463ca4c3360ab949b0e9d903b02e3a357d7dd7e9bcc132f81a2c1bdd140ef1a4c05245f15f0e8f6a130 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1c2829fa3eb1ee28554f3fee2ce023c3 |
| SHA1 | 2e2196f0dfaa7886ba8db37674cf7744d3d48d69 |
| SHA256 | 045d0b55c280704439885388b4b68e9575d998b73cf10c006ea91cb721ffcf61 |
| SHA512 | 1241602a103eda39f586b88bd655563116f8e95e307038c25020a0f05bc6bcb9aff15f614ec76305dd4fdb891f30d0107e1fe34f7eb7e1ac19494f4a4c3993e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 940ac79df7a0c618689ed9b1dbd89310 |
| SHA1 | e213b3d08e0390b579c0538a3df988ad9ce92752 |
| SHA256 | 6acf91f137dda577e55d16623abb91af2c6509bbbf0139b9a4b0ca02d85effc9 |
| SHA512 | 5280576297d638bcc66aa7833ff5576ce998e62a908b06e1e0ea04c34f68bd1c9bd2a1a1abce45e729c59c4da818a22f2cec7c3b36488b6ae8e1e43211a0014b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b6755486fb2804196430502fc0ccbac4 |
| SHA1 | ad03387f42b23be4c16c919a58659a35173301c3 |
| SHA256 | afae817ff92b4e2ef2085a0cb1ddebf5c725cb0f6a5a00ff70ddca1dcfc71b13 |
| SHA512 | f246683280314250fc9f594bae77c8ed8ce9c591d66ab6d84387420ad7e597c84458594bec23ac290afc845952ff71efe15a909ff0b28e6e51601853620dabf0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5e2c4c20c319ff6e27d5b6ea86a2f87d |
| SHA1 | 7e0c52430edf9e1fef7eddb3ba20fbf60cd6a32a |
| SHA256 | 4a6e41d3fadf107b31d221e0ee43bf0a379c4b83a5fd84f3cc4ebdf4733d3861 |
| SHA512 | 993651e569bbea80e5a81904e4dcf687ea5813b2c7b3f544b4b5a03edd21d97cd722f61f5a4d9255eb8d717486a1c91a50496fe8557f219f25fa1a6cb2d593a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fc1864f57fc14e727a8f3717bd37a31d |
| SHA1 | 2444b35549955a226865a1eb0664ad37cdb16b72 |
| SHA256 | 1f73bcb185fed877282819e4c63e6acb6f5442bd4d495aeda64105dbc19849ad |
| SHA512 | 2a8cd4a980131499163dc41ddcfdada1a605507b4aa384d4279d761c35efbe23e92fb6cfa5a6d0e81e200fdf3d8b3c108387a5b21b55293b6baa79a491a16e31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6431efaf3067cf3d66362ed47e2fdc5a |
| SHA1 | e531c1b65f5b17afe014cbd8f6f17fda4e5e0820 |
| SHA256 | c7a5f5fa620cc78321e7b255d1688070031de5053992abdeaf9db2eb4ead8fff |
| SHA512 | 5f6387fa37c1c512ac56ce79053f65eb36ae78f73b2b89454fb0e3541fe2b0c8837cb258659946a5213df7666738eada28b22589b46386ab6276771f54237cde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7b164aa863fc86c8807cb96deade8947 |
| SHA1 | 30bafdcca5c8e5a73cdc8ddbf93405e7e84c093d |
| SHA256 | ed884ae7c265bb5008d34a7ae7f240f8ccfc36884dc4111ec578589025d02f82 |
| SHA512 | d70fddae26626be6f8b73eca0b28210d39543b878be7edd2d04b0061f59a9722f10cce40116e9a2405b021e0d78341a8265647a8a720e9e676446e2297d088ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c3fe117fce25c113f7c50a2251f64bbb |
| SHA1 | 669b401c0186695eab005cf4ac2736eb1be00767 |
| SHA256 | ebea96c94fa1c2c6eb433acafd7b7085b3ee987decf6a05c6af61f4a8838c14e |
| SHA512 | 8651b56a31ab86377d850d8ca6bfd29cbde10d165cf8314d5fdb06219d769089a493e8579c93c401ca8aa0188f2a240c6fc4d3df59bfeea0272ba4cafcb89ecd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 13a85c0f029211e35cab1b16af991e9d |
| SHA1 | f8fa9fee29f2b44b0a14881d4bc8205b55852432 |
| SHA256 | dd50c2d805691d7e4ca2a856c8bd1c4cd679aa5a2b362165e488dc572ef3b390 |
| SHA512 | 652a44e1f41b4485b94bd76cf8306245b3f366139c78b083740ea19bcadecb74662c671993d69c51cb5b2ee910b772052093d1809089a217dbc39a2fead209b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 1fb8e6044f64b4166f6cce60a1764513 |
| SHA1 | 101a4665a855230e005b86770f9a54f23212d9ac |
| SHA256 | 6afa77d48a425c7f84336b429b46be509c2f096494c0bdb6249aac67e7527903 |
| SHA512 | 16793ede3103d2cd7422d8038f6cf5c10a3b1d3233419236ff74413c45215453eed42ac727ba53587456d52d492f6801343da805cacdc67927910c8f8926eb0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 5f583125845941525c2ebc7749f20550 |
| SHA1 | 5931fdadf72aaf8ea64e066a638314ce0f6da902 |
| SHA256 | 9eb8ada4161ea15c94fc0bc2e805bc2187c0407cb75df8fa2b87ccd8dc88bbe1 |
| SHA512 | d610586d98cc5bcb47cf3f51d9550ce6321a80a053db245a6091aa898e66f118a9446b13a248cf76ac56f8edf96d959fde4a698d9a6b6962d3c0ca1f346b1de0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | e46024d0f93bbe4a888b7f011208af15 |
| SHA1 | 85088d3a32b71ac3b286889a281376bb37911969 |
| SHA256 | f5a67ce9112d08d5d2be8c2fed9bea4efce984cbfb09fa5f56c9ea81bd689ba7 |
| SHA512 | 635505b00442e9d7a98e66f73767a37394fd79f5c7c55b6dbe98554d5da8496b640268a68d07fbdb4eed81705fa8640a52487656262fbf3ae8079f4e7bd3828f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | ce4eefb053dddeba7c6825d74c3fb6d0 |
| SHA1 | f8baebeb74f84c42911cc225b303d5f8bcfc1825 |
| SHA256 | 1056252027ee814bb9987428ed92a820b6b82f34640e27ae09537185a4ab64e6 |
| SHA512 | 7ae4fa87351d9d3535f7ab1f1cd2cf7cb57d1b1ddee716d692566ed675e1e4f0e0d1d6619d3ac8687616346382178a6f0137268f7403f495cf2df40b04fc173e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | c9eccefe4d92cf70692e98a3dfc099e7 |
| SHA1 | 4b791e5658fd730c3434d3a27ddbcfebb8f883b7 |
| SHA256 | 3d0cdd1a43809f966707d2cf75625b77bd3e15b4b94be943365666b7f2886511 |
| SHA512 | 2d0349ea36b482dff925c8866bcfdb26b39f8c31900d0dd79ea999d7942babd1862dfb01d7324b69cc3748070c47d08e5e1e7e1549a92c2e65dea9eaea60e7e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 75d4392392a8c22ed1ef376d3399627a |
| SHA1 | c74fe684d60ac563b41c21740e18ff59ecc19bf8 |
| SHA256 | b66045728af1939cebee39f6c02f3d5d2f45f8235163f60c620999ee6df7965c |
| SHA512 | 2d493d0b382bcca8eec93dd1b71ba6217577e1fc5c2a921eb2e5d59f54f76fb99b4c5f5405232d6b1bd83269d5bf851cbecbcccada51c12d46d68a73396af5c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 64c8c80110140d82f63b53468bdd0393 |
| SHA1 | b9cb303d41a0c6a6d4c9b08a518aecb2e368e94a |
| SHA256 | 945ee15c99776a23a1ef799d20a6b11978346ec3ccfb45a36d051be497a80f49 |
| SHA512 | 8cc2367765df06a17220da8712c1d7d81ae5ee20829e0530aa4e4e4b9353683e0099f56c16868c2f4578fc5306111cdcb74cdb8da695e2a1542a9e467eade6c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367880023319024
| MD5 | 2ee3c638521310e61d45b4668120fec9 |
| SHA1 | daf996dbc10aa9f753a00c51c6f9c5c6734bb351 |
| SHA256 | 44f7a1d6f058dd3c332261971c4a0a8cc7350ae8b837f51983f2859bef0262f0 |
| SHA512 | 0fc189594961080f72fdd677675574cf32ee80131336354ac08736dd2d846c681f317f9baac16d11cfb061aa61e93707dfc0865b55e7624de23a60e353b72d9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 65dda5b8f60f3ce5456f0912d72e441c |
| SHA1 | b99d17b82fd15cc3e8217f65a7842c8ff9077f45 |
| SHA256 | b9d4026a6607ccfbb85e4abdebcc301dd2b344b967305841bc60b9f0c4845d1d |
| SHA512 | 70c96605150135f156bc33b66b1a8e25b097eb56f3e43db24cd0503a33ec15eb8bd24583ec1faeac9f84a862a3893734157a9afbf7a7f9c6af3839805bb16c90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | b5d696eed8b0981992d1c3dde27de428 |
| SHA1 | be8cbbdc215eb1f6cf47b18e6f3a5afdafce4680 |
| SHA256 | 4c0917e59cdeb78e13529ce22ed0a7dfca29ad90097135a8ac0d30428a2c4115 |
| SHA512 | bbb3deb44cd428c5ba3cab166afdeb9db27cbe59e7d0a16c23c3454c2e309c015cf92c7d2947f1176dec20f02e5da08b195121873107ddb920dd47c7ab0e30eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | a40fd537e7d9f640f0673c0541818758 |
| SHA1 | 339ca75cd2d050b5c340b0ca402ae918154d99cf |
| SHA256 | 83804b337781d458a95566012bd91efdfcd2519c6f714326b1d7c909c0f2cfaa |
| SHA512 | 6d6eae7645976d7258a0852a0c53bdd63fd019b75bc658324b8770077425c1b2656c24814c6292e791a4e39ff0b1aca9205af17f762c15d921911dff9869d547 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | d012505655e05aabec45f79533c3cc94 |
| SHA1 | 1c1fdb8e77541be025a9e30110e136267861a8c0 |
| SHA256 | 1f20ad1d78fea3db3bac164d893f4844aca95e9ec7b11eb9f3722626bb831567 |
| SHA512 | a39ebf42182e3c57f66ffb4b9a23637b50446d766eba53326da03f4788571c04ce8da15c4091ca85d100a50eb2bd7717ae31dfab9182ec054b539a62fbb65424 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 878cccfbf202bce9e5b72fc18424dda5 |
| SHA1 | b326bb3f2db79959d9773d58dfbb2b8653c1cc1e |
| SHA256 | 13efbc24c9718b80899f57564546046ffdc43c3d8be457fb6ded6c38095260b5 |
