Malware Analysis Report

2024-11-30 14:06

Sample ID 240811-yq2lgazbpf
Target http://google.com
Tags
wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://google.com was found to be: Known bad.

Malicious Activity Summary

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer upx worm

Modifies WinLogon for persistence

Wannacry

Deletes shadow copies

Modifies file permissions

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops startup file

Reads user/profile data of web browsers

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Blocklisted process makes network request

Enumerates connected drives

Adds Run key to start application

Sets desktop wallpaper using registry

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Program crash

Browser Information Discovery

Modifies registry key

Views/modifies file attributes

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy service COM API

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Kills process with taskkill

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-11 20:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-11 20:00

Reported

2024-08-11 20:14

Platform

win10v2004-20240802-en

Max time kernel

849s

Max time network

852s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Program Files (x86)\\Windows\\Error file remover\\fatalerror.exe" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Program Files (x86)\\Windows\\Error file remover\\fatalerror.exe" C:\Windows\system32\msiexec.exe N/A

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD5930.tmp C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCrypt0r.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD5937.tmp C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCrypt0r.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD6513.tmp C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCry.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD652A.tmp C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCry.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskdl.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskse.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\qyedrxmniilpouj597 = "\"C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Ransomware\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Ransomware\\WannaCry.exe\" /r" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCry.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\G: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\Q: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\H: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\M: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\K: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\L: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\B: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\A: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\E: C:\Windows\SysWOW64\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCrypt0r.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Windows\Error file remover\fatalerror.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Windows\Error file remover\Windows Logoff Sound.wav C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI32C2.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3301.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Tasks\sys.job C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\Installer\MSI3272.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{C452D4E2-DE24-48B6-B5C3-ACB240A01606} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI33CE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI356A.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3616.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI31C4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3213.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI32A1.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3360.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI33DF.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI342F.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e633156.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e633156.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI33FF.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI34DC.tmp C:\Windows\system32\msiexec.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Xyeta.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCry.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCrypt0r.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{41CE93C5-5F1A-493C-B623-7D6287343552} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{0F91E8FB-1F89-4B30-BCCF-05CCFABF80F7} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\SysWOW64\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected] N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5020 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 1540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 4396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5020 wrote to memory of 2452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff526546f8,0x7fff52654708,0x7fff52654718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5588 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x468 0x4c0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,16245850852782707655,3714855543608863173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff526546f8,0x7fff52654708,0x7fff52654718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2032 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5376 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5360 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4036 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Xyeta.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Xyeta.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4392 -ip 4392

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 452

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\0A01606\Error file remover.msi" AI_SETUPEXEPATH=C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe SETUPEXEDIR=C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\ EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs "

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B5C8C8C43F238C4F2F0D1ABA62C4D37E

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B34711238E3C64B457CD896A4EAC71BC E Global\MSI0000

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCrypt0r.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCrypt0r.exe"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 46681723407181.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCry.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCry.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 100761723407183.bat

C:\Windows\SysWOW64\cscript.exe

cscript //nologo c.vbs

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im MSExchange*

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im Microsoft.Exchange.*

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sqlserver.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sqlwriter.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,9379221237093779228,1114038761300517734,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6944 /prefetch:8

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected]

@[email protected] vs

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe

!WannaDecryptor!.exe c

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b !WannaDecryptor!.exe v

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe

!WannaDecryptor!.exe v

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskse.exe

taskse.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected]

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "qyedrxmniilpouj597" /t REG_SZ /d "\"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\tasksche.exe\"" /f

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "qyedrxmniilpouj597" /t REG_SZ /d "\"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\tasksche.exe\"" /f

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\taskse.exe

taskse.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected]

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected]

@[email protected]

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
NL 172.217.23.206:80 google.com tcp
NL 172.217.23.206:80 google.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:80 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 support.google.com udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
GB 88.221.135.33:443 www.bing.com tcp
GB 88.221.135.33:443 www.bing.com tcp
US 8.8.8.8:53 33.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 95.101.143.201:443 r.bing.com tcp
GB 95.101.143.201:443 r.bing.com tcp
GB 95.101.143.201:443 r.bing.com tcp
GB 95.101.143.201:443 r.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 201.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.71:443 login.microsoftonline.com tcp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
GB 92.123.142.88:443 www.bing.com tcp
GB 92.123.142.88:443 www.bing.com udp
US 8.8.8.8:53 88.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.142.96:443 r.bing.com tcp
GB 92.123.142.96:443 r.bing.com tcp
GB 92.123.142.169:443 th.bing.com tcp
GB 92.123.142.169:443 th.bing.com tcp
US 8.8.8.8:53 96.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 169.142.123.92.in-addr.arpa udp
GB 92.123.142.96:443 r.bing.com udp
GB 92.123.142.169:443 th.bing.com udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
GB 92.123.142.96:443 r.bing.com udp
GB 92.123.142.169:443 th.bing.com udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.109.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 173.222.211.41:443 aefd.nelreports.net tcp
GB 173.222.211.41:443 aefd.nelreports.net udp
US 8.8.8.8:53 41.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
GB 92.123.142.114:443 www.bing.com udp
US 8.8.8.8:53 114.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.142.91:443 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.142.97:443 r.bing.com udp
US 8.8.8.8:53 91.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 97.142.123.92.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp
GB 92.123.142.97:443 r.bing.com udp
GB 92.123.142.91:443 th.bing.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
GB 92.123.142.104:443 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.142.82:443 r.bing.com udp
US 8.8.8.8:53 104.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 82.142.123.92.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 collect.installeranalytics.com udp
US 54.156.199.125:80 collect.installeranalytics.com tcp
US 8.8.8.8:53 125.199.156.54.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
NO 185.11.180.67:9001 tcp
SE 171.25.193.9:80 tcp
FR 212.47.233.86:9001 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:64698 tcp
US 8.8.8.8:53 9.193.25.171.in-addr.arpa udp
US 8.8.8.8:53 86.233.47.212.in-addr.arpa udp
DE 144.76.163.93:9001 tcp
NL 194.109.206.212:443 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
DE 81.7.10.93:31337 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
FR 51.254.136.195:443 tcp
US 154.35.175.225:443 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 719923124ee00fb57378e0ebcbe894f7
SHA1 cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256 aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512 a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

\??\pipe\LOCAL\crashpad_5020_CYRQIGACLVJJGDBS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d7114a6cd851f9bf56cf771c37d664a2
SHA1 769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256 d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA512 33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 810fbd8a97b828ed919b33de7470c79a
SHA1 9968e14493ec2f1a599a2ae3c244b73990ec6ec5
SHA256 c120dcc877cb810f8b09cee56afdbf6a1c663710859fad7953cbdfbf153554e7
SHA512 e56eef5b46a162526a2605a54476a94a3accef7e082cbd6739a541a4727c1a50849756938eac5ea375e8207f1f95a3a0e3babae9b5181126ab322ffa8cdb217b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 48d2860dd3168b6f06a4f27c6791bcaa
SHA1 f5f803efed91cd45a36c3d6acdffaaf0e863bf8c
SHA256 04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77
SHA512 172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2b7baa683331bd72089fad6d95944b2c
SHA1 610b5fb62ab766cf729824bb5b1bdee3bf58880d
SHA256 16c960c8dfc2e41f40325b5e31e4dd1b4d51544b20bbbc12962f21f0e335210d
SHA512 a430677cafee065ee191e428c01821c2c212b8c9b1f4f463ca4c3360ab949b0e9d903b02e3a357d7dd7e9bcc132f81a2c1bdd140ef1a4c05245f15f0e8f6a130