| SHA512 | f6c8c710a91cb733892d74bd90dfee129f23e7c4fc545a686d18593aff41892a42aa7c06642d7302e23eda1a3b57c9daccb3d704a2ef31bf6df45f16e2d37752 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 4502ce11d6ee06ee7aa08f4ab263cdd8 |
| SHA1 | e15d06a57dd0cf2bc50a223e37ad44d7af38f4df |
| SHA256 | fd2d7ac7a5bf3a1172fa72a7d64b9a1af53c17aada9f1a3b78d7b796d6d2c487 |
| SHA512 | 1e32ec25a23e2ae156f9a63e662b76aaff2a1b877c8ceede565811e1b5ef3a6aaedeafc47a0e62746e111f900b966bcfa31d01b0dc79d47dfc0892cee60cb936 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | cc4495d170497c28c7e706c2f06e0330 |
| SHA1 | 8326cd09aa1deefa518410abde4ab82d16144186 |
| SHA256 | 45ce2100f4901a23272c1f086098279a10fa4a1baa6dbb734f18aacfd2786e2b |
| SHA512 | d42fdf2886b301ab22c6f85ae93ab46b48cd756654ac0d1ed12a661efff54391ba93eeaacf95c35d6e7a04429890a947e998cec84ffe5ee409f7e613dba658eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fad267668d4c34e7777dcb71bd8b8214 |
| SHA1 | fc55d9b8a34d0bced8f692eea32f7065b8b01eb8 |
| SHA256 | b1f4a4e7cdf78903142b763b27d0002ac0aa36e01eb8de399efb6ece107c7642 |
| SHA512 | d2fce4a9e1e0e11f62cb0228d5762973a5e6a9f239f684613341df423db4d7b0e1a7006fa44a2120d5a819b67e6d9b51669e94539e11dc471225de16eaf6ad9c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 316432c0d17cdeab7d776922185e9d73 |
| SHA1 | 6adc200deaeedc9d76af53f4b690e1bfdacc29d5 |
| SHA256 | a1e247d97d77b2549e4bfa54f8d45625e434a910e6bb0d2d6a71e9d45ee62c28 |
| SHA512 | d490dd759142d6c6f2ae301327db7fcfb147d6fae021cc00a79675e8467842df4597ad63306a261026f2c7a59c95ea8e9dbf73d5572dc792a7f2aecf7d67d1ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006
| MD5 | a33b3a3fdf5161be5bd861804961f557 |
| SHA1 | 68a57897f1686a3e62ce9808165e18f31661d077 |
| SHA256 | ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560 |
| SHA512 | c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007
| MD5 | bf84734a469b89aca5a2450ff72bf3fe |
| SHA1 | c6d1d87de39af595d5b418b44efcbbcb1b5d96a4 |
| SHA256 | 429f7392db31248d0401a41671917da4e8f491f5b4948f6012ea5f44a6c858e3 |
| SHA512 | 28f6fc0d41a5348b629570507cd92230c167be99d54f244666b69685403986a5aa7cb779fe156ba7043b9ecbc8527b0471bce6383dffb60a8ea12f7b960ea931 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000008
| MD5 | dc89af7df9c6ca650e310b1f298f8d77 |
| SHA1 | fe8ce0398a5746cf2db4dbb22f366419c184d1d1 |
| SHA256 | d8df757e32e39db47931547397eea399545586775010ba5f5e8f6282cd3d460c |
| SHA512 | 93314e0a31d7e607d31d7aacb73ee2579506e4abb672c536a6d4f64d13d0b48fa3dd17987e98ad3a9f4e9ebf8679dd2daa70934b7dc98ab3c5de5cd338f1f4a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000009
| MD5 | d22cb8682c6c279a568ed39bdc634f0f |
| SHA1 | 677360e899085b1fe7af0098575842261a6d854a |
| SHA256 | 78b575d52c9342adcc7b89ee8545e0577169b0d520a9924c7d53bc3587b240e0 |
| SHA512 | 2ad0f705556abae3edb620d4370c1e72c749935d6ec079a10272ba2cbfe42d06a67f6fa1c3d80755aef9419391f701e98d479e946708e26980497f438b154ce8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000a
| MD5 | 303a4b69a28d0e0a803b8a541ed74fa9 |
| SHA1 | 87cd1440d4dfd1b3009ea361d822cd1be57960a1 |
| SHA256 | 969adad92315c6139b0f9f978b44e31745b3b64ad9fd0a0a3acde2d97cd664df |
| SHA512 | 966a785f28af20827c1156f72c8fa894aae8ad69f568586528bb56260b899654dfc23f4bd605dd00b211eb92b85498cf4e61d361602faefd40523db01fa94251 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000b
| MD5 | b4e0f355b49ccc2a27791f7936791cfc |
| SHA1 | 8c5ebdba784b7c50e920cb2107840cee1b7b7473 |
| SHA256 | 93de14b1e7e3d9e1e048b1a4ea06747c3b77c3015cac870a4e53c42b23626392 |
| SHA512 | 62028acf445f7cc4b53a6f48ae425c58a4541db8c96e98358f98a81300251a56f4f0965e48bcd2eef375f0c4b3f5b669b37e29531fcacaa40dcb9e1fbae2c80f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000c
| MD5 | 03c9fd9c73a772c9a526e78a5d43ec4e |
| SHA1 | 1a35dbff5da0d72da1ffee45dd16950b19509b27 |
| SHA256 | 3546a568f8c20523254cefea70bb01a2e25697e1cc5c6eb766d2db6d56866720 |
| SHA512 | 3cead69c95c18fac695e1aee9a94628f5dd1ef92719f3203dc016c8c8aa134568835f40758ac38caa8aead325597f6a875d284b1c7b8a94f92e7c2d26410950a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000d
| MD5 | 087b26dafaaaa077d3495a275f16b496 |
| SHA1 | d808255ca7ae7232a1b08728b80a4fa1c3672c1f |
| SHA256 | 2d339ca6640f5f6cf4c626616618bc8a7b157c26fbf2831140463860ad896a05 |
| SHA512 | fffc11aacbc375b8e60d283480c831ca869fbab92c60a35c765de05fad11decf8228c7ad079b57ec21031310b30b6febb3bfb0b707f4d40f4842abe7247b7a2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000e
| MD5 | 596c754665dc3ef9437ef542eb4b130a |
| SHA1 | 2fd7ba914e8df3314850a0f0085d5388e7d45811 |
| SHA256 | bc79b14f5edf047445a5ead84ac1c46d8bb2e8015fe8465f1ba90a8286375500 |
| SHA512 | d224eca48a06915370fd20858d6250df1f19a8990ec3bf2230fc5d72f1b5f356f609a4098fc5c22fcad8137734d4adfe9d69f0e91836fcfd6c1c4464559168eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000f
| MD5 | a25adef2f842f95e15d241ad23b05354 |
| SHA1 | c2666e5f0ed28be2e5f55b4967cf6ae59ae274c9 |
| SHA256 | bae72b9963688358681b43145a0a0c8f4108d9dafb03513dc36408711115be82 |
| SHA512 | ba8f9de878a421031a0b8ddb9a3ef4e7d47c5d7ddd2c8606bb0b78d00f3fcd9d6e9b4217c8ff24008de814aa66a98f3d7dd423aaed9d574f3d627df4eb335156 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000010
| MD5 | 2909e31d70186d165ea9f8eae4c000f3 |
| SHA1 | 2d4d83b99cb3568d3f8c1a6893df7952f056d8af |
| SHA256 | fd393e318c096bec442c6d1f0bc2cd9a73058f7c3159aec74d809146178c30f4 |
| SHA512 | bbc9ce2aa8fa2c371908afe356415e7a0c83ff14675948f6e2870396ee589554cb73371bee759f126425cfae1ccfc33b4558bf7a5bd9a74b367aa16caae01d74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | f34b9a81dec1174f291b91f0cd69d31f |
| SHA1 | f04502161dd8bd35b2178f27e0167b8fdb9a89a0 |
| SHA256 | bf05f1ce8992fc20913eb6992ade58481bdcbe5b9d4a0443d3f11bcc704bcd76 |
| SHA512 | c228b755717b94872701e2252b97fbe6a0ba83cf82d28174921957e80aa15442c2143f45a04bf27061b3fe48bdb46fb9c379ac5cc5878b6b71c5372f6e78a126 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | d6c6f43d26077117f499f1aff269d3a9 |
| SHA1 | 979d89cf89745cc286739efa68b1c69b5d91b47c |
| SHA256 | 75fc0c3467e8144589b7bbe2282919583634de8d678d9d5e616b27280d0b0711 |
| SHA512 | b5bc1087c3c0285518422f2630c3d432f70a97fc35e8f96b6b3518a00f7800feace37af47b7202a7c22062fffa0ebcf12a11c795534966c9210f907010e8ca38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | 437870726879d5bd7347e0dc0879a01e |
| SHA1 | e603cb96a1b3e8dd52e915a278a8ac2685bbd93d |
| SHA256 | b32e3c410398451941d46db0f496d557fcc2c458f0a016b8995eec9b29e4c189 |
| SHA512 | f1f41c72b1a77d425a00371041741350628a88ccaa952d418125e551d6b4d47b4b1edc3dbcbca71c81398cb49063ff75940e8aaa0d39db43aac29f6af6915032 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 0564db8ca18dd7151ce5b4f84aafd34b |
| SHA1 | 6a2396b126183374aeee455075fc2a9a1c277c43 |
| SHA256 | 8e6d8cf3b1ce33d9b94c0bf869c3acd62bf93abd1e1f9e273fc38c812226136e |
| SHA512 | a94e0df9ea442940aec827cdd7f828457d8623ac94d6730ee10d5648a3825dea276206210c23c3253a94821cf082a8618221539b132f46ea69f67fb7df0d5ec0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 98636c209bc3590b505a271959b89b4b |
| SHA1 | f2d5245a597d22265c93d200cbe3661f6368af2a |
| SHA256 | c5336e1873041b958e7ff0fb77fdc529e2b86d74587a22149d0d9da219b3ab3b |
| SHA512 | dbcf3a0bda66eba532bc40a4e9574ee63c9773024ff03cd7162e39363a1281861ffecb136fee460f9699cad2c1b01a7ac486e62cfee134bb1e6bca6c47d58f46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | a26cc9f7a5c4cc0f36b4323ca711afa3 |
| SHA1 | b546c4fbff3b19f13d78bc03cfcf9b173332dbd5 |
| SHA256 | b5f15914b9d8b5258a90281a26cab2d32df25a8c0181f68da21b2c79f05324ef |
| SHA512 | 4004d10dd3ebbff10533b6a6f5e047a1634a62cf4a62984b9a9fe276a07d41af9f78e58b488790aa195b2727e594dd4d737cc9348669b0bdcabfcb4593f16549 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | c5e94ff3eff4e7e3fabe2db31dbe1d9e |
| SHA1 | 1be8754a8a7d98fd02e42177eb85207603ca7ff5 |
| SHA256 | 3a561e75cc5a81c4b4f6a0e69d0a51c4cc1a64f4f051992f789ecf8d4c06bba4 |
| SHA512 | 4759421f3e07964d2dc82e3672454433d807ac4c11faa22af11f3181c421bea98ef6213439f65019b4069def3f2556ab3bc9fe66fdcda8d360e97a52e79cef3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | be05841e6dbed8aa145019acedb88d20 |
| SHA1 | 118083dfe0841c73dd13af811a6984275f97f643 |
| SHA256 | 3bb8d64ee16843327346aa70dfa96dac6f9595298abda614581ca29cf3318c12 |
| SHA512 | d000bde237455929adc79b48a32334860f6fb80fd41499312e9e35a58cd07d349c313030c4f0c23d35e5faabbd3fb714f16d3f368a4644ce95f92cae9a969071 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5625b5c8e55e99a92eeda969786b14ac |
| SHA1 | 4a742c838499d88a5a3873653e0ef17727d1b76f |
| SHA256 | 609a8b0778d52d37c4d5a7f8c47e1a7ea18c6e2c7ce7e301d005cf35b7d9c79f |
| SHA512 | bea25a73b8893d8519e252e0682d24130b89b86aa457907b50b314e5f772990c4a7653c499b6ed86e9996af832dcbc28f8b61b6d9419184ce513989fdbbbcbcf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 24735079a2be4ec2ee698f687c970249 |
| SHA1 | aa07cd249de45ad12cf4e30cda5a5d067b3cc72b |
| SHA256 | b888277c14c6d4e2242e88328ada34a8130357cd1be1cb5edd0ca466019a6d3e |
| SHA512 | 1f71a74257ece8b7ed1105972bda36fb6e0e08ab6498f07e726ef621587ae54a1cffe9e87d11ad702a3cf87012faf257e393e0a506599a13e2c2c36b86d4146d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2d5fc6a8186c9c39935f40c63b77bdb5 |
| SHA1 | dab885d2702bf80a66f6b17b1e23659f95bbe700 |
| SHA256 | 7eae2a1b193c42427e03c4b3d0cfeb8f10d8fb7b730532747778dc3dc9fe82da |
| SHA512 | 88003079411299c48d1b0b01dbeb9ca737cb419d7f5932aa95298615e2a193bf663dbdac3f34ab2e5b2bb8b39c7682aafbfadf735014c34dc5c5b4418ab90afd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 50d2fca7aa404f0aa5137c75c6ed83ff |
| SHA1 | 1b480745338f0ec96d26c95aaa53439a0c0b48a7 |
| SHA256 | ecacd94b43e1aea672a0a958c91fabbf94579b1dd9e2cdbb5f747a684d429170 |
| SHA512 | 4458352147cea699e955f174dbdbe9d3f33476cdae73650a49467c0754c3e59250dc0ef439eb4c4d843d3b4e40629f4870fff2c1a48a26a0daa1cde1dfa866b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 148be2c2f6a614139a3c7dec4328d9c2 |
| SHA1 | 94c64e1193432f82bca2cc159e411843e677c23c |
| SHA256 | 90329d01c874031915105e3292375b994771d3e59851e95b27b6dd4d46df9757 |
| SHA512 | 7363509dde9a01092613b7908fea04f81edb74f97545571a166cf8acfeb64b03b3688abb39178aed91efaf58c0feb3ee5ae20a615d933704058f01fdff00172e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fab27ae4c758ba8a6afd714ddc0b2c9c |
| SHA1 | 6a487352fbfb0cd2a8faa5ea598c91e72deae525 |
| SHA256 | 65ce4fe5652d26b6469982fc28c9d7885553309360b2c365bf6a198e0a1145e8 |
| SHA512 | 6a864f81a08b06df24ed7a79124e316afcb2f0ad70a948c3bcf697ca72fe8ced6d2d14f2786ba1add1debc7a2d60b3f27c828cf497980570a3353acec9424cbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f2bb06e6623acc82160d5d62c440ba24 |
| SHA1 | 754b246221c85c7d5f68e5d5bc2a49dfd416c38a |
| SHA256 | 14c9c78584391afce4185793518213f38948870da5a4b9cc4cab4a2404be01c5 |
| SHA512 | 54ec541e7ca39c412b671d369398cc22fcc631651e080b380fe711522f95253a992d4c592ec1a890a316163c84fbbb5b1900e6f8b8582bbe0b27a722850aa182 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a0aafef5223d48e3550d2981900af296 |
| SHA1 | e79fc3c224b58d362622f42c79a74c788fd5f6bc |
| SHA256 | 859fbb1fb39f03f7252b56624d68be77fe2b7c7d30bea373fefd1659abdfdd32 |
| SHA512 | 83960d8d5523e5ddc33e0277fc7fe297e9d0be184c20c408c1b3fe96e6ac41c9566bf97892f8349719c1b01295444080c5c7f0a4a97955edfea4ae44e2dcd598 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3b0f9dd912b8da9165dcd4b4ed14a1bb |
| SHA1 | f16a1d29ca32e31a149566a9f6f12fc1ec7a0046 |
| SHA256 | 541f3ad50e0c4e681f1692fd2d80a14dd04e3cc646d850fd963e3e29219c746f |
| SHA512 | c27e277c74381105a8cea3d0ef9b8b745f4b193dc6b498ba5a2ec739b550853a88774be11be0b7762914b34140b56651c9b71888eb55dbf0c20a81f6e1d726cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ce62547cae826a3bf378b5b35e87ae84 |
| SHA1 | 60fad5ea5e5ba9ca57f5ec70295de39bd11cd82d |
| SHA256 | 751a09c61d0186c84b4e9d427eab829d97232a776dc133054bad82eff56c32c4 |
| SHA512 | f29b8f0431933c73ef533d8abcd1f0287b915fd0844ae1d73662a1b3bece3748f1866dcc9f80d9d0161a19379ad35f6b7f426398aa712c202f598b7d8b487cf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cff1595daa54258919afd1d08d35b6cd |
| SHA1 | 6ff8de9c23a7eef9b8cfd38ec03ddf127fde9b29 |
| SHA256 | 5689161dd5fd0702a64e2db75cae72948016c39ff47015b62a1ff0f19a64b7ba |
| SHA512 | bb510a99bbab86edf55b328200ab229b7037bfb14c988de887e0b440cf80af07b6a7346e58aff9cac0bbec581070a3d57b13edb0fef3db318d6468956c18ef85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5a94def50eac0b4d222be4cbb513a486 |
| SHA1 | 0f595d88c473d8c93b0388b280324ba39b5f5a99 |
| SHA256 | f95503d1b4ebf09de0d44c518823bbf1e42ec2a6e9f700185673614be9b0a268 |
| SHA512 | ca5170b6bdf97786efbdb2169611e25bcf2938a84ca6dcd8a65f1669988284917aded596b7551375930910ec4d8f1a4c791bd0dad41b211d087079091c7d5112 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d7ca7d75f4597c210e0861ade7eca99c |
| SHA1 | 96598ee456fbd1798597a2639d14e6cb4e84328e |
| SHA256 | 0db4e6a83f29bc2d033d9c22d66ea0d8c23f55e7de4b4dd1ac7e1c9df8fb0194 |
| SHA512 | e96a9f9a02103857bbf095160467ef083c664586a06b25d2e427cbad9b5bb711978987a093c82fd712502cc1fb6a9f456689430beaa759eacb98aa489602e68b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | eddf384d01427b2b4675ae5bdd354630 |
| SHA1 | f95b3ea1c1c8e38198236be72645d0f694e67202 |
| SHA256 | db98c302c5ccf973271781c52c31d464d15a7e829cfd22adba4cfe15e01301a5 |
| SHA512 | 032bacecf4429e426c341bb62d420c4bf79a31dc71450bd894dee68f5107c4521e530271bff1317e649f89ea52c5dfc53d51966d9444638e686a8f602b966475 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e42cf26b59a1203f37e2473f9f5c2aef |
| SHA1 | 553b0ed8b258d570f576463f59ed5eff43f69a42 |
| SHA256 | 274539a48ba5f75dd9e3b1097b387a20583d53508690cec0959f3f0ebd7e3f23 |
| SHA512 | 6c9119a92969903f7d7b736a6c1ac18abea49c12b8f77ffcf44a1cbdb95baca76d1b0adb2c02f12abc0f73a70e41b71fc3bc0369f437558867ae2f15b209730e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0dac188dd150aa736b8aa400b49b4279 |
| SHA1 | 58517f247e35cf5178c904810943993d8c04797b |
| SHA256 | f38d14b675b4a7b3ed3b468087ea97ff7bb00a3f18443fbb4699b6f7c3f6e5b6 |
| SHA512 | eb45227dece8de473bf0b1a8624729e031f59a5cad9178e9d2c38b66b8617085f9a978586a943008d8446d63ea666aa714a43dd1df1326f1b54eac27fc404b5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | 9071285d02df11f85ceab92d83a11a0d |
| SHA1 | 5db34820866176ab6bab420cc57fe87f47865fab |
| SHA256 | 3f0d2e5c107439be37d99022d5c2fd0e7030a5251e6b298c4fd66be27a8cef6a |
| SHA512 | 67e631c3b574565926fac4c134e7257beb62b7165b313f5eaffc397e58e513756d29c3831def6b8a60a884e9c40c5aea2c05b3226876a1cac1a346f510f1c385 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c4d0c84ab2095c60f117fcf0f611147b |
| SHA1 | 2934f66237bc18c5044682a4c07747bfff519acf |
| SHA256 | aabf984d77547cd871073bbcf461bf3fd8011d4153bf0bbfd3fed5903fe9fa45 |
| SHA512 | d78d4c8b36a604afb64fa5d7d560c5b98467a1acaaf275b2ac00288ef0a8a90aca007ecd45326eeaf8399d712abfa53a583866046fedc944d10b4743bc86c25e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3e9d66b7b95682fb3f21d12eba837729 |
| SHA1 | 7d159a750a729d92cfeb77d06cbc50fb9c87b8c6 |
| SHA256 | a5bd0ec2088f707b3567aed5f1490a0622c668c1ee959aad50a3ef1e6cc81cd3 |
| SHA512 | 174ce6fc76f587578cb0b731f66ab56a47d6c04e5d54c2720c4df18a3005047dd4c3546a6db342a36e67108684e5062aec5cf1cdd6e120fce7172621eb541048 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bc050adcfcb1d51a2ca485118e157bb4 |
| SHA1 | c0d0cfc208bb7eeaba333fe3e44e39c1bc0784de |
| SHA256 | bcfda50bc854214ba80ea255ff9f93cc70fb7faed7cf1433ba904b958d0f1b24 |
| SHA512 | ec27717a9490481fc8dc3237f7edfb73def3998ee19e849e37bbb74236b0a39d2ff0e713b4e3163f598e53d011cbd1869a87a870d8340614f7d4c7a764145dd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5fffabda7c2c6f7e4088f6ac143127b8 |