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1c2829fa3eb1ee28554f3fee2ce023c3
SHA1 2e2196f0dfaa7886ba8db37674cf7744d3d48d69
SHA256 045d0b55c280704439885388b4b68e9575d998b73cf10c006ea91cb721ffcf61
SHA512 1241602a103eda39f586b88bd655563116f8e95e307038c25020a0f05bc6bcb9aff15f614ec76305dd4fdb891f30d0107e1fe34f7eb7e1ac19494f4a4c3993e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 940ac79df7a0c618689ed9b1dbd89310
SHA1 e213b3d08e0390b579c0538a3df988ad9ce92752
SHA256 6acf91f137dda577e55d16623abb91af2c6509bbbf0139b9a4b0ca02d85effc9
SHA512 5280576297d638bcc66aa7833ff5576ce998e62a908b06e1e0ea04c34f68bd1c9bd2a1a1abce45e729c59c4da818a22f2cec7c3b36488b6ae8e1e43211a0014b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b6755486fb2804196430502fc0ccbac4
SHA1 ad03387f42b23be4c16c919a58659a35173301c3
SHA256 afae817ff92b4e2ef2085a0cb1ddebf5c725cb0f6a5a00ff70ddca1dcfc71b13
SHA512 f246683280314250fc9f594bae77c8ed8ce9c591d66ab6d84387420ad7e597c84458594bec23ac290afc845952ff71efe15a909ff0b28e6e51601853620dabf0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5e2c4c20c319ff6e27d5b6ea86a2f87d
SHA1 7e0c52430edf9e1fef7eddb3ba20fbf60cd6a32a
SHA256 4a6e41d3fadf107b31d221e0ee43bf0a379c4b83a5fd84f3cc4ebdf4733d3861
SHA512 993651e569bbea80e5a81904e4dcf687ea5813b2c7b3f544b4b5a03edd21d97cd722f61f5a4d9255eb8d717486a1c91a50496fe8557f219f25fa1a6cb2d593a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fc1864f57fc14e727a8f3717bd37a31d
SHA1 2444b35549955a226865a1eb0664ad37cdb16b72
SHA256 1f73bcb185fed877282819e4c63e6acb6f5442bd4d495aeda64105dbc19849ad
SHA512 2a8cd4a980131499163dc41ddcfdada1a605507b4aa384d4279d761c35efbe23e92fb6cfa5a6d0e81e200fdf3d8b3c108387a5b21b55293b6baa79a491a16e31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6431efaf3067cf3d66362ed47e2fdc5a
SHA1 e531c1b65f5b17afe014cbd8f6f17fda4e5e0820
SHA256 c7a5f5fa620cc78321e7b255d1688070031de5053992abdeaf9db2eb4ead8fff
SHA512 5f6387fa37c1c512ac56ce79053f65eb36ae78f73b2b89454fb0e3541fe2b0c8837cb258659946a5213df7666738eada28b22589b46386ab6276771f54237cde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7b164aa863fc86c8807cb96deade8947
SHA1 30bafdcca5c8e5a73cdc8ddbf93405e7e84c093d
SHA256 ed884ae7c265bb5008d34a7ae7f240f8ccfc36884dc4111ec578589025d02f82
SHA512 d70fddae26626be6f8b73eca0b28210d39543b878be7edd2d04b0061f59a9722f10cce40116e9a2405b021e0d78341a8265647a8a720e9e676446e2297d088ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c3fe117fce25c113f7c50a2251f64bbb
SHA1 669b401c0186695eab005cf4ac2736eb1be00767
SHA256 ebea96c94fa1c2c6eb433acafd7b7085b3ee987decf6a05c6af61f4a8838c14e
SHA512 8651b56a31ab86377d850d8ca6bfd29cbde10d165cf8314d5fdb06219d769089a493e8579c93c401ca8aa0188f2a240c6fc4d3df59bfeea0272ba4cafcb89ecd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 13a85c0f029211e35cab1b16af991e9d
SHA1 f8fa9fee29f2b44b0a14881d4bc8205b55852432
SHA256 dd50c2d805691d7e4ca2a856c8bd1c4cd679aa5a2b362165e488dc572ef3b390
SHA512 652a44e1f41b4485b94bd76cf8306245b3f366139c78b083740ea19bcadecb74662c671993d69c51cb5b2ee910b772052093d1809089a217dbc39a2fead209b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 1fb8e6044f64b4166f6cce60a1764513
SHA1 101a4665a855230e005b86770f9a54f23212d9ac
SHA256 6afa77d48a425c7f84336b429b46be509c2f096494c0bdb6249aac67e7527903
SHA512 16793ede3103d2cd7422d8038f6cf5c10a3b1d3233419236ff74413c45215453eed42ac727ba53587456d52d492f6801343da805cacdc67927910c8f8926eb0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 5f583125845941525c2ebc7749f20550
SHA1 5931fdadf72aaf8ea64e066a638314ce0f6da902
SHA256 9eb8ada4161ea15c94fc0bc2e805bc2187c0407cb75df8fa2b87ccd8dc88bbe1
SHA512 d610586d98cc5bcb47cf3f51d9550ce6321a80a053db245a6091aa898e66f118a9446b13a248cf76ac56f8edf96d959fde4a698d9a6b6962d3c0ca1f346b1de0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 e46024d0f93bbe4a888b7f011208af15
SHA1 85088d3a32b71ac3b286889a281376bb37911969
SHA256 f5a67ce9112d08d5d2be8c2fed9bea4efce984cbfb09fa5f56c9ea81bd689ba7
SHA512 635505b00442e9d7a98e66f73767a37394fd79f5c7c55b6dbe98554d5da8496b640268a68d07fbdb4eed81705fa8640a52487656262fbf3ae8079f4e7bd3828f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 ce4eefb053dddeba7c6825d74c3fb6d0
SHA1 f8baebeb74f84c42911cc225b303d5f8bcfc1825
SHA256 1056252027ee814bb9987428ed92a820b6b82f34640e27ae09537185a4ab64e6
SHA512 7ae4fa87351d9d3535f7ab1f1cd2cf7cb57d1b1ddee716d692566ed675e1e4f0e0d1d6619d3ac8687616346382178a6f0137268f7403f495cf2df40b04fc173e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

MD5 c9eccefe4d92cf70692e98a3dfc099e7
SHA1 4b791e5658fd730c3434d3a27ddbcfebb8f883b7
SHA256 3d0cdd1a43809f966707d2cf75625b77bd3e15b4b94be943365666b7f2886511
SHA512 2d0349ea36b482dff925c8866bcfdb26b39f8c31900d0dd79ea999d7942babd1862dfb01d7324b69cc3748070c47d08e5e1e7e1549a92c2e65dea9eaea60e7e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 75d4392392a8c22ed1ef376d3399627a
SHA1 c74fe684d60ac563b41c21740e18ff59ecc19bf8
SHA256 b66045728af1939cebee39f6c02f3d5d2f45f8235163f60c620999ee6df7965c
SHA512 2d493d0b382bcca8eec93dd1b71ba6217577e1fc5c2a921eb2e5d59f54f76fb99b4c5f5405232d6b1bd83269d5bf851cbecbcccada51c12d46d68a73396af5c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 64c8c80110140d82f63b53468bdd0393
SHA1 b9cb303d41a0c6a6d4c9b08a518aecb2e368e94a
SHA256 945ee15c99776a23a1ef799d20a6b11978346ec3ccfb45a36d051be497a80f49
SHA512 8cc2367765df06a17220da8712c1d7d81ae5ee20829e0530aa4e4e4b9353683e0099f56c16868c2f4578fc5306111cdcb74cdb8da695e2a1542a9e467eade6c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367880023319024

MD5 2ee3c638521310e61d45b4668120fec9
SHA1 daf996dbc10aa9f753a00c51c6f9c5c6734bb351
SHA256 44f7a1d6f058dd3c332261971c4a0a8cc7350ae8b837f51983f2859bef0262f0
SHA512 0fc189594961080f72fdd677675574cf32ee80131336354ac08736dd2d846c681f317f9baac16d11cfb061aa61e93707dfc0865b55e7624de23a60e353b72d9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 65dda5b8f60f3ce5456f0912d72e441c
SHA1 b99d17b82fd15cc3e8217f65a7842c8ff9077f45
SHA256 b9d4026a6607ccfbb85e4abdebcc301dd2b344b967305841bc60b9f0c4845d1d
SHA512 70c96605150135f156bc33b66b1a8e25b097eb56f3e43db24cd0503a33ec15eb8bd24583ec1faeac9f84a862a3893734157a9afbf7a7f9c6af3839805bb16c90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 b5d696eed8b0981992d1c3dde27de428
SHA1 be8cbbdc215eb1f6cf47b18e6f3a5afdafce4680
SHA256 4c0917e59cdeb78e13529ce22ed0a7dfca29ad90097135a8ac0d30428a2c4115
SHA512 bbb3deb44cd428c5ba3cab166afdeb9db27cbe59e7d0a16c23c3454c2e309c015cf92c7d2947f1176dec20f02e5da08b195121873107ddb920dd47c7ab0e30eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 a40fd537e7d9f640f0673c0541818758
SHA1 339ca75cd2d050b5c340b0ca402ae918154d99cf
SHA256 83804b337781d458a95566012bd91efdfcd2519c6f714326b1d7c909c0f2cfaa
SHA512 6d6eae7645976d7258a0852a0c53bdd63fd019b75bc658324b8770077425c1b2656c24814c6292e791a4e39ff0b1aca9205af17f762c15d921911dff9869d547

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 d012505655e05aabec45f79533c3cc94
SHA1 1c1fdb8e77541be025a9e30110e136267861a8c0
SHA256 1f20ad1d78fea3db3bac164d893f4844aca95e9ec7b11eb9f3722626bb831567
SHA512 a39ebf42182e3c57f66ffb4b9a23637b50446d766eba53326da03f4788571c04ce8da15c4091ca85d100a50eb2bd7717ae31dfab9182ec054b539a62fbb65424

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 878cccfbf202bce9e5b72fc18424dda5
SHA1 b326bb3f2db79959d9773d58dfbb2b8653c1cc1e
SHA256 13efbc24c9718b80899f57564546046ffdc43c3d8be457fb6ded6c38095260b5
SHA512 f6c8c710a91cb733892d74bd90dfee129f23e7c4fc545a686d18593aff41892a42aa7c06642d7302e23eda1a3b57c9daccb3d704a2ef31bf6df45f16e2d37752

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 4502ce11d6ee06ee7aa08f4ab263cdd8
SHA1 e15d06a57dd0cf2bc50a223e37ad44d7af38f4df
SHA256 fd2d7ac7a5bf3a1172fa72a7d64b9a1af53c17aada9f1a3b78d7b796d6d2c487
SHA512 1e32ec25a23e2ae156f9a63e662b76aaff2a1b877c8ceede565811e1b5ef3a6aaedeafc47a0e62746e111f900b966bcfa31d01b0dc79d47dfc0892cee60cb936