| SHA1 | cfd770112021562cd12e0f94e080574caf7079a5 |
| SHA256 | 6afa765110751c1fe31ad3c61c666f615a5f1ec7304490f71e0c0d02e933dbd6 |
| SHA512 | 3f7e05533391e3fc0e5eca9bb59053dd06cd3869c5a4536dcda470b2aded68ddeb7c6b91f345b66ec40d5d6dccacfa237a0a24553f96002af26e6367c77e0ed4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 945716ff501fd111fadabaef43efb98f |
| SHA1 | e3beeac656dd7b5c331e10e4f076ae145e1a4f6d |
| SHA256 | ab4de6edf9bfd30ffcce9030b7ac256045f882e962ef69a6e72cebd153310b39 |
| SHA512 | c752cc3c74e2cc57e671edf00a177c923387cde9d7a46d993e4da34578bd23ae72b1f09f8ff245d84faafa20f5428945b1c04b9bac20c6993b6c02d1226f218c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 21f4966d805bb53b51282c451905d040 |
| SHA1 | bf6f78593231f9af34a275c658bbb0fd4f07c54b |
| SHA256 | 8d5ecd02cd5bd498f8439e5b2f4cb08cf819093dae358be923735cbe2b0b820e |
| SHA512 | a951d222d8313d9ff905ba4f7177fbaada8d72947c5aa4f9e37493060eabcc541a31a958fd032dfcbe07452cb81c5519dead345eb8c3808cf02880332604ecf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e83798036165846c_0
| MD5 | 08ce3bb61bd4af3979880b1a9f723b54 |
| SHA1 | f9b15f381fbccd32d076a0f72e1074220e196434 |
| SHA256 | 3eba677d8d86b34f5033316c626149bfdc76edcee8ab77ee1f5c7fe7529ceb59 |
| SHA512 | e9e70708cf628cec7c1cf40623cdc4eb5f4ae19a7291a21a2f1a72191f27a55409c87567b2bde2292ea8d654c3fda919c655b3d9585550bf9bbb98169b8d7d28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\580fd9376c2d4a3e_0
| MD5 | 657c475f715841d68fa1cc2eb83fdf4c |
| SHA1 | 05a32ff14777c9d07ab2a96646ea7f9f3538c505 |
| SHA256 | e3da9bdef8397f5dcd4d52b58cc7dd2a172cbae9fff4b2271956b5c080727f4c |
| SHA512 | 0070d5a2d446fe603f7c46f1a9a0bef385705655d710e07a2f77bafbfb49d6dcdbce7fac18f1a6ab88c0e2c18d10d44157792f5aaa9255f4e4561c8176dd9b35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0
| MD5 | 5f41c9fda38e313eca2292b37dd782b1 |
| SHA1 | 2348181a98d0e06f7d831f8b1d550a56e1da9776 |
| SHA256 | 3f5fbcac30d21b1e46423493815f3dab698eed04245831aa07e9b6fed4f8c7ec |
| SHA512 | 37659b1a3b160d63a1bd7076716a6f9846e3b2a7df088919a39ba4f74442953853ee7fed3c4530bfab576bcdb3381a0bbd7f9c32a4e20f3dd4ee513e21cb02f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0
| MD5 | 3936cb5e5dbc74f8d7f41dc81401fa0d |
| SHA1 | 0fc2e6107078d0d7525386fc76df4982c31b1058 |
| SHA256 | 3878096938aeb1509fa582759726dd661f42f0a77cb1c1021b7479bdc72156fa |
| SHA512 | 4b3a65995edbd20543ff0f0ccae106124a7fc715b21376e722f90ed5bb2a705a293643df9531a3e66a0395a26f6c9040ebcc0a637cc6040911c1c0d6b0ecbab3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e23bcf4dbf5c221_0
| MD5 | 836983f7a6eaae5b5c2056a280c4a8ec |
| SHA1 | eda67a918a8d1e0f961fb828043b7c4bd9b6c482 |
| SHA256 | 97acc02cbfa4e68729ca27c580fe543a020f15c735752a131e989acfacaea577 |
| SHA512 | f5946602c05385f888dfb6671715e4eb0e332f6774a2d2973ade45300568e7e76df7e7a56d3cdae0c83ae63502529951aae037002d09fd453a73eb6402cfc2fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f02c4494b1a18ff_0
| MD5 | 2dfdc8d92b1ac7440407e04637812208 |
| SHA1 | 76cb79540f5c2045d22c0d0994e749605d6c8edb |
| SHA256 | 4e7f55b5a31216f593583a9f7f5e7c21d6786a3b568860118a88feb3a6b3c737 |
| SHA512 | 03899af9edcb21c24537097bbd873f3acf2871cdbe36f21ecf754adebf66508e31724294ff78ceb2ace640b2261483ab353274e952134d33ddcdddcf7b80b40c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0
| MD5 | 9a61cb90970a896884f76e5e3f9432dd |
| SHA1 | 70546b2d33d34ba131c43a4e0ee0017fbdcb683c |
| SHA256 | ae97c82bdc6423072258992f7b8b38d902f94999ae768cb108f7f858b5f87137 |
| SHA512 | 041a16e49c4be2cd3a70eb76462a32fdfe8c6beb38b64205ad66039c01b0f76a741d5b525d90542e6ce399dcdf8cfd682bce910c107dea764e780632ed1f7e8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf31345cbef72d6e_0
| MD5 | 6734c6bc4ba41fdf3d049a220e5e9b1e |
| SHA1 | f3555e6ea1471edf55f9379aea4d424509ff5a5f |
| SHA256 | 6b662a041bdcfa002081f2d7636ad96ae5f8a8eebaa6d52680ef668a9315d10f |
| SHA512 | dcb79e3fbf5e78352da0b6f7b866e8f3ec8b777ac2f99de4b0941dd0709444d8d5ff32d0cfc42a1c77282e5208e6e913655945a393302b210fb3ab31345a3ff9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0
| MD5 | 49e7a8a8245cba41b105256fba4185ba |
| SHA1 | f8cff389498ef843ef622192ae77e5840b7fc9cf |
| SHA256 | b9e9554f797e15559e3f2d39d601aa98831035ccea10fda83fe03faf2909e4c6 |
| SHA512 | 879249627a9a96ca0fa31edb52dc90f093272fbaf5eb27696176a82fe4e649a332a16e8ba178c251d2b94daf10d533d2b676859571727b6425a4d72c8551bc34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca892b448ce010ff_0
| MD5 | 5068f8303fed218dee6fb7980fcb6f13 |
| SHA1 | 3016532def97b9ef9194df3423798a72092e38fe |
| SHA256 | 00c76e1406d72a057721bbaf3f464f724d5931f667952359311eed8ce34b78ac |
| SHA512 | 10eaec5a1ec00cff2f314bfa1922b1d961f146168e4890102fd0ad911949d9fa8c33a16b8551ca3be8c3fe09e9a30883b1e502aeb7347df02af700cfb5b9002a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0
| MD5 | bd2e38d14c4369f1e70b797aa54a69a9 |
| SHA1 | 7c0cfcb89aab066d56d3b5b0a6ea20e6925be35c |
| SHA256 | d2037a37fb09a061ad4c70f1fb05483eacd9692e6614d53e3841f7766aa35a10 |
| SHA512 | c0d0a2842e3ae771f471e823aa3aa3bfde411531dd445e441524bf4776e6ca3a6394a027e0a16532cf4392ab8650288dca369c3c2b2d1ce1626e54ec956738d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0
| MD5 | a9ef446aa356802b4dd957c5dd662cb7 |
| SHA1 | c4ec97df9cfd52c5de576b7b3b274d2aecb7fdda |
| SHA256 | 0cc581835f2a29c5df1a64ffd13a943fc9b751de8f496278c6f1813c65ef6cc7 |
| SHA512 | 15a8fac905ec9d8587aa099e2aaaf88d3073fc27e797f4f07bdc8b90e245c6719a7bafeef5788fc840f5cce8c0cbce942beb77269a404b7d5c897b5c9d5a0c57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0
| MD5 | a1d974823c2a363d8c3f2e1c63e3563a |
| SHA1 | 738c4804a66c80a79f9297a228e3fd5f271b5432 |
| SHA256 | e5bff1c88b4e0eb14e87e99a7d33251fecbb3871e41e77d496e26861f905d162 |
| SHA512 | abaa852707cbbbb057a85fecfb215d2fedadf1163abd17d5b8e235f56c4196e01325a05740db60814372ab2421fbd0909899cbda590709e1c31d3be8696b2158 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0
| MD5 | b0adff82b4e770750a0f3040826cb274 |
| SHA1 | 9e3ae614b902b82806ce37a1226607d054d0ad3b |
| SHA256 | 034d35becf4ae8a1c99b6b08d0c39174643f016d4ff58c990892e7cb9cf11c29 |
| SHA512 | dbaf4235e5e88e501a1d10ca629edb920875b20e8ed8ed78d1960d1131e33653e663d0e477524bf27599bd60431a1cd2276c5e10af2f0c63dc117df2dcb7f9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0
| MD5 | 2f4d6478b153c413befd84a55b2caef8 |
| SHA1 | a6f4be5b0421e0fa1854f7b8a1d5684828908fa5 |
| SHA256 | 999642d31618f7dceac461757bcc34180450831e67e84ad44d989ea717d46b70 |
| SHA512 | 432f8b94ac5d8ee65dedf912f28be6d56812d6d7844ec2dabf8826e5307c16e8bb6d22f0039af11765a42b2d03486549f98f88814ec9a07c1d3a4c442e29382f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d37cb16ef5eb861d_0
| MD5 | 99c4971842d6bcc2e96780f56a6d7380 |
| SHA1 | 5301fdfc2f75163c30f299158da5087e1f0e76e3 |
| SHA256 | c661d3e98a72d9ed6caaf848b165c8910c41f53f1b5c6539cd3217480c37f95e |
| SHA512 | 7b2c9c653d17c5e10f93fbc748ea51df087723f1cab4ac1f33df839e6e886cd87bf7089d356e1e7850d46fa26b6a8cf21d472b30ba6cf32fa66523232d42be57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0
| MD5 | 93058f3d6836fc42c74640c635055864 |
| SHA1 | 85c340de89abbeec6af26462d45be7097883b372 |
| SHA256 | 7c66a36cc94f91f1f9feebe88a92689cd1238efe4ae42c32cbc7e2d60305ce7f |
| SHA512 | cc6c1dd32f754765a5ba7f4765d11657167df73fa206161e197243e19a7e6dbc1213aeb8fd15c822d30b7e06e2f05150d804ad46af02b91e27f060780484595f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\168251be7271d371_0
| MD5 | e5348653b804ea4d99a56d813308d1d0 |
| SHA1 | 45c53574e917cb2e94816110f052184831ed7684 |
| SHA256 | a5d6dfe6265a034527edeb2a077c8e172c15a407d2e68857e1d46cd8b5ff799e |
| SHA512 | 6832956da883a2dbfc1ff9fc1ea2dbee39411f1e13036218c78d0216d84cdf7c606aa0882c572a8bb5873d86c2023dc6bf24e3ec1494f1d07f5e8999a75bfc35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\537f62c2e00def92_0
| MD5 | 9e0da3e883c097142f7e4a12173d8720 |
| SHA1 | d4b8e53b8b1915c53335c7a23be96ea9bb262fe9 |
| SHA256 | 30e202a2558ebb4ee55cb2d133d7080b76f8bf2528d8299b77ae950f6eada444 |
| SHA512 | d1cf1a0b8faff3410347e9b853782573b8912ab39747b53459f79c680e425dbff9f8e7b974036f746b1788c3c362a56e166ad95e0cb1df5d80c63764f6750023 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfd9b5c29c5c8524_0
| MD5 | 0a0d024d203660bda20c9e1fcfa95c1e |
| SHA1 | 549d4b16f64051102e4097a5ec42b0bf12ec04d6 |
| SHA256 | 347e576e13c7df70fc5c012d1de58a10c69bf43e0daba60c2a7fbc5cec35b402 |
| SHA512 | 839c5346c068db5adbafe9bfa2e413d26cf70d95f4ed8ed34b6178db3b4312f408ef7065606091f1434f7c6815598e5adca7d14ae425257107495d957014bc9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e504183595893c5c_0
| MD5 | 00e51ff7d503af9cda342068586e73d1 |
| SHA1 | dcc5c48b8f9a4aed944dc1c749affa3f013b7f1e |
| SHA256 | d6dbbd1eeaee3ccb0d2d4ea4068324dbb0aca95a2fcbbef8a5423d57cc45fb87 |
| SHA512 | 20a3277021a5402bb829027b15751904f956cc8cec830e6367628a7b0c11b33696fd969bf4f17d1a65dfb06e9d9eac253732d3592229a8c2bdca5f3083723b10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0
| MD5 | e46cb5e46530ce07d4eabab2d1cef4ba |
| SHA1 | e6eece1e30443b32f9c94f5737003e57fe902891 |
| SHA256 | 3f8c3f026416ce06d3cd3dc638e9d376315372fb273354cdf655f26f84f913a8 |
| SHA512 | 8509a849cd61c68836a8212fdc56700b6641d2d1b119223394f9cbf50fcf45b082c21b9262167ee146625a000eb6c9d6e905c63902115c87441a6dc55d86cece |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0
| MD5 | 477cafafb9e705dc85a68daafb692743 |
| SHA1 | b4b72aec91f8d7661241c5d3eb9e6d075f6e72ec |
| SHA256 | f7665c47d455825b0b848175688febd6d064fec081851289167889f5342c2a86 |
| SHA512 | bca6592d3a1c4041688d758a3e90d98f85178e3066f825e0a2dcea7fb75912d81c8a97adba3be836cb29adda3c985e556bd7c2be209cce1f39437201670fe678 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0
| MD5 | 2ed0450d5f0b395ccd4536ce708e9fae |
| SHA1 | 0d1aa189cd68b222680867d1455be70d1d3b86c0 |
| SHA256 | fd722d8da119310adab032c874e2fc854c238182977a341f24989775c4a441c7 |
| SHA512 | 53103529388a217439a525159cf2aa1d475dcb42127ed1d5648a4a61eadda0c03900505935fb39de6de319a901fdcc99898b2471c9525efe3305b369476ce69e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a51ef587dc6dd4bd_0
| MD5 | d2d878c7f0f286db2183a3ccd2e49e00 |
| SHA1 | 901f641b695c45e05088cdcf734f156b5d4c2d5b |
| SHA256 | 4449df0c768e6b2e96c5b2a7d34aaacb890f6d89b72f2c4ca84ebf1b90e23d72 |
| SHA512 | 4402bb59182b96994f6aab2452c02c98ced669670c785578ac9794bed3a082620cff84718d2ae98976a08f2324d8597183368975a26626ee8a6f5044de159a08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0
| MD5 | dbd8d2a9a117263e4c57e0410f8e2fc8 |
| SHA1 | 299ea4da9cb4e7a8f4dd8cb0b2f3c25d720979fc |
| SHA256 | ada4ba5ae98c79907c82c850b91eb305c9d360adfa865f8805e01ecb7ebdcef3 |
| SHA512 | 94425dc78aa0af0a24e19a1b68d23b6e932740899bc266e24aab199045b9a52be3b404ffb65e5fab3122b897aa2733ce5cac97f1fd0cecee7f580df3d8931640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\670de91577f7723d_0
| MD5 | e95d580dda9985468b14e8c54984243b |
| SHA1 | 58a4964393b65f0f5cde1c31ccaeae19bb505a73 |
| SHA256 | 659926eb724f788acdec73003f42658a5b37250971747e7c0d85137be59b78e3 |
| SHA512 | 2d5d6f07965f1608121aa1d24b6587cd3fbef2852f2a62131878362f104d6a2c3cfa8ae515265dfeb03567d8602a903199d7d18bd5f31ab58e261fb06f001d3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0
| MD5 | 1ddeb9aad8e3e8d479b77116a617f16d |
| SHA1 | 5e39a6def6fa904bc092e69f23c39ff6482a658d |
| SHA256 | e05f91293d4a3b39e56d4c705d4ca35c0845e533dfd933d80ec3e38070eb56c3 |
| SHA512 | 4568e094d0baa12fbd1f21527dcbd20a2c67209e8ec09be93e3d43e4c6fd331e7984889d9fcf31bfe9427186c58c10d9a0c3f89c73a96872f3e24f6271700497 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0
| MD5 | 631b96f05a2e48588be784931d2f7bad |
| SHA1 | 9c04c16fef7dfef4a6b71ab17fa8083a454f2496 |
| SHA256 | de5af6f2b49dc9f8f92ea5d392be145d5ea3455bbba68b82fa21322a04a4eff5 |
| SHA512 | 20fea107334af110456cd54c2828b7c0856c14b602a35417d8f6178152376b6f79d15c703cfc3ffe1a7f120f2a7e5be70f7107eb3d07ba0c5705ee0ef8b66382 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54621936eea23565_0
| MD5 | 9c495dc7ed62cc6d2c0d482dc1819d0b |
| SHA1 | 11028ee6df34058086eba1434ee81db8f526bcb3 |
| SHA256 | 6ff46fbcc9c888b2c1b4a3ea72580a5a80dec337b03f8d83837d69d432c5ee28 |
| SHA512 | 801816913b679b1bc97751b7de9466b550b3d147ee1961563dd567a505e0bb1eb1dbd6d82203ea917e71eb196f6dd213195899e30ed8768a7d68900964e88509 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\feadcc6fa014c0d1_0
| MD5 | cc54112b77559e5fa7fdade018bc687d |
| SHA1 | 25cc4e55e287a5a61099aabdb53d7370b66ebae0 |
| SHA256 | 18149b070ebebf9fa51525d707d688ac691602bc487929a30b31d9b0d73d0e24 |
| SHA512 | f2f566a353c92fd8f185aa320455967e907c9c28b3687b881f81ee1ac0f64b670fe5f333f4af2ab91e6df83f6af0153cae78c67fc7b5b3168e23ff2831a3b846 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daca09b4eb185a45_0
| MD5 | ba371ca059102805f1005d284e9f63fb |
| SHA1 | 46af60c88a9678c2e8c5d6fe18b8af36b9f4c3a2 |
| SHA256 | a9a324bdd54a3cf801f733a21cd5f2881a7db959db7f15bb18cf015065ac4faa |
| SHA512 | a06465bda50fb137fc3324e6b1dd06cedce824dbaf1ca2ea4aea25257a119948c0b8339b4c112d8a2aa521f0d069444264e414bb6e6ddc242b2feea88904122b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0
| MD5 | 6de76b9ee524bce9fc2982d789d7fa8a |
| SHA1 | 0930702c5a142c9bbfe5082aa2f8560b747248c6 |
| SHA256 | c40ffef77256ff9f2d4f0d828fd03bedc7fa8c86e876bd8cc5eab1c32d225eea |
| SHA512 | 4b959b09f1f79c0e06540fd5124ebdcfa6f9078e9940fd6d30226465a8c15cfd1fad44d8ded94e5cfbf2769e04a1c1eeb653aebbebb15497c0f7e87dbe18e287 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\97e5761b2a976f35_0
| MD5 | 518c7bc4802e450be1bdec5f610f3730 |
| SHA1 | e9551deac1ec41ffcd60d3e529419f48d000fca5 |
| SHA256 | 3dee35c96662183fb88b5b84cf2baae51563af76378f6c0aa3065003a2b3c1e4 |
| SHA512 | bc979ae627c0005a945a5c191ab8a54e891de449a85a269a53bd9d309d22164f426dc2576b818c3beca2d06a55bf25e3b976b2cbe915f54954c86d1aee4f9e1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\829b7ed45ddcd4e2_0
| MD5 | 4d05185169b2f93dbf48fb6d42677e8b |
| SHA1 | 8584b06de098415bdb3141374eb1bab46bd8fd71 |
| SHA256 | ab2dfbd6b7340ca52af0a3328f6f7fb16cf148154a8146421c7edda0245aa18a |
| SHA512 | 93bef16e28312af15a8fa00888d0f2202a4d25f4e8769b5ae480853170266d0cc536e93489977ad826949597a26d519a3ccc0796fd5cf29e79ed60675e010426 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4d302df469838c48_0
| MD5 | 96579356ebe7f5bc18e99e531b3c95b2 |
| SHA1 | 7c9947f19bfcd20c2a21288bfe184db5d2b7c448 |
| SHA256 | ee716045c981b88d39729b8c895b8d4d907bf69b358dd60c572a97582aac91a3 |
| SHA512 | 672a52cd9e32ce7ba91e9a8abb00632e36bf53c7990286ac6dda0555e4ff68e8a1850c5f6723b8f5a6e061f655209246f91e602a3eb32dfe1081dc5dad0cd792 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0
| MD5 | 49d7c94679cabc3a4da40dcda3e94aa0 |
| SHA1 | 35f4d6f4ab632f86166b56f339c73d64ec311e2d |
| SHA256 | 0b17a4f23fbc65dec9b278b4d8e496d5a338e0242764cc63975848afffd9cbab |
| SHA512 | aee5fb345fd865a40394b8c0d73d6e74a5f4da5d0569301369cf72dcdad5b413ae8b2b6eb27c22196e913bffabffc0a03b0cd3d53588c9b016865f25be85cef5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0
| MD5 | 8a5e51e6f807b65191d9c28a05345a1c |
| SHA1 | ef8be7a9b6122b7e303395800f2556f1ffa93c63 |
| SHA256 | ef88059306c140e6f00fca629d33a7f8083434bf568c5c2777a35c3fd8ed84f1 |
| SHA512 | 558290648eac6fb1372e9376fab74eb81652274369836998b3cc670a8c28e31a9005ad1767a92f346438befb16d41be111fb8852e37370fbb777db9771df34f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20c296787a3f88_0
| MD5 | f60936f867699561eaac7a3c2cc6e08a |
| SHA1 | b58a90389f39064921ffd0bf27a50abf22f16b23 |
| SHA256 | 0cc132a6865f37de24f3224214cd1ba969d74f38ac86f832fda6315352e8e11c |