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 cc4495d170497c28c7e706c2f06e0330
SHA1 8326cd09aa1deefa518410abde4ab82d16144186
SHA256 45ce2100f4901a23272c1f086098279a10fa4a1baa6dbb734f18aacfd2786e2b
SHA512 d42fdf2886b301ab22c6f85ae93ab46b48cd756654ac0d1ed12a661efff54391ba93eeaacf95c35d6e7a04429890a947e998cec84ffe5ee409f7e613dba658eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fad267668d4c34e7777dcb71bd8b8214
SHA1 fc55d9b8a34d0bced8f692eea32f7065b8b01eb8
SHA256 b1f4a4e7cdf78903142b763b27d0002ac0aa36e01eb8de399efb6ece107c7642
SHA512 d2fce4a9e1e0e11f62cb0228d5762973a5e6a9f239f684613341df423db4d7b0e1a7006fa44a2120d5a819b67e6d9b51669e94539e11dc471225de16eaf6ad9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 316432c0d17cdeab7d776922185e9d73
SHA1 6adc200deaeedc9d76af53f4b690e1bfdacc29d5
SHA256 a1e247d97d77b2549e4bfa54f8d45625e434a910e6bb0d2d6a71e9d45ee62c28
SHA512 d490dd759142d6c6f2ae301327db7fcfb147d6fae021cc00a79675e8467842df4597ad63306a261026f2c7a59c95ea8e9dbf73d5572dc792a7f2aecf7d67d1ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

MD5 a33b3a3fdf5161be5bd861804961f557
SHA1 68a57897f1686a3e62ce9808165e18f31661d077
SHA256 ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560
SHA512 c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007

MD5 bf84734a469b89aca5a2450ff72bf3fe
SHA1 c6d1d87de39af595d5b418b44efcbbcb1b5d96a4
SHA256 429f7392db31248d0401a41671917da4e8f491f5b4948f6012ea5f44a6c858e3
SHA512 28f6fc0d41a5348b629570507cd92230c167be99d54f244666b69685403986a5aa7cb779fe156ba7043b9ecbc8527b0471bce6383dffb60a8ea12f7b960ea931

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000008

MD5 dc89af7df9c6ca650e310b1f298f8d77
SHA1 fe8ce0398a5746cf2db4dbb22f366419c184d1d1
SHA256 d8df757e32e39db47931547397eea399545586775010ba5f5e8f6282cd3d460c
SHA512 93314e0a31d7e607d31d7aacb73ee2579506e4abb672c536a6d4f64d13d0b48fa3dd17987e98ad3a9f4e9ebf8679dd2daa70934b7dc98ab3c5de5cd338f1f4a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000009

MD5 d22cb8682c6c279a568ed39bdc634f0f
SHA1 677360e899085b1fe7af0098575842261a6d854a
SHA256 78b575d52c9342adcc7b89ee8545e0577169b0d520a9924c7d53bc3587b240e0
SHA512 2ad0f705556abae3edb620d4370c1e72c749935d6ec079a10272ba2cbfe42d06a67f6fa1c3d80755aef9419391f701e98d479e946708e26980497f438b154ce8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000a

MD5 303a4b69a28d0e0a803b8a541ed74fa9
SHA1 87cd1440d4dfd1b3009ea361d822cd1be57960a1
SHA256 969adad92315c6139b0f9f978b44e31745b3b64ad9fd0a0a3acde2d97cd664df
SHA512 966a785f28af20827c1156f72c8fa894aae8ad69f568586528bb56260b899654dfc23f4bd605dd00b211eb92b85498cf4e61d361602faefd40523db01fa94251

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000b

MD5 b4e0f355b49ccc2a27791f7936791cfc
SHA1 8c5ebdba784b7c50e920cb2107840cee1b7b7473
SHA256 93de14b1e7e3d9e1e048b1a4ea06747c3b77c3015cac870a4e53c42b23626392
SHA512 62028acf445f7cc4b53a6f48ae425c58a4541db8c96e98358f98a81300251a56f4f0965e48bcd2eef375f0c4b3f5b669b37e29531fcacaa40dcb9e1fbae2c80f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000c

MD5 03c9fd9c73a772c9a526e78a5d43ec4e
SHA1 1a35dbff5da0d72da1ffee45dd16950b19509b27
SHA256 3546a568f8c20523254cefea70bb01a2e25697e1cc5c6eb766d2db6d56866720
SHA512 3cead69c95c18fac695e1aee9a94628f5dd1ef92719f3203dc016c8c8aa134568835f40758ac38caa8aead325597f6a875d284b1c7b8a94f92e7c2d26410950a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000d

MD5 087b26dafaaaa077d3495a275f16b496
SHA1 d808255ca7ae7232a1b08728b80a4fa1c3672c1f
SHA256 2d339ca6640f5f6cf4c626616618bc8a7b157c26fbf2831140463860ad896a05
SHA512 fffc11aacbc375b8e60d283480c831ca869fbab92c60a35c765de05fad11decf8228c7ad079b57ec21031310b30b6febb3bfb0b707f4d40f4842abe7247b7a2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000e

MD5 596c754665dc3ef9437ef542eb4b130a
SHA1 2fd7ba914e8df3314850a0f0085d5388e7d45811
SHA256 bc79b14f5edf047445a5ead84ac1c46d8bb2e8015fe8465f1ba90a8286375500
SHA512 d224eca48a06915370fd20858d6250df1f19a8990ec3bf2230fc5d72f1b5f356f609a4098fc5c22fcad8137734d4adfe9d69f0e91836fcfd6c1c4464559168eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000f

MD5 a25adef2f842f95e15d241ad23b05354
SHA1 c2666e5f0ed28be2e5f55b4967cf6ae59ae274c9
SHA256 bae72b9963688358681b43145a0a0c8f4108d9dafb03513dc36408711115be82
SHA512 ba8f9de878a421031a0b8ddb9a3ef4e7d47c5d7ddd2c8606bb0b78d00f3fcd9d6e9b4217c8ff24008de814aa66a98f3d7dd423aaed9d574f3d627df4eb335156

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000010

MD5 2909e31d70186d165ea9f8eae4c000f3
SHA1 2d4d83b99cb3568d3f8c1a6893df7952f056d8af
SHA256 fd393e318c096bec442c6d1f0bc2cd9a73058f7c3159aec74d809146178c30f4
SHA512 bbc9ce2aa8fa2c371908afe356415e7a0c83ff14675948f6e2870396ee589554cb73371bee759f126425cfae1ccfc33b4558bf7a5bd9a74b367aa16caae01d74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 f34b9a81dec1174f291b91f0cd69d31f
SHA1 f04502161dd8bd35b2178f27e0167b8fdb9a89a0
SHA256 bf05f1ce8992fc20913eb6992ade58481bdcbe5b9d4a0443d3f11bcc704bcd76
SHA512 c228b755717b94872701e2252b97fbe6a0ba83cf82d28174921957e80aa15442c2143f45a04bf27061b3fe48bdb46fb9c379ac5cc5878b6b71c5372f6e78a126

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 d6c6f43d26077117f499f1aff269d3a9
SHA1 979d89cf89745cc286739efa68b1c69b5d91b47c
SHA256 75fc0c3467e8144589b7bbe2282919583634de8d678d9d5e616b27280d0b0711
SHA512 b5bc1087c3c0285518422f2630c3d432f70a97fc35e8f96b6b3518a00f7800feace37af47b7202a7c22062fffa0ebcf12a11c795534966c9210f907010e8ca38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 437870726879d5bd7347e0dc0879a01e
SHA1 e603cb96a1b3e8dd52e915a278a8ac2685bbd93d
SHA256 b32e3c410398451941d46db0f496d557fcc2c458f0a016b8995eec9b29e4c189
SHA512 f1f41c72b1a77d425a00371041741350628a88ccaa952d418125e551d6b4d47b4b1edc3dbcbca71c81398cb49063ff75940e8aaa0d39db43aac29f6af6915032

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 0564db8ca18dd7151ce5b4f84aafd34b
SHA1 6a2396b126183374aeee455075fc2a9a1c277c43
SHA256 8e6d8cf3b1ce33d9b94c0bf869c3acd62bf93abd1e1f9e273fc38c812226136e
SHA512 a94e0df9ea442940aec827cdd7f828457d8623ac94d6730ee10d5648a3825dea276206210c23c3253a94821cf082a8618221539b132f46ea69f67fb7df0d5ec0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 98636c209bc3590b505a271959b89b4b
SHA1 f2d5245a597d22265c93d200cbe3661f6368af2a
SHA256 c5336e1873041b958e7ff0fb77fdc529e2b86d74587a22149d0d9da219b3ab3b
SHA512 dbcf3a0bda66eba532bc40a4e9574ee63c9773024ff03cd7162e39363a1281861ffecb136fee460f9699cad2c1b01a7ac486e62cfee134bb1e6bca6c47d58f46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 a26cc9f7a5c4cc0f36b4323ca711afa3
SHA1 b546c4fbff3b19f13d78bc03cfcf9b173332dbd5
SHA256 b5f15914b9d8b5258a90281a26cab2d32df25a8c0181f68da21b2c79f05324ef
SHA512 4004d10dd3ebbff10533b6a6f5e047a1634a62cf4a62984b9a9fe276a07d41af9f78e58b488790aa195b2727e594dd4d737cc9348669b0bdcabfcb4593f16549

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 c5e94ff3eff4e7e3fabe2db31dbe1d9e
SHA1 1be8754a8a7d98fd02e42177eb85207603ca7ff5
SHA256 3a561e75cc5a81c4b4f6a0e69d0a51c4cc1a64f4f051992f789ecf8d4c06bba4
SHA512 4759421f3e07964d2dc82e3672454433d807ac4c11faa22af11f3181c421bea98ef6213439f65019b4069def3f2556ab3bc9fe66fdcda8d360e97a52e79cef3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 be05841e6dbed8aa145019acedb88d20
SHA1 118083dfe0841c73dd13af811a6984275f97f643
SHA256 3bb8d64ee16843327346aa70dfa96dac6f9595298abda614581ca29cf3318c12
SHA512 d000bde237455929adc79b48a32334860f6fb80fd41499312e9e35a58cd07d349c313030c4f0c23d35e5faabbd3fb714f16d3f368a4644ce95f92cae9a969071

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5625b5c8e55e99a92eeda969786b14ac
SHA1 4a742c838499d88a5a3873653e0ef17727d1b76f
SHA256 609a8b0778d52d37c4d5a7f8c47e1a7ea18c6e2c7ce7e301d005cf35b7d9c79f
SHA512 bea25a73b8893d8519e252e0682d24130b89b86aa457907b50b314e5f772990c4a7653c499b6ed86e9996af832dcbc28f8b61b6d9419184ce513989fdbbbcbcf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 24735079a2be4ec2ee698f687c970249
SHA1 aa07cd249de45ad12cf4e30cda5a5d067b3cc72b
SHA256 b888277c14c6d4e2242e88328ada34a8130357cd1be1cb5edd0ca466019a6d3e
SHA512 1f71a74257ece8b7ed1105972bda36fb6e0e08ab6498f07e726ef621587ae54a1cffe9e87d11ad702a3cf87012faf257e393e0a506599a13e2c2c36b86d4146d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2d5fc6a8186c9c39935f40c63b77bdb5
SHA1 dab885d2702bf80a66f6b17b1e23659f95bbe700
SHA256 7eae2a1b193c42427e03c4b3d0cfeb8f10d8fb7b730532747778dc3dc9fe82da
SHA512 88003079411299c48d1b0b01dbeb9ca737cb419d7f5932aa95298615e2a193bf663dbdac3f34ab2e5b2bb8b39c7682aafbfadf735014c34dc5c5b4418ab90afd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 50d2fca7aa404f0aa5137c75c6ed83ff
SHA1 1b480745338f0ec96d26c95aaa53439a0c0b48a7
SHA256 ecacd94b43e1aea672a0a958c91fabbf94579b1dd9e2cdbb5f747a684d429170
SHA512 4458352147cea699e955f174dbdbe9d3f33476cdae73650a49467c0754c3e59250dc0ef439eb4c4d843d3b4e40629f4870fff2c1a48a26a0daa1cde1dfa866b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 148be2c2f6a614139a3c7dec4328d9c2
SHA1 94c64e1193432f82bca2cc159e411843e677c23c
SHA256 90329d01c874031915105e3292375b994771d3e59851e95b27b6dd4d46df9757
SHA512 7363509dde9a01092613b7908fea04f81edb74f97545571a166cf8acfeb64b03b3688abb39178aed91efaf58c0feb3ee5ae20a615d933704058f01fdff00172e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fab27ae4c758ba8a6afd714ddc0b2c9c
SHA1 6a487352fbfb0cd2a8faa5ea598c91e72deae525
SHA256 65ce4fe5652d26b6469982fc28c9d7885553309360b2c365bf6a198e0a1145e8
SHA512 6a864f81a08b06df24ed7a79124e316afcb2f0ad70a948c3bcf697ca72fe8ced6d2d14f2786ba1add1debc7a2d60b3f27c828cf497980570a3353acec9424cbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f2bb06e6623acc82160d5d62c440ba24
SHA1 754b246221c85c7d5f68e5d5bc2a49dfd416c38a
SHA256 14c9c78584391afce4185793518213f38948870da5a4b9cc4cab4a2404be01c5
SHA512 54ec541e7ca39c412b671d369398cc22fcc631651e080b380fe711522f95253a992d4c592ec1a890a316163c84fbbb5b1900e6f8b8582bbe0b27a722850aa182

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a0aafef5223d48e3550d2981900af296
SHA1 e79fc3c224b58d362622f42c79a74c788fd5f6bc
SHA256 859fbb1fb39f03f7252b56624d68be77fe2b7c7d30bea373fefd1659abdfdd32
SHA512 83960d8d5523e5ddc33e0277fc7fe297e9d0be184c20c408c1b3fe96e6ac41c9566bf97892f8349719c1b01295444080c5c7f0a4a97955edfea4ae44e2dcd598

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3b0f9dd912b8da9165dcd4b4ed14a1bb
SHA1 f16a1d29ca32e31a149566a9f6f12fc1ec7a0046
SHA256 541f3ad50e0c4e681f1692fd2d80a14dd04e3cc646d850fd963e3e29219c746f
SHA512 c27e277c74381105a8cea3d0ef9b8b745f4b193dc6b498ba5a2ec739b550853a88774be11be0b7762914b34140b56651c9b71888eb55dbf0c20a81f6e1d726cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ce62547cae826a3bf378b5b35e87ae84
SHA1 60fad5ea5e5ba9ca57f5ec70295de39bd11cd82d
SHA256 751a09c61d0186c84b4e9d427eab829d97232a776dc133054bad82eff56c32c4
SHA512 f29b8f0431933c73ef533d8abcd1f0287b915fd0844ae1d73662a1b3bece3748f1866dcc9f80d9d0161a19379ad35f6b7f426398aa712c202f598b7d8b487cf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cff1595daa54258919afd1d08d35b6cd
SHA1 6ff8de9c23a7eef9b8cfd38ec03ddf127fde9b29
SHA256 5689161dd5fd0702a64e2db75cae72948016c39ff47015b62a1ff0f19a64b7ba
SHA512 bb510a99bbab86edf55b328200ab229b7037bfb14c988de887e0b440cf80af07b6a7346e58aff9cac0bbec581070a3d57b13edb0fef3db318d6468956c18ef85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5a94def50eac0b4d222be4cbb513a486
SHA1 0f595d88c473d8c93b0388b280324ba39b5f5a99
SHA256 f95503d1b4ebf09de0d44c518823bbf1e42ec2a6e9f700185673614be9b0a268
SHA512 ca5170b6bdf97786efbdb2169611e25bcf2938a84ca6dcd8a65f1669988284917aded596b7551375930910ec4d8f1a4c791bd0dad41b211d087079091c7d5112

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d7ca7d75f4597c210e0861ade7eca99c
SHA1 96598ee456fbd1798597a2639d14e6cb4e84328e
SHA256 0db4e6a83f29bc2d033d9c22d66ea0d8c23f55e7de4b4dd1ac7e1c9df8fb0194
SHA512 e96a9f9a02103857bbf095160467ef083c664586a06b25d2e427cbad9b5bb711978987a093c82fd712502cc1fb6a9f456689430beaa759eacb98aa489602e68b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eddf384d01427b2b4675ae5bdd354630
SHA1 f95b3ea1c1c8e38198236be72645d0f694e67202
SHA256 db98c302c5ccf973271781c52c31d464d15a7e829cfd22adba4cfe15e01301a5
SHA512 032bacecf4429e426c341bb62d420c4bf79a31dc71450bd894dee68f5107c4521e530271bff1317e649f89ea52c5dfc53d51966d9444638e686a8f602b966475

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e42cf26b59a1203f37e2473f9f5c2aef
SHA1 553b0ed8b258d570f576463f59ed5eff43f69a42
SHA256 274539a48ba5f75dd9e3b1097b387a20583d53508690cec0959f3f0ebd7e3f23
SHA512 6c9119a92969903f7d7b736a6c1ac18abea49c12b8f77ffcf44a1cbdb95baca76d1b0adb2c02f12abc0f73a70e41b71fc3bc0369f437558867ae2f15b209730e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0dac188dd150aa736b8aa400b49b4279
SHA1 58517f247e35cf5178c904810943993d8c04797b
SHA256 f38d14b675b4a7b3ed3b468087ea97ff7bb00a3f18443fbb4699b6f7c3f6e5b6
SHA512 eb45227dece8de473bf0b1a8624729e031f59a5cad9178e9d2c38b66b8617085f9a978586a943008d8446d63ea666aa714a43dd1df1326f1b54eac27fc404b5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 9071285d02df11f85ceab92d83a11a0d
SHA1 5db34820866176ab6bab420cc57fe87f47865fab
SHA256 3f0d2e5c107439be37d99022d5c2fd0e7030a5251e6b298c4fd66be27a8cef6a
SHA512 67e631c3b574565926fac4c134e7257beb62b7165b313f5eaffc397e58e513756d29c3831def6b8a60a884e9c40c5aea2c05b3226876a1cac1a346f510f1c385