| SHA512 | ddb7e4ab7afc4d714b878ac746596010460e7fd54da867f1f7c936f9337c569d0429b54c2572ae726b4f2599c27b126f55508e1cecb750e21952f4862584bdb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9c0109f54c03223c_0
| MD5 | 245b6c0341be6308367224aeb7e0e3ea |
| SHA1 | e04081b899f599cf848e0b06bb7d59d455140b9c |
| SHA256 | 182f7db4120b23953db912746f9cc0e3fdbc290854ec555a2e2bf9717b8fb7a4 |
| SHA512 | b9b63d49071fd51f98f5204ebedf52297b45065c155a7e24319242c44ca3bf33417879191508dbfcb94a53ffdfaacd214fa0fa51dae07210406ec9da4e6771cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\69f7f4dafa543dd2_0
| MD5 | e8be2eac128f05bdb418b37c06f9e2ca |
| SHA1 | 500041810bd07642b96bff202d93e5bd4f507184 |
| SHA256 | 413ce8741c403f320caf1d0edacb4d5260b3494b18e3838da1c0917b5d985864 |
| SHA512 | da689041a0db1057036ba21f2ff28a92e81b196a2db5261e186731e2ccb6c2fbda3b6ee5af3cec36d2627dcd9adf27d8c3bc256c97e90aa29ce9167f3d2d5652 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7c8625170d3c391_0
| MD5 | 3909362933f0395df935ad5b418cf060 |
| SHA1 | 21edd048583d73f9bb036ffaf430b75d10c71d1d |
| SHA256 | 871bbf02d585bdf9fceadad19f612c076a759ceff1f7eec70634e7245620886e |
| SHA512 | fd57ff3084e60f1d715417905791089007071f060866c561067b5a41fea08791565c57f42e82c9f74a53540afe959f41483f2e1a220aed523a7587337ef04629 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae8d0b05a4b538df_0
| MD5 | 5bf5b70cd48e6809c1681d31f21b82e8 |
| SHA1 | f61d689eb6cd222b67bda9b0b964a9d23d89fb40 |
| SHA256 | 2a7b9e9317edf83ceff407ad60fcf308dba6aad7d8bdd5ebd1a9cdcb99bd83b8 |
| SHA512 | 0ad58aca83e3a7799e374ff722090395e3de647c3623e74bda6b629e401e08fd6c1792735e53221de894f1c7e8f9474f87f15c3e66caab5acb7da6fb811d2a12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0
| MD5 | fdf6bd0debd0b6bf2ad3676286a63250 |
| SHA1 | ebda0a8db46fbab4893414e9eceb1d8beed9a7a1 |
| SHA256 | 81803534c457b649dc00e4e18d0864c5e40a553181bf674529d7a84804372ef3 |
| SHA512 | 820d3a096c4c08bd498ec40cc331c4c93a9ebdd0c8b3f61cfbf42e208d7f349e070cddeb575b45ad1627a36b83f2e22e61b3485e1cf2fb1bd393777dcbebd1c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b2f11f3f15a5775_0
| MD5 | dc4eb0360e25fc000036f2608fc395db |
| SHA1 | a2709101e46debb1edff633b5b5852f4dd7c8259 |
| SHA256 | 89b36d9b696e2a52d16c9aa47b76f84cefd15e9da6f3d49982c485e247ada850 |
| SHA512 | f7b6bbef820569166656de8443edbb1ef45cf552e6d55baffd8b65dad421f364e53e9fe1dbf8e82412d287b2987f7f7308ec25667fa45825a5ff4f994d50fe68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3557d97bacb52931_0
| MD5 | fa2678a5d95225c891c5501f8f91bef3 |
| SHA1 | a644467ce7bc49f2757cb0a88a6fba3b3e891b04 |
| SHA256 | 7bcfdd0810dcf579400500623c6a9a8f52ae761d396d315895f456bf0a8a3beb |
| SHA512 | da0f462a5befb0af1ed520f017d107942b05b828b30d1d61946ca00a4b3af33aa12712a57e0c86ac44b395722f8feb4d1d42a15d132fe5502ab92786dd1951ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0
| MD5 | 9531afc3fa11cc5fc31ead6230ca2eec |
| SHA1 | ebe2bccdf66af47231a39b59945db0a87f2f5848 |
| SHA256 | dbf3d59763d8c15938ce86b79e0d6e8f9f33587e33ccd4f7dbb39a2a5ed628d9 |
| SHA512 | 486e38dcb9de5588170cc9490d1397b073cd4cf3cbf919dae6cd166e721fbde82936220ed94ee41a1468c4848b5c6b233cb5a44492473c8aa1c9876d8f9f2844 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0
| MD5 | a6694414e2eb1bad850b757946919021 |
| SHA1 | 649dd663881ba9dc6a4e857dbb6608dea01ee0d2 |
| SHA256 | f37ea0d5dbde67fd3d9a3f686e0662d73efff485a7e773d587af1184d473b66c |
| SHA512 | 36236ab6dbc77e346d6f218b892385895ad72ba17a5573a82242db88101a81bf3bbaa081874a7ecdbeba4c3bbee16e72e672ade340941a67c422667e92bce69a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0
| MD5 | e80aef0483a30689df6f4cfb3075a9a0 |
| SHA1 | 440e003db2739359d959c6618334a6d26c3e90b2 |
| SHA256 | ad771786b385c43c17c81ba27be4b395b82a9a4ce1a44e53a7392b88c04ec8b8 |
| SHA512 | 0417dd09943245152b95ebd8790bffeb9871a1c60563947b1c0143c77dec5fc3aae423e6cb4b5f2876ecab9db3efa3671a2c0abe88f942266afc3a7057f7631e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0
| MD5 | 8c6d0384dc409069893d23ac875c0020 |
| SHA1 | fb63ff7836bab08a69fe13eb6323ba349ea21e40 |
| SHA256 | 4466aaa40ad7f8aef48374b8ab1e330e9643fc0ad89e5dca778b3b542f11c362 |
| SHA512 | fd08d51db42b86dc9dcba78e394293cd0a93e6fbc5bcd4e924e6c6e63d047cc2dc7c02be7d3850a63707bbfea90a13d43d05fdee73b4fabc5ad84caf823993f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0
| MD5 | c28e9197c05c624510e4e2b582dcde9d |
| SHA1 | dd1a756d6d75989187be8426f0487f923883d3e5 |
| SHA256 | ca0840d2ffc39fe19b4ea1fa14e4b15cc80f3a0e53dcd9c0d5036a9c57b71753 |
| SHA512 | 5254444208b79326a677b680b5e39d0808d76903af26dac6cbb0a2095ec7ae89313f814b6c13b5ebe63f10f20fa0514891199700b9fe9b35c302cc0bdf0d6a2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8f6640eef188435_0
| MD5 | d5df975f5b7d9e1f9e9249e43227efb5 |
| SHA1 | 299c5833df63717e068151c08a5bb8e42d938dde |
| SHA256 | acf3f5c7e2972ab5cf73e6fb84d3804a336e56154a9c1d2b83249cca3e6885e0 |
| SHA512 | 0e7d2c84a36f74bdd1e0263bbd3a8b4e3a93e3d82896c76d319a7e9666a099deb5306720e4752aa42e13899561babfb86c481ab36b19088cb3c67ffbe452b51c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\120ab24e8b469464_0
| MD5 | 24e47e17b805fb77fd7daa453dd471cc |
| SHA1 | 549fe09cfae765b730667f1e895d6defb7c39bb7 |
| SHA256 | 9c33217675d7bff4a44589268fece38051b6e56fc06fa39753ba48f29f4aa253 |
| SHA512 | f6ca4f58f5aaf8518caff07a838e4b521433f2347eaa3697adc95a6121e930b7103dc95e744d14f0b6a8411119e8f83f7d6b9fc2bb8ae437c86b34ea659b9256 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6537dab24e365f9_0
| MD5 | 7672993382b79de26619e38d0347beb2 |
| SHA1 | 9465f6ee5ade827e6f5f0380e43af7e7eddcd652 |
| SHA256 | d13e897ac7ea7059ad47058482d43af813cecc9081d21a503364873778797f19 |
| SHA512 | 7a64675b6eb748fd01741de9ba4a4d496b0451f39a123190e79a976b9d84fddcf3f32c4f7a1b3105d9884eea88f987af9b2404a7109e1846e010e828068e29f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2c2867a2f63ff615_0
| MD5 | 0edb73730021c33b3bf6b795ca8296b1 |
| SHA1 | 30b34f415c37a5354003d0d41e4f2eb12f6113e6 |
| SHA256 | 7457cf35273f5b19e184d9f927b60e9090f00a3b9a5206edea81e03811ef1d37 |
| SHA512 | 17a35cea5d26f25885f67201faa79d2051d3c3d43f357bf5fd863eb20b9311b2b2c44905f8e69d74bcda49c5ae3aa069fb79d6123b8dee9b086cebb09177d87b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0
| MD5 | 2c148d3a8dc922915505185778999d9d |
| SHA1 | b81d2ff9d618673c342fbc76ca04c4fa21384f8a |
| SHA256 | 3394de443c4beb24515119457ebffc700b2275978531ac0e14494e98b25d164b |
| SHA512 | 864584de672e961b26b8df9eabf93ed9a5698a6789cddf99f9130e74293b10b0d2c338b90d296774ee769d84b3e6ef111484ed08bfdc798cd04d68721a6f60f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0
| MD5 | 245650441d3b83c21d47a233d56942e8 |
| SHA1 | 010be25af4197173a80f2fda475843c363698a00 |
| SHA256 | d5e23e59a0547dae279a6d34ecd56d4eb34b0e50548431f1308ecfed702067b9 |
| SHA512 | 1fb2797d7f4ae65b8b5daaf99b35476eacf41be33d0256b76270cab0c26de6759a5926f3510d43b185ee45debe4cdd1a6343ba9b1231ceba4e35b0aa801c8d06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0
| MD5 | 0449bf21fc35408dbc9215b6f86e6d6d |
| SHA1 | 7bef1daa22744d21c2cf64fe96ec765338823783 |
| SHA256 | b59a8cced36983a22ddb95f9afa91ba3aa64ab4d6ebc76f349b3f1bd0e5fbf05 |
| SHA512 | a065b822ea4630d21766818bbedc77c7bd6d5f6e48aa11beaf15736630ec40ca62a47c27bbba77136a6edec4cd4fa8c992e6e9bb2ab5582b1ef86fea3f63eb48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f32ce3920ab46ce3f4843c0b4ba64ef5 |
| SHA1 | ca7c132b4b0f16149d43a1c8d02e6de6b4c5f87b |
| SHA256 | 013cf49e27773da54e0f37512f493f64356428816957fb77c2c19981fd95aa0e |
| SHA512 | 534cc6c0ddbcfc62473c6874c8b5cc2d77d5cd71a45bf78814bea88ba6f107e0fff7c32f52ac4b0522b3166e8f48b5cbac40155b37b487f57d9dd0c2254503f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c531fc6aa4a27d5ab3055b9a2a92b9d9 |
| SHA1 | 1c6f9db4fb3ab7f028aea25596da97930d504597 |
| SHA256 | 6fee9b73bbb352adb6c727d357bca2b28cef6207f143be8b233b5643038129f5 |