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c4d0c84ab2095c60f117fcf0f611147b
SHA1 2934f66237bc18c5044682a4c07747bfff519acf
SHA256 aabf984d77547cd871073bbcf461bf3fd8011d4153bf0bbfd3fed5903fe9fa45
SHA512 d78d4c8b36a604afb64fa5d7d560c5b98467a1acaaf275b2ac00288ef0a8a90aca007ecd45326eeaf8399d712abfa53a583866046fedc944d10b4743bc86c25e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e9d66b7b95682fb3f21d12eba837729
SHA1 7d159a750a729d92cfeb77d06cbc50fb9c87b8c6
SHA256 a5bd0ec2088f707b3567aed5f1490a0622c668c1ee959aad50a3ef1e6cc81cd3
SHA512 174ce6fc76f587578cb0b731f66ab56a47d6c04e5d54c2720c4df18a3005047dd4c3546a6db342a36e67108684e5062aec5cf1cdd6e120fce7172621eb541048

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bc050adcfcb1d51a2ca485118e157bb4
SHA1 c0d0cfc208bb7eeaba333fe3e44e39c1bc0784de
SHA256 bcfda50bc854214ba80ea255ff9f93cc70fb7faed7cf1433ba904b958d0f1b24
SHA512 ec27717a9490481fc8dc3237f7edfb73def3998ee19e849e37bbb74236b0a39d2ff0e713b4e3163f598e53d011cbd1869a87a870d8340614f7d4c7a764145dd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5fffabda7c2c6f7e4088f6ac143127b8
SHA1 cfd770112021562cd12e0f94e080574caf7079a5
SHA256 6afa765110751c1fe31ad3c61c666f615a5f1ec7304490f71e0c0d02e933dbd6
SHA512 3f7e05533391e3fc0e5eca9bb59053dd06cd3869c5a4536dcda470b2aded68ddeb7c6b91f345b66ec40d5d6dccacfa237a0a24553f96002af26e6367c77e0ed4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 945716ff501fd111fadabaef43efb98f
SHA1 e3beeac656dd7b5c331e10e4f076ae145e1a4f6d
SHA256 ab4de6edf9bfd30ffcce9030b7ac256045f882e962ef69a6e72cebd153310b39
SHA512 c752cc3c74e2cc57e671edf00a177c923387cde9d7a46d993e4da34578bd23ae72b1f09f8ff245d84faafa20f5428945b1c04b9bac20c6993b6c02d1226f218c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 21f4966d805bb53b51282c451905d040
SHA1 bf6f78593231f9af34a275c658bbb0fd4f07c54b
SHA256 8d5ecd02cd5bd498f8439e5b2f4cb08cf819093dae358be923735cbe2b0b820e
SHA512 a951d222d8313d9ff905ba4f7177fbaada8d72947c5aa4f9e37493060eabcc541a31a958fd032dfcbe07452cb81c5519dead345eb8c3808cf02880332604ecf9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e83798036165846c_0

MD5 08ce3bb61bd4af3979880b1a9f723b54
SHA1 f9b15f381fbccd32d076a0f72e1074220e196434
SHA256 3eba677d8d86b34f5033316c626149bfdc76edcee8ab77ee1f5c7fe7529ceb59
SHA512 e9e70708cf628cec7c1cf40623cdc4eb5f4ae19a7291a21a2f1a72191f27a55409c87567b2bde2292ea8d654c3fda919c655b3d9585550bf9bbb98169b8d7d28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\580fd9376c2d4a3e_0

MD5 657c475f715841d68fa1cc2eb83fdf4c
SHA1 05a32ff14777c9d07ab2a96646ea7f9f3538c505
SHA256 e3da9bdef8397f5dcd4d52b58cc7dd2a172cbae9fff4b2271956b5c080727f4c
SHA512 0070d5a2d446fe603f7c46f1a9a0bef385705655d710e07a2f77bafbfb49d6dcdbce7fac18f1a6ab88c0e2c18d10d44157792f5aaa9255f4e4561c8176dd9b35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

MD5 5f41c9fda38e313eca2292b37dd782b1
SHA1 2348181a98d0e06f7d831f8b1d550a56e1da9776
SHA256 3f5fbcac30d21b1e46423493815f3dab698eed04245831aa07e9b6fed4f8c7ec
SHA512 37659b1a3b160d63a1bd7076716a6f9846e3b2a7df088919a39ba4f74442953853ee7fed3c4530bfab576bcdb3381a0bbd7f9c32a4e20f3dd4ee513e21cb02f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0

MD5 3936cb5e5dbc74f8d7f41dc81401fa0d
SHA1 0fc2e6107078d0d7525386fc76df4982c31b1058
SHA256 3878096938aeb1509fa582759726dd661f42f0a77cb1c1021b7479bdc72156fa
SHA512 4b3a65995edbd20543ff0f0ccae106124a7fc715b21376e722f90ed5bb2a705a293643df9531a3e66a0395a26f6c9040ebcc0a637cc6040911c1c0d6b0ecbab3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e23bcf4dbf5c221_0

MD5 836983f7a6eaae5b5c2056a280c4a8ec
SHA1 eda67a918a8d1e0f961fb828043b7c4bd9b6c482
SHA256 97acc02cbfa4e68729ca27c580fe543a020f15c735752a131e989acfacaea577
SHA512 f5946602c05385f888dfb6671715e4eb0e332f6774a2d2973ade45300568e7e76df7e7a56d3cdae0c83ae63502529951aae037002d09fd453a73eb6402cfc2fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f02c4494b1a18ff_0

MD5 2dfdc8d92b1ac7440407e04637812208
SHA1 76cb79540f5c2045d22c0d0994e749605d6c8edb
SHA256 4e7f55b5a31216f593583a9f7f5e7c21d6786a3b568860118a88feb3a6b3c737
SHA512 03899af9edcb21c24537097bbd873f3acf2871cdbe36f21ecf754adebf66508e31724294ff78ceb2ace640b2261483ab353274e952134d33ddcdddcf7b80b40c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

MD5 9a61cb90970a896884f76e5e3f9432dd
SHA1 70546b2d33d34ba131c43a4e0ee0017fbdcb683c
SHA256 ae97c82bdc6423072258992f7b8b38d902f94999ae768cb108f7f858b5f87137
SHA512 041a16e49c4be2cd3a70eb76462a32fdfe8c6beb38b64205ad66039c01b0f76a741d5b525d90542e6ce399dcdf8cfd682bce910c107dea764e780632ed1f7e8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf31345cbef72d6e_0

MD5 6734c6bc4ba41fdf3d049a220e5e9b1e
SHA1 f3555e6ea1471edf55f9379aea4d424509ff5a5f
SHA256 6b662a041bdcfa002081f2d7636ad96ae5f8a8eebaa6d52680ef668a9315d10f
SHA512 dcb79e3fbf5e78352da0b6f7b866e8f3ec8b777ac2f99de4b0941dd0709444d8d5ff32d0cfc42a1c77282e5208e6e913655945a393302b210fb3ab31345a3ff9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

MD5 49e7a8a8245cba41b105256fba4185ba
SHA1 f8cff389498ef843ef622192ae77e5840b7fc9cf
SHA256 b9e9554f797e15559e3f2d39d601aa98831035ccea10fda83fe03faf2909e4c6
SHA512 879249627a9a96ca0fa31edb52dc90f093272fbaf5eb27696176a82fe4e649a332a16e8ba178c251d2b94daf10d533d2b676859571727b6425a4d72c8551bc34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca892b448ce010ff_0

MD5 5068f8303fed218dee6fb7980fcb6f13
SHA1 3016532def97b9ef9194df3423798a72092e38fe
SHA256 00c76e1406d72a057721bbaf3f464f724d5931f667952359311eed8ce34b78ac
SHA512 10eaec5a1ec00cff2f314bfa1922b1d961f146168e4890102fd0ad911949d9fa8c33a16b8551ca3be8c3fe09e9a30883b1e502aeb7347df02af700cfb5b9002a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 bd2e38d14c4369f1e70b797aa54a69a9
SHA1 7c0cfcb89aab066d56d3b5b0a6ea20e6925be35c
SHA256 d2037a37fb09a061ad4c70f1fb05483eacd9692e6614d53e3841f7766aa35a10
SHA512 c0d0a2842e3ae771f471e823aa3aa3bfde411531dd445e441524bf4776e6ca3a6394a027e0a16532cf4392ab8650288dca369c3c2b2d1ce1626e54ec956738d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 a9ef446aa356802b4dd957c5dd662cb7
SHA1 c4ec97df9cfd52c5de576b7b3b274d2aecb7fdda
SHA256 0cc581835f2a29c5df1a64ffd13a943fc9b751de8f496278c6f1813c65ef6cc7
SHA512 15a8fac905ec9d8587aa099e2aaaf88d3073fc27e797f4f07bdc8b90e245c6719a7bafeef5788fc840f5cce8c0cbce942beb77269a404b7d5c897b5c9d5a0c57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