| SHA512 | 6475ea643f28cf6d6dbce1bce63d372cec2dde160cbd81d49ae1b065541a03e5c33cdefbd94ee174ff0076a231819a53c3d4e009d7a88bbba1a291215f4f76f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b06fc39dec6b420226b67a5c335b6cb6 |
| SHA1 | 23a37b3d421e7a64d2e431fcff348dc3584a7b7d |
| SHA256 | 7a970955ebfd370a3cc38bf611f3091b2890420b1c6e275937f519d41e77fdd6 |
| SHA512 | f27a72cc624b15fe84af2124d41e03612c396181dc0c7c4c260fd249f8913e8cec75fae7845c1e9f81fe4589e729c2d8b040c7670fca3d3f8f7f9295ebc550f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
| MD5 | 40ccc99fc2ca25af10f8514872bd88ed |
| SHA1 | 6a4682fc99ec9791adf8c8172e2dd38c8fce6c46 |
| SHA256 | 1993b875502d4e31fbfb67d376a450185c52e7d39398d79fa4a2fe97a0fc1c31 |
| SHA512 | 11f6686bfb17251d09d24efb2fa92b362a1902c11bb1c39ddb49f823baa5911431b38f0fe8ceb2603cc96fc0f3af81097590dd5ed640dcefb5ae797f15c3c445 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0
| MD5 | bbb9e0c865d8c591029539ca711a94f9 |
| SHA1 | de86cf82130d0293e29282abf652a8fd4a335075 |
| SHA256 | 5eef6679524ed0161266302bfbf918acf868a68372d4e65741f8df19e577e82f |
| SHA512 | 04eb7d4b1595cfc0d6e61fcf21763622a360e85e7e3f0f32a4ebb9e9f99a7597e793a9b1509dd9d7235f21d89266e089800542db7bcf3bcf95f7f56872315852 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0
| MD5 | ec60ad3cc00969da66d10d6e210b9637 |
| SHA1 | 875f0f52d8a93c9ecfc84823347fdb4825da4c0e |
| SHA256 | 82d90bc9a3df3e7b6c05f6bb3b57ee100e23061760f0f8034ab907640126dcfe |
| SHA512 | dc2b78aebd325a84aa3cc4bd6c079562d393faf4b123ce6dacc67b358a6c203af282ace78594702242943bc5edd04d3f03096f61028733e11833ec74f1d380ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0
| MD5 | 1cac648e3817b3eec5ccd76e4e458ee1 |
| SHA1 | aa66e2cd6ce2ed11485341c185d5a9aef1746cd1 |
| SHA256 | 823051e95f8172841e2b08f2c1ed23f46482874c5490a54dea28381ae4b49a0d |
| SHA512 | 4cf57c4026a4b5b4108235c99722a5f8248560e2f4f946af2ddf4e8732d1cc021d8875cd90f4d3ce17c48f0866a4acd360065830384f1de2727aa2445e411652 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0
| MD5 | 9a7f665cddcebc71fa49378a282dbf12 |
| SHA1 | efec6f29bacbfc74f63020c206ea2b36cf130376 |
| SHA256 | bd6528899d10591dad39aa2bd1c6691e6012cae9f1fce7a2e86deac6a24e81ea |
| SHA512 | e663ac446deaf8111b10299f87d983b8d1fb04124fe7b7f5823938f920c1eeffb80d671e3cb7b84df9e147f1e84a5a1f7fe2cb2c17701905cb5ccd23d4cd4f90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c807b8e9088e4030_0
| MD5 | ce44fb3614f7d36a06a864e42ed290ce |
| SHA1 | 7aacde88e59e231649a78d86334b43acc88083c9 |
| SHA256 | 693a2c594482af8ed92440569a83f814e3a6aeb8b33b026993e67de07c06db6e |
| SHA512 | adc86f36b58e269c4afbe3d53fbea4c6cd04835da97446fb5a80ba435a165563158e6a833f932ee50ee142d37c013fa74bf4096c32b451992d76cbcab0cf935f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8b65cb26998de8ee_0
| MD5 | c14e328196ac593b0f68febdf7110719 |
| SHA1 | 33c4b9715ec6f31e9604d038f159165e4db182c1 |
| SHA256 | fc198091ba110605aee883c8c5b8c855f272197eff38c443f47ae24dd4dcb7e7 |
| SHA512 | c6b0fac184cbce665759ce0b601c14a15b4a3e5c595a48cf25c2cd535ae398e8f74fde269808594e2785fcd31046be4d7a029a256f7995fc9b4305363fc0f1c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec6302983d060d61_0
| MD5 | 411875af7de1877b24047b5746e91746 |
| SHA1 | 4424b7985a5eb59e5a987b6efcd52c135d43b0e0 |
| SHA256 | c9d45863f78d8a4a5679fe12fa3c85207310cb635c5081d624c1e3e3093d778e |
| SHA512 | 6b7c9587cd9389bb36b8362d029eabd6375bf7c95586dee0baedd930cf73266ea7490e8ef4c3cfb713d7072a85385f1ac5999b36ef8c89032248e70996f47035 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d1d5771f5974fe10_0
| MD5 | 921b5f514660928ad15ed07c691a36eb |
| SHA1 | 9e8f347f98990130e586aea0f1350394109a9ec1 |
| SHA256 | b3c22af21e8c5b85297b9904a1117b486202c6b2ff5263344ae349ebe6ae6a36 |
| SHA512 | fa3784980c107cd682661ebd68dbc54dc8c9d2d55a4acaf27b6a7d9b5bde547ef852dc1bd3fcbd4f9d5ee84f2ebf28f1312b21bd4a39644f351994618aebcb3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d47285f80fa7ccc_0
| MD5 | ea8011c5710e546c3656fd9d499de657 |
| SHA1 | 3f9c6d1af6beeaecdec5f1d00f750f3d885a77bc |
| SHA256 | 8006ca1c4e22f6d320f0fe97fabea5bbeda1b9f1f59a6f67e18c25f93a7e6f26 |
| SHA512 | 760951e71c1455ba1590c2420658f9204b8456e3704e3dbe43a219f72cef59bc1b537c36d13bbe43542b843649f9f05d3f28bf4224dba9a06b2795e3062c39d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e43ac1661eccf45cd8ca351fa2d0d5da |
| SHA1 | 6992535fa460d7f401ad95cb5bb10eff9f087490 |
| SHA256 | 5d28ea872d074f2e325d9db54a1f91a189c95bb88f1013d81da71fb70628a0c5 |
| SHA512 | 11aaf91dc5f298403cb3927f9c449d7a1c59faa7e20386d6a9b2fbb2a041b9a738bfd4a45e6d81ea5aee4694df0996809ffd02e81fe11a9186387dcec37041b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 34e376f979592bbefe0f1c5a18d33ac4 |
| SHA1 | 03f103a22353d302bbdf9941008aba105fc8bdde |
| SHA256 | 241be6be3d9d486a83af792e101da89f625833e19fa4b486a52fba343fc6b5de |
| SHA512 | 527e7418e2d1d54eaf26bc87eda44b30d6c125128c12ba6a1150ba1511fcb4ecfc7d35bb71f0001c32bb7eae7fd0151815fcbe1bb2f209025a499aa94414b2f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 75489eeb95265a42f57c7efabda2613f |
| SHA1 | fd4da651c5ea58aeb7112f889767c63e48edf4ce |
| SHA256 | ccafbc0039413dbe349062757d417736d87660244b62775216a359537c057559 |
| SHA512 | 37483a271c5b5d03578c38fb5c4dce4c5aea8ac2f015a06d4abb7232e32196be0e43703660315ea92ea93b639b52a8bc86b7042ed96e441f74c97ab1a3dabbc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 129eb21819f5cdd77df51da67796ac65 |
| SHA1 | 8267441818efb35b064b1c795dbc2f64ee0f4ebd |
| SHA256 | 0270832bbef459918662447b60b4ea46252eb609d22b0382df5ee6c6402ab102 |
| SHA512 | 845545fcc1d5fefa81731d388e1ba32584116d53f58c6e979c13eec2e51a0f8fa75e5a8981bd5c3f01c180dbcfb773fea4a48bdd52d9dbae9d8c54df888dc055 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cbe93f5f03c7350986f43b3af6c7bf24 |
| SHA1 | 6e3cb370d085bd2d7cda1b414adb3f6adbf07919 |
| SHA256 | 656332d2c5428b3eb716507804288240dce911043e7fcd1d7aa04e124b5a6878 |
| SHA512 | 55a56f642d9155e8eb3e92514c3b79f059d6d046785f829a8061d0f7803a4dec37464db28778d49dc6cd5a04e679e34b21ad6e4de853bf0af8839bd4d97d7646 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 672efb74d4ce05f10273b6c9bbca77e5 |
| SHA1 | 4fdeb392cc5c454cf9bfc976d38830d04bc1b8c5 |
| SHA256 | 1c9d26c43be95c552efc1b688af79559de54fa1e12106db51f1f9d39215a035a |
| SHA512 | 055668d73f4fed0dbab13e6ae6bd74897f411b2e2620b6f54d84826169f1ed29543a267f93caaf61073bf925d416fc8e4ff0928da0ddf70abfebad5a8225c178 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 213c9f4a141cf9538b0322337b8b4a3f |
| SHA1 | 7a87efeb31a5e63e9673196d61c302e0a64b7362 |
| SHA256 | 57508633490a9ae0b0e06fc099d0555cfe87a7ac4a54854ad9af7601fadbcca5 |
| SHA512 | f0d96ae6e5700af23fd2dae35eeee739e566d183a3342a6453a9f53afbf88719b9d18351ec5b8f1f69b69912f446791e872974ab68a83d48d9a7dac2deb9634e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7784d1c4dba96d0f9ccc6741a82d28c1 |
| SHA1 | 6a76975a70a1a4e99dd53a25789e4cccfec8afed |
| SHA256 | 67bea83c0325f714a5521d29a07646b7daf41f1b90fee089793d32b8bb59a9d4 |
| SHA512 | f3c0d6766572702832d16e8c607ca380e053715bc7ab4e7842b90ccd44a479fe3e812426ec0e951d6911cee57c458d01d02977b187f0470bd8868a604dc8fd1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ebb24587-0a55-4efe-a004-7da4e81dc1de.tmp
| MD5 | 9e9f878fb3c4c4ebedf9534531bcaf15 |
| SHA1 | 4fb39c67becaca73c7b8a94dcbf2aeb7c27c57b2 |
| SHA256 | f7d632724d12e55ab393ce903e6ca6a89d43d570128498594e5d127c06297a1d |
| SHA512 | 67f073dbeeafa535a4c0258a8507212a3d553fbfd6034f42467aaa83c9e0286c1a783e36858ffe021d4efb5aa732abd6c12c13054b87b97d3f77809e866a16e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5789ad4c0f76fd8d6c51cb3601fe1d6d |
| SHA1 | 7c03cd4e83cfb839a853c41b87539bdd1fd6a91c |
| SHA256 | eb389e12b801700421fdcaebb220c42c573a890be1bf98ecd2b48ab6a02c5de3 |
| SHA512 | dd78e8e9840d7208d5ce2be3f75178f435715492d776c157f262e1d02e44d432b00d9df6badf1038ccdf438a73b2aec259fedb8a9fb3654dce6147b80ef2ec47 |