MD5 a1d974823c2a363d8c3f2e1c63e3563a
SHA1 738c4804a66c80a79f9297a228e3fd5f271b5432
SHA256 e5bff1c88b4e0eb14e87e99a7d33251fecbb3871e41e77d496e26861f905d162
SHA512 abaa852707cbbbb057a85fecfb215d2fedadf1163abd17d5b8e235f56c4196e01325a05740db60814372ab2421fbd0909899cbda590709e1c31d3be8696b2158

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

MD5 b0adff82b4e770750a0f3040826cb274
SHA1 9e3ae614b902b82806ce37a1226607d054d0ad3b
SHA256 034d35becf4ae8a1c99b6b08d0c39174643f016d4ff58c990892e7cb9cf11c29
SHA512 dbaf4235e5e88e501a1d10ca629edb920875b20e8ed8ed78d1960d1131e33653e663d0e477524bf27599bd60431a1cd2276c5e10af2f0c63dc117df2dcb7f9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 2f4d6478b153c413befd84a55b2caef8
SHA1 a6f4be5b0421e0fa1854f7b8a1d5684828908fa5
SHA256 999642d31618f7dceac461757bcc34180450831e67e84ad44d989ea717d46b70
SHA512 432f8b94ac5d8ee65dedf912f28be6d56812d6d7844ec2dabf8826e5307c16e8bb6d22f0039af11765a42b2d03486549f98f88814ec9a07c1d3a4c442e29382f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d37cb16ef5eb861d_0

MD5 99c4971842d6bcc2e96780f56a6d7380
SHA1 5301fdfc2f75163c30f299158da5087e1f0e76e3
SHA256 c661d3e98a72d9ed6caaf848b165c8910c41f53f1b5c6539cd3217480c37f95e
SHA512 7b2c9c653d17c5e10f93fbc748ea51df087723f1cab4ac1f33df839e6e886cd87bf7089d356e1e7850d46fa26b6a8cf21d472b30ba6cf32fa66523232d42be57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 93058f3d6836fc42c74640c635055864
SHA1 85c340de89abbeec6af26462d45be7097883b372
SHA256 7c66a36cc94f91f1f9feebe88a92689cd1238efe4ae42c32cbc7e2d60305ce7f
SHA512 cc6c1dd32f754765a5ba7f4765d11657167df73fa206161e197243e19a7e6dbc1213aeb8fd15c822d30b7e06e2f05150d804ad46af02b91e27f060780484595f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\168251be7271d371_0

MD5 e5348653b804ea4d99a56d813308d1d0
SHA1 45c53574e917cb2e94816110f052184831ed7684
SHA256 a5d6dfe6265a034527edeb2a077c8e172c15a407d2e68857e1d46cd8b5ff799e
SHA512 6832956da883a2dbfc1ff9fc1ea2dbee39411f1e13036218c78d0216d84cdf7c606aa0882c572a8bb5873d86c2023dc6bf24e3ec1494f1d07f5e8999a75bfc35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\537f62c2e00def92_0

MD5 9e0da3e883c097142f7e4a12173d8720
SHA1 d4b8e53b8b1915c53335c7a23be96ea9bb262fe9
SHA256 30e202a2558ebb4ee55cb2d133d7080b76f8bf2528d8299b77ae950f6eada444
SHA512 d1cf1a0b8faff3410347e9b853782573b8912ab39747b53459f79c680e425dbff9f8e7b974036f746b1788c3c362a56e166ad95e0cb1df5d80c63764f6750023

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfd9b5c29c5c8524_0

MD5 0a0d024d203660bda20c9e1fcfa95c1e
SHA1 549d4b16f64051102e4097a5ec42b0bf12ec04d6
SHA256 347e576e13c7df70fc5c012d1de58a10c69bf43e0daba60c2a7fbc5cec35b402
SHA512 839c5346c068db5adbafe9bfa2e413d26cf70d95f4ed8ed34b6178db3b4312f408ef7065606091f1434f7c6815598e5adca7d14ae425257107495d957014bc9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e504183595893c5c_0

MD5 00e51ff7d503af9cda342068586e73d1
SHA1 dcc5c48b8f9a4aed944dc1c749affa3f013b7f1e
SHA256 d6dbbd1eeaee3ccb0d2d4ea4068324dbb0aca95a2fcbbef8a5423d57cc45fb87
SHA512 20a3277021a5402bb829027b15751904f956cc8cec830e6367628a7b0c11b33696fd969bf4f17d1a65dfb06e9d9eac253732d3592229a8c2bdca5f3083723b10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

MD5 e46cb5e46530ce07d4eabab2d1cef4ba
SHA1 e6eece1e30443b32f9c94f5737003e57fe902891
SHA256 3f8c3f026416ce06d3cd3dc638e9d376315372fb273354cdf655f26f84f913a8
SHA512 8509a849cd61c68836a8212fdc56700b6641d2d1b119223394f9cbf50fcf45b082c21b9262167ee146625a000eb6c9d6e905c63902115c87441a6dc55d86cece

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

MD5 477cafafb9e705dc85a68daafb692743
SHA1 b4b72aec91f8d7661241c5d3eb9e6d075f6e72ec
SHA256 f7665c47d455825b0b848175688febd6d064fec081851289167889f5342c2a86
SHA512 bca6592d3a1c4041688d758a3e90d98f85178e3066f825e0a2dcea7fb75912d81c8a97adba3be836cb29adda3c985e556bd7c2be209cce1f39437201670fe678

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

MD5 2ed0450d5f0b395ccd4536ce708e9fae
SHA1 0d1aa189cd68b222680867d1455be70d1d3b86c0
SHA256 fd722d8da119310adab032c874e2fc854c238182977a341f24989775c4a441c7
SHA512 53103529388a217439a525159cf2aa1d475dcb42127ed1d5648a4a61eadda0c03900505935fb39de6de319a901fdcc99898b2471c9525efe3305b369476ce69e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a51ef587dc6dd4bd_0

MD5 d2d878c7f0f286db2183a3ccd2e49e00
SHA1 901f641b695c45e05088cdcf734f156b5d4c2d5b
SHA256 4449df0c768e6b2e96c5b2a7d34aaacb890f6d89b72f2c4ca84ebf1b90e23d72
SHA512 4402bb59182b96994f6aab2452c02c98ced669670c785578ac9794bed3a082620cff84718d2ae98976a08f2324d8597183368975a26626ee8a6f5044de159a08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

MD5 dbd8d2a9a117263e4c57e0410f8e2fc8
SHA1 299ea4da9cb4e7a8f4dd8cb0b2f3c25d720979fc
SHA256 ada4ba5ae98c79907c82c850b91eb305c9d360adfa865f8805e01ecb7ebdcef3
SHA512 94425dc78aa0af0a24e19a1b68d23b6e932740899bc266e24aab199045b9a52be3b404ffb65e5fab3122b897aa2733ce5cac97f1fd0cecee7f580df3d8931640

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\670de91577f7723d_0

MD5 e95d580dda9985468b14e8c54984243b
SHA1 58a4964393b65f0f5cde1c31ccaeae19bb505a73
SHA256 659926eb724f788acdec73003f42658a5b37250971747e7c0d85137be59b78e3
SHA512 2d5d6f07965f1608121aa1d24b6587cd3fbef2852f2a62131878362f104d6a2c3cfa8ae515265dfeb03567d8602a903199d7d18bd5f31ab58e261fb06f001d3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

MD5 1ddeb9aad8e3e8d479b77116a617f16d
SHA1 5e39a6def6fa904bc092e69f23c39ff6482a658d
SHA256 e05f91293d4a3b39e56d4c705d4ca35c0845e533dfd933d80ec3e38070eb56c3
SHA512 4568e094d0baa12fbd1f21527dcbd20a2c67209e8ec09be93e3d43e4c6fd331e7984889d9fcf31bfe9427186c58c10d9a0c3f89c73a96872f3e24f6271700497

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

MD5 631b96f05a2e48588be784931d2f7bad
SHA1 9c04c16fef7dfef4a6b71ab17fa8083a454f2496
SHA256 de5af6f2b49dc9f8f92ea5d392be145d5ea3455bbba68b82fa21322a04a4eff5
SHA512 20fea107334af110456cd54c2828b7c0856c14b602a35417d8f6178152376b6f79d15c703cfc3ffe1a7f120f2a7e5be70f7107eb3d07ba0c5705ee0ef8b66382

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54621936eea23565_0

MD5 9c495dc7ed62cc6d2c0d482dc1819d0b
SHA1 11028ee6df34058086eba1434ee81db8f526bcb3
SHA256 6ff46fbcc9c888b2c1b4a3ea72580a5a80dec337b03f8d83837d69d432c5ee28
SHA512 801816913b679b1bc97751b7de9466b550b3d147ee1961563dd567a505e0bb1eb1dbd6d82203ea917e71eb196f6dd213195899e30ed8768a7d68900964e88509

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\feadcc6fa014c0d1_0

MD5 cc54112b77559e5fa7fdade018bc687d
SHA1 25cc4e55e287a5a61099aabdb53d7370b66ebae0
SHA256 18149b070ebebf9fa51525d707d688ac691602bc487929a30b31d9b0d73d0e24
SHA512 f2f566a353c92fd8f185aa320455967e907c9c28b3687b881f81ee1ac0f64b670fe5f333f4af2ab91e6df83f6af0153cae78c67fc7b5b3168e23ff2831a3b846

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daca09b4eb185a45_0

MD5 ba371ca059102805f1005d284e9f63fb
SHA1 46af60c88a9678c2e8c5d6fe18b8af36b9f4c3a2
SHA256 a9a324bdd54a3cf801f733a21cd5f2881a7db959db7f15bb18cf015065ac4faa
SHA512 a06465bda50fb137fc3324e6b1dd06cedce824dbaf1ca2ea4aea25257a119948c0b8339b4c112d8a2aa521f0d069444264e414bb6e6ddc242b2feea88904122b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

MD5 6de76b9ee524bce9fc2982d789d7fa8a
SHA1 0930702c5a142c9bbfe5082aa2f8560b747248c6
SHA256 c40ffef77256ff9f2d4f0d828fd03bedc7fa8c86e876bd8cc5eab1c32d225eea
SHA512 4b959b09f1f79c0e06540fd5124ebdcfa6f9078e9940fd6d30226465a8c15cfd1fad44d8ded94e5cfbf2769e04a1c1eeb653aebbebb15497c0f7e87dbe18e287

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\97e5761b2a976f35_0

MD5 518c7bc4802e450be1bdec5f610f3730
SHA1 e9551deac1ec41ffcd60d3e529419f48d000fca5
SHA256 3dee35c96662183fb88b5b84cf2baae51563af76378f6c0aa3065003a2b3c1e4
SHA512 bc979ae627c0005a945a5c191ab8a54e891de449a85a269a53bd9d309d22164f426dc2576b818c3beca2d06a55bf25e3b976b2cbe915f54954c86d1aee4f9e1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\829b7ed45ddcd4e2_0

MD5 4d05185169b2f93dbf48fb6d42677e8b
SHA1 8584b06de098415bdb3141374eb1bab46bd8fd71
SHA256 ab2dfbd6b7340ca52af0a3328f6f7fb16cf148154a8146421c7edda0245aa18a
SHA512 93bef16e28312af15a8fa00888d0f2202a4d25f4e8769b5ae480853170266d0cc536e93489977ad826949597a26d519a3ccc0796fd5cf29e79ed60675e010426

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4d302df469838c48_0

MD5 96579356ebe7f5bc18e99e531b3c95b2
SHA1 7c9947f19bfcd20c2a21288bfe184db5d2b7c448
SHA256 ee716045c981b88d39729b8c895b8d4d907bf69b358dd60c572a97582aac91a3
SHA512 672a52cd9e32ce7ba91e9a8abb00632e36bf53c7990286ac6dda0555e4ff68e8a1850c5f6723b8f5a6e061f655209246f91e602a3eb32dfe1081dc5dad0cd792

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

MD5 49d7c94679cabc3a4da40dcda3e94aa0
SHA1 35f4d6f4ab632f86166b56f339c73d64ec311e2d
SHA256 0b17a4f23fbc65dec9b278b4d8e496d5a338e0242764cc63975848afffd9cbab
SHA512 aee5fb345fd865a40394b8c0d73d6e74a5f4da5d0569301369cf72dcdad5b413ae8b2b6eb27c22196e913bffabffc0a03b0cd3d53588c9b016865f25be85cef5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0

MD5 8a5e51e6f807b65191d9c28a05345a1c
SHA1 ef8be7a9b6122b7e303395800f2556f1ffa93c63
SHA256 ef88059306c140e6f00fca629d33a7f8083434bf568c5c2777a35c3fd8ed84f1
SHA512 558290648eac6fb1372e9376fab74eb81652274369836998b3cc670a8c28e31a9005ad1767a92f346438befb16d41be111fb8852e37370fbb777db9771df34f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20c296787a3f88_0

MD5 f60936f867699561eaac7a3c2cc6e08a
SHA1 b58a90389f39064921ffd0bf27a50abf22f16b23
SHA256 0cc132a6865f37de24f3224214cd1ba969d74f38ac86f832fda6315352e8e11c
SHA512 ddb7e4ab7afc4d714b878ac746596010460e7fd54da867f1f7c936f9337c569d0429b54c2572ae726b4f2599c27b126f55508e1cecb750e21952f4862584bdb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9c0109f54c03223c_0

MD5 245b6c0341be6308367224aeb7e0e3ea
SHA1 e04081b899f599cf848e0b06bb7d59d455140b9c
SHA256 182f7db4120b23953db912746f9cc0e3fdbc290854ec555a2e2bf9717b8fb7a4
SHA512 b9b63d49071fd51f98f5204ebedf52297b45065c155a7e24319242c44ca3bf33417879191508dbfcb94a53ffdfaacd214fa0fa51dae07210406ec9da4e6771cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\69f7f4dafa543dd2_0

MD5 e8be2eac128f05bdb418b37c06f9e2ca
SHA1 500041810bd07642b96bff202d93e5bd4f507184
SHA256 413ce8741c403f320caf1d0edacb4d5260b3494b18e3838da1c0917b5d985864
SHA512 da689041a0db1057036ba21f2ff28a92e81b196a2db5261e186731e2ccb6c2fbda3b6ee5af3cec36d2627dcd9adf27d8c3bc256c97e90aa29ce9167f3d2d5652

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7c8625170d3c391_0

MD5 3909362933f0395df935ad5b418cf060
SHA1 21edd048583d73f9bb036ffaf430b75d10c71d1d
SHA256 871bbf02d585bdf9fceadad19f612c076a759ceff1f7eec70634e7245620886e
SHA512 fd57ff3084e60f1d715417905791089007071f060866c561067b5a41fea08791565c57f42e82c9f74a53540afe959f41483f2e1a220aed523a7587337ef04629

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae8d0b05a4b538df_0

MD5 5bf5b70cd48e6809c1681d31f21b82e8
SHA1 f61d689eb6cd222b67bda9b0b964a9d23d89fb40
SHA256 2a7b9e9317edf83ceff407ad60fcf308dba6aad7d8bdd5ebd1a9cdcb99bd83b8
SHA512 0ad58aca83e3a7799e374ff722090395e3de647c3623e74bda6b629e401e08fd6c1792735e53221de894f1c7e8f9474f87f15c3e66caab5acb7da6fb811d2a12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

MD5 fdf6bd0debd0b6bf2ad3676286a63250
SHA1 ebda0a8db46fbab4893414e9eceb1d8beed9a7a1
SHA256 81803534c457b649dc00e4e18d0864c5e40a553181bf674529d7a84804372ef3
SHA512 820d3a096c4c08bd498ec40cc331c4c93a9ebdd0c8b3f61cfbf42e208d7f349e070cddeb575b45ad1627a36b83f2e22e61b3485e1cf2fb1bd393777dcbebd1c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b2f11f3f15a5775_0

MD5 dc4eb0360e25fc000036f2608fc395db
SHA1 a2709101e46debb1edff633b5b5852f4dd7c8259
SHA256 89b36d9b696e2a52d16c9aa47b76f84cefd15e9da6f3d49982c485e247ada850
SHA512 f7b6bbef820569166656de8443edbb1ef45cf552e6d55baffd8b65dad421f364e53e9fe1dbf8e82412d287b2987f7f7308ec25667fa45825a5ff4f994d50fe68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3557d97bacb52931_0

MD5 fa2678a5d95225c891c5501f8f91bef3
SHA1 a644467ce7bc49f2757cb0a88a6fba3b3e891b04
SHA256 7bcfdd0810dcf579400500623c6a9a8f52ae761d396d315895f456bf0a8a3beb
SHA512 da0f462a5befb0af1ed520f017d107942b05b828b30d1d61946ca00a4b3af33aa12712a57e0c86ac44b395722f8feb4d1d42a15d132fe5502ab92786dd1951ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

MD5 9531afc3fa11cc5fc31ead6230ca2eec
SHA1 ebe2bccdf66af47231a39b59945db0a87f2f5848
SHA256 dbf3d59763d8c15938ce86b79e0d6e8f9f33587e33ccd4f7dbb39a2a5ed628d9
SHA512 486e38dcb9de5588170cc9490d1397b073cd4cf3cbf919dae6cd166e721fbde82936220ed94ee41a1468c4848b5c6b233cb5a44492473c8aa1c9876d8f9f2844

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

MD5 a6694414e2eb1bad850b757946919021
SHA1 649dd663881ba9dc6a4e857dbb6608dea01ee0d2
SHA256 f37ea0d5dbde67fd3d9a3f686e0662d73efff485a7e773d587af1184d473b66c
SHA512 36236ab6dbc77e346d6f218b892385895ad72ba17a5573a82242db88101a81bf3bbaa081874a7ecdbeba4c3bbee16e72e672ade340941a67c422667e92bce69a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

MD5 e80aef0483a30689df6f4cfb3075a9a0
SHA1 440e003db2739359d959c6618334a6d26c3e90b2
SHA256 ad771786b385c43c17c81ba27be4b395b82a9a4ce1a44e53a7392b88c04ec8b8
SHA512 0417dd09943245152b95ebd8790bffeb9871a1c60563947b1c0143c77dec5fc3aae423e6cb4b5f2876ecab9db3efa3671a2c0abe88f942266afc3a7057f7631e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