memory/4392-1930-0x0000000000400000-0x000000000044F000-memory.dmp
memory/4392-1931-0x0000000000400000-0x000000000044F000-memory.dmp
C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\decoder.dll
| MD5 | 3531cf7755b16d38d5e9e3c43280e7d2 |
| SHA1 | 19981b17ae35b6e9a0007551e69d3e50aa1afffe |
| SHA256 | 76133e832c15aa5cbc49fb3ba09e0b8dd467c307688be2c9e85e79d3bf62c089 |
| SHA512 | 7b053ba2cf92ef2431b98b2a06bd56340dad94de36d11e326a80cd61b9acb378ac644ac407cf970f4ef8333b8d3fb4ff40b18bb41ec5aee49d79a6a2adcf28fd |
C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\0A01606\Error file remover.msi
| MD5 | 27bc9540828c59e1ca1997cf04f6c467 |
| SHA1 | bfa6d1ce9d4df8beba2bedf59f86a698de0215f3 |
| SHA256 | 05c18698c3dc3b2709afd3355ad5b91a60b2121a52e5fcc474e4e47fb8e95e2a |
| SHA512 | a3ae822116cddb52d859de7ffc958541bb47c355a835c5129aade9cc0e5fba3ff25387061deb5b55b5694a535f09fe8669485282eb6e7c818cc7092eb3392848 |
C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\{C16A621F-B762-414B-999F-94D9DC8BC6E4}.session
| MD5 | 4c12b4016836fbdc338a29222b7a8e6d |
| SHA1 | e33430288609d1ef6d2b17bfb92496486d9b01ac |
| SHA256 | a1654e1d99ebbce0dabb2eb55661018c6a7f7cf5b2a21d1ca1813cbebcd4eb09 |
| SHA512 | a167c87675fff2677e554d185ddf4bd4640a330ff9d102cb73981353c7362dccf9e6640cdefb996b8102df465ddf7e3f6fe9496a705c5c618d04750e5e42135f |
C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\{C16A621F-B762-414B-999F-94D9DC8BC6E4}.session
| MD5 | 55b694f26962d4913fc38aef68efd52c |
| SHA1 | b343c251b8370688d6b89bb3a1a59b51950b3b00 |
| SHA256 | 2ad1ec2607d33503e8c4201a090c091e46b260043f1e76ed560817b266d829e1 |
| SHA512 | b01df047c92987d81538b56af5a1a0b4a6ae36de665c035548294fe6184a8d146d66c9c69b6a06982d631a5e572de1ea731f94e9fa026a7314750e5d15fd06b0 |
C:\Windows\Installer\MSI32C2.tmp
| MD5 | d552dd4108b5665d306b4a8bd6083dde |
| SHA1 | dae55ccba7adb6690b27fa9623eeeed7a57f8da1 |
| SHA256 | a0367875b68b1699d2647a748278ebce64d5be633598580977aa126a81cf57c5 |
| SHA512 | e5545a97014b5952e15bb321135f65c0e24414f8dd606fe454fd2d048d3f769b9318df7cfb2a6bf932eb2bf6d79811b93cb2008115deb0f0fa9db07f32a70969 |
C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\tracking.ini
| MD5 | 093f66ebc17d7d8cec8ed733444e425e |
| SHA1 | dd3305da50775a6c6b1524a1a5f33c114e17f671 |
| SHA256 | a948bf762ecba16ebf43a7f6b237342b10365958a1cf4c4d0bbc64770a457f30 |
| SHA512 | 7a16d905d8b4bfc7f6f9a61c0865e29bdcabd6a90adb91bd3898d55d705c2d6f8c10d749105128bd520fae51c0177f5b763e2e56930e0d5846a8a2137efffc77 |
C:\Windows\Installer\MSI3301.tmp
| MD5 | 4083cb0f45a747d8e8ab0d3e060616f2 |
| SHA1 | dcec8efa7a15fa432af2ea0445c4b346fef2a4d6 |
| SHA256 | 252b7423b01ff81aea6fe7b40de91abf49f515e9c0c7b95aa982756889f8ac1a |
| SHA512 | 26f8949cad02334f9942fda8509579303b81b11bc052a962c5c31a7c6c54a1c96957f30ee241c2206d496d2c519d750d7f6a12b52afdb282fa706f9fee385133 |
C:\Config.Msi\e633159.rbs
| MD5 | 4f372f2a5303b3f42c070236f4b904bd |
| SHA1 | 9313c7d22a27d1dbecfab7d2368a495ac0f2706d |
| SHA256 | 3bbf5e7b3d6b707246d3da6963a2885317ea30320482c876f3fea05a807d0a4d |
| SHA512 | 6ce65ad7d2842157238b70b90c804714ed0a21327c30992391ecbf10b7264c8e4f646d1b9691de7d9301d5b1ba1c15fd39754cad84b6979a9dbb472b2bf6cad3 |
C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\tracking.ini
| MD5 | 93b0709bb8b669118dc95453b3702938 |
| SHA1 | 90e9b3ae177e7fbd2b6c8ca1b176d97e51e0eb69 |
| SHA256 | d6d506098ec123c2d33677e44628e51fd6f347e3efc53b8ac8660a7412e3f25b |
| SHA512 | ab86049075b025713319c6717089b3de86949bd5582380de30e5d905d97755afbeda42153251e9639344ea82a91d516913fb600abb7ba6b0003a4d51c295af72 |
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/232-2231-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected]
| MD5 | f97d2e6f8d820dbd3b66f21137de4f09 |
| SHA1 | 596799b75b5d60aa9cd45646f68e9c0bd06df252 |
| SHA256 | 0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a |
| SHA512 | efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0 |
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\u.wry
| MD5 | cf1416074cd7791ab80a18f9e7e219d9 |
| SHA1 | 276d2ec82c518d887a8a3608e51c56fa28716ded |
| SHA256 | 78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df |
| SHA512 | 0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5 |
memory/1116-2452-0x0000000010000000-0x0000000010012000-memory.dmp
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
| MD5 | 9fd34b1806c196c5c1e630088bf15f1d |
| SHA1 | ec24115e56197e6224b778dd425325ea137e04a0 |
| SHA256 | a16ac8825fe268fe1702811caf37b13fd3b5561adfeca01c295d11c746bf704a |
| SHA512 | 8a73cd452bba9f62430ac6689f7a4f69c6f3d8e7af5598ba37ed67b74556ea88004ae11a9bfa15b163d4820d35b48c1592c85c0ef83afa9a6c21bf9f81a863a5 |
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!Please Read Me!.txt
| MD5 | afa18cf4aa2660392111763fb93a8c3d |
| SHA1 | c219a3654a5f41ce535a09f2a188a464c3f5baf5 |
| SHA256 | 227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0 |
| SHA512 | 4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b |
C:\Recovery\WindowsRE\!WannaDecryptor!.exe.lnk
| MD5 | 0c08f7a4b73dfe18417de852e870d8d3 |
| SHA1 | 511536b9906af69543aef1bab57eb06f48184548 |
| SHA256 | 9841125677ed8b2a85116cc62f16449114435f579ea850833d8fdc5092d1976c |
| SHA512 | 27f6240fef00a9a2b0a2f0e8159c2322810d71ee90796762361c218341b3bc9d50cd356e17539c76ea16b078b92758aa154c89b7a30ecae23b3e6520b4e86afd |
C:\Users\Default\Desktop\@[email protected]
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/3312-5487-0x0000000073F80000-0x000000007419C000-memory.dmp
memory/3312-5490-0x0000000000210000-0x000000000050E000-memory.dmp
memory/3312-5489-0x00000000741A0000-0x00000000741C2000-memory.dmp
memory/3312-5488-0x00000000741D0000-0x0000000074252000-memory.dmp
memory/3312-5486-0x0000000074300000-0x0000000074382000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6cd453481a0580cf28f4e6989f5c4c8f |
| SHA1 | 8cb158f80673b285ab1021191c24a2438b599596 |
| SHA256 | 716fa9659045d6cf4161e764973bbaf81c04f274cdf74b85bfdf6eb116c8c306 |
| SHA512 | 88151f92d86d88935de4636ac16ebde3be019ab668d2d570dd9e35c6f4c21debe6b331716f3a332b0b918b5a19f6e553cfd4461f5b73783b253b69108deed26f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 58b43e11c280ae4c4657469cb75c735e |
| SHA1 | c5867c7c0481829d964c9f383eed49692f6e0828 |
| SHA256 | 1589e119bfd3e422574910b4bdff331fca939239684b84116ddc485cf95b664d |
| SHA512 | b5ee7a66c85122bfb76ddc11bfcb51b801e341092cf13c0f9cbeecb733758fa3270b08e105af9181fc0c99e11ec635f0f7f68c3e5c2340448b521e5444b22e9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f38f5ff133f15dd10fdcdc48e5731be1 |
| SHA1 | 68760817e6e44c945117e605be9184c0611a6327 |
| SHA256 | f80e2324e36c68acf41a94c60c5f7caa7676deb54ef7b55fb69aad401403d6e2 |
| SHA512 | d228df052ebfdff94273adb138b93405a861b88ec5d7895ac0ab999932bb2a97d7a654061ee10b1a882be484311d6a99c2b37b947e4038bac829ad2e5cc9477f |
memory/3312-5522-0x0000000000210000-0x000000000050E000-memory.dmp
memory/3312-5528-0x0000000073F80000-0x000000007419C000-memory.dmp
memory/3312-5527-0x00000000741A0000-0x00000000741C2000-memory.dmp
memory/3312-5526-0x00000000741D0000-0x0000000074252000-memory.dmp
memory/3312-5525-0x0000000074260000-0x00000000742D7000-memory.dmp
memory/3312-5524-0x00000000742E0000-0x00000000742FC000-memory.dmp
memory/3312-5523-0x0000000074300000-0x0000000074382000-memory.dmp
memory/3312-5540-0x0000000000210000-0x000000000050E000-memory.dmp
memory/3312-5549-0x0000000000210000-0x000000000050E000-memory.dmp
memory/3312-5555-0x0000000073F80000-0x000000007419C000-memory.dmp
memory/3312-5559-0x0000000000210000-0x000000000050E000-memory.dmp
memory/3312-5565-0x0000000073F80000-0x000000007419C000-memory.dmp
memory/3312-5575-0x0000000000210000-0x000000000050E000-memory.dmp
memory/3312-5581-0x0000000073F80000-0x000000007419C000-memory.dmp
memory/3312-5586-0x0000000000210000-0x000000000050E000-memory.dmp