MD5 8c6d0384dc409069893d23ac875c0020
SHA1 fb63ff7836bab08a69fe13eb6323ba349ea21e40
SHA256 4466aaa40ad7f8aef48374b8ab1e330e9643fc0ad89e5dca778b3b542f11c362
SHA512 fd08d51db42b86dc9dcba78e394293cd0a93e6fbc5bcd4e924e6c6e63d047cc2dc7c02be7d3850a63707bbfea90a13d43d05fdee73b4fabc5ad84caf823993f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0

MD5 c28e9197c05c624510e4e2b582dcde9d
SHA1 dd1a756d6d75989187be8426f0487f923883d3e5
SHA256 ca0840d2ffc39fe19b4ea1fa14e4b15cc80f3a0e53dcd9c0d5036a9c57b71753
SHA512 5254444208b79326a677b680b5e39d0808d76903af26dac6cbb0a2095ec7ae89313f814b6c13b5ebe63f10f20fa0514891199700b9fe9b35c302cc0bdf0d6a2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8f6640eef188435_0

MD5 d5df975f5b7d9e1f9e9249e43227efb5
SHA1 299c5833df63717e068151c08a5bb8e42d938dde
SHA256 acf3f5c7e2972ab5cf73e6fb84d3804a336e56154a9c1d2b83249cca3e6885e0
SHA512 0e7d2c84a36f74bdd1e0263bbd3a8b4e3a93e3d82896c76d319a7e9666a099deb5306720e4752aa42e13899561babfb86c481ab36b19088cb3c67ffbe452b51c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\120ab24e8b469464_0

MD5 24e47e17b805fb77fd7daa453dd471cc
SHA1 549fe09cfae765b730667f1e895d6defb7c39bb7
SHA256 9c33217675d7bff4a44589268fece38051b6e56fc06fa39753ba48f29f4aa253
SHA512 f6ca4f58f5aaf8518caff07a838e4b521433f2347eaa3697adc95a6121e930b7103dc95e744d14f0b6a8411119e8f83f7d6b9fc2bb8ae437c86b34ea659b9256

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6537dab24e365f9_0

MD5 7672993382b79de26619e38d0347beb2
SHA1 9465f6ee5ade827e6f5f0380e43af7e7eddcd652
SHA256 d13e897ac7ea7059ad47058482d43af813cecc9081d21a503364873778797f19
SHA512 7a64675b6eb748fd01741de9ba4a4d496b0451f39a123190e79a976b9d84fddcf3f32c4f7a1b3105d9884eea88f987af9b2404a7109e1846e010e828068e29f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2c2867a2f63ff615_0

MD5 0edb73730021c33b3bf6b795ca8296b1
SHA1 30b34f415c37a5354003d0d41e4f2eb12f6113e6
SHA256 7457cf35273f5b19e184d9f927b60e9090f00a3b9a5206edea81e03811ef1d37
SHA512 17a35cea5d26f25885f67201faa79d2051d3c3d43f357bf5fd863eb20b9311b2b2c44905f8e69d74bcda49c5ae3aa069fb79d6123b8dee9b086cebb09177d87b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

MD5 2c148d3a8dc922915505185778999d9d
SHA1 b81d2ff9d618673c342fbc76ca04c4fa21384f8a
SHA256 3394de443c4beb24515119457ebffc700b2275978531ac0e14494e98b25d164b
SHA512 864584de672e961b26b8df9eabf93ed9a5698a6789cddf99f9130e74293b10b0d2c338b90d296774ee769d84b3e6ef111484ed08bfdc798cd04d68721a6f60f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

MD5 245650441d3b83c21d47a233d56942e8
SHA1 010be25af4197173a80f2fda475843c363698a00
SHA256 d5e23e59a0547dae279a6d34ecd56d4eb34b0e50548431f1308ecfed702067b9
SHA512 1fb2797d7f4ae65b8b5daaf99b35476eacf41be33d0256b76270cab0c26de6759a5926f3510d43b185ee45debe4cdd1a6343ba9b1231ceba4e35b0aa801c8d06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

MD5 0449bf21fc35408dbc9215b6f86e6d6d
SHA1 7bef1daa22744d21c2cf64fe96ec765338823783
SHA256 b59a8cced36983a22ddb95f9afa91ba3aa64ab4d6ebc76f349b3f1bd0e5fbf05
SHA512 a065b822ea4630d21766818bbedc77c7bd6d5f6e48aa11beaf15736630ec40ca62a47c27bbba77136a6edec4cd4fa8c992e6e9bb2ab5582b1ef86fea3f63eb48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f32ce3920ab46ce3f4843c0b4ba64ef5
SHA1 ca7c132b4b0f16149d43a1c8d02e6de6b4c5f87b
SHA256 013cf49e27773da54e0f37512f493f64356428816957fb77c2c19981fd95aa0e
SHA512 534cc6c0ddbcfc62473c6874c8b5cc2d77d5cd71a45bf78814bea88ba6f107e0fff7c32f52ac4b0522b3166e8f48b5cbac40155b37b487f57d9dd0c2254503f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c531fc6aa4a27d5ab3055b9a2a92b9d9
SHA1 1c6f9db4fb3ab7f028aea25596da97930d504597
SHA256 6fee9b73bbb352adb6c727d357bca2b28cef6207f143be8b233b5643038129f5
SHA512 6475ea643f28cf6d6dbce1bce63d372cec2dde160cbd81d49ae1b065541a03e5c33cdefbd94ee174ff0076a231819a53c3d4e009d7a88bbba1a291215f4f76f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b06fc39dec6b420226b67a5c335b6cb6
SHA1 23a37b3d421e7a64d2e431fcff348dc3584a7b7d
SHA256 7a970955ebfd370a3cc38bf611f3091b2890420b1c6e275937f519d41e77fdd6
SHA512 f27a72cc624b15fe84af2124d41e03612c396181dc0c7c4c260fd249f8913e8cec75fae7845c1e9f81fe4589e729c2d8b040c7670fca3d3f8f7f9295ebc550f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

MD5 40ccc99fc2ca25af10f8514872bd88ed
SHA1 6a4682fc99ec9791adf8c8172e2dd38c8fce6c46
SHA256 1993b875502d4e31fbfb67d376a450185c52e7d39398d79fa4a2fe97a0fc1c31
SHA512 11f6686bfb17251d09d24efb2fa92b362a1902c11bb1c39ddb49f823baa5911431b38f0fe8ceb2603cc96fc0f3af81097590dd5ed640dcefb5ae797f15c3c445

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

MD5 bbb9e0c865d8c591029539ca711a94f9
SHA1 de86cf82130d0293e29282abf652a8fd4a335075
SHA256 5eef6679524ed0161266302bfbf918acf868a68372d4e65741f8df19e577e82f
SHA512 04eb7d4b1595cfc0d6e61fcf21763622a360e85e7e3f0f32a4ebb9e9f99a7597e793a9b1509dd9d7235f21d89266e089800542db7bcf3bcf95f7f56872315852

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

MD5 ec60ad3cc00969da66d10d6e210b9637
SHA1 875f0f52d8a93c9ecfc84823347fdb4825da4c0e
SHA256 82d90bc9a3df3e7b6c05f6bb3b57ee100e23061760f0f8034ab907640126dcfe
SHA512 dc2b78aebd325a84aa3cc4bd6c079562d393faf4b123ce6dacc67b358a6c203af282ace78594702242943bc5edd04d3f03096f61028733e11833ec74f1d380ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0

MD5 1cac648e3817b3eec5ccd76e4e458ee1
SHA1 aa66e2cd6ce2ed11485341c185d5a9aef1746cd1
SHA256 823051e95f8172841e2b08f2c1ed23f46482874c5490a54dea28381ae4b49a0d
SHA512 4cf57c4026a4b5b4108235c99722a5f8248560e2f4f946af2ddf4e8732d1cc021d8875cd90f4d3ce17c48f0866a4acd360065830384f1de2727aa2445e411652

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

MD5 9a7f665cddcebc71fa49378a282dbf12
SHA1 efec6f29bacbfc74f63020c206ea2b36cf130376
SHA256 bd6528899d10591dad39aa2bd1c6691e6012cae9f1fce7a2e86deac6a24e81ea
SHA512 e663ac446deaf8111b10299f87d983b8d1fb04124fe7b7f5823938f920c1eeffb80d671e3cb7b84df9e147f1e84a5a1f7fe2cb2c17701905cb5ccd23d4cd4f90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c807b8e9088e4030_0

MD5 ce44fb3614f7d36a06a864e42ed290ce
SHA1 7aacde88e59e231649a78d86334b43acc88083c9
SHA256 693a2c594482af8ed92440569a83f814e3a6aeb8b33b026993e67de07c06db6e
SHA512 adc86f36b58e269c4afbe3d53fbea4c6cd04835da97446fb5a80ba435a165563158e6a833f932ee50ee142d37c013fa74bf4096c32b451992d76cbcab0cf935f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8b65cb26998de8ee_0

MD5 c14e328196ac593b0f68febdf7110719
SHA1 33c4b9715ec6f31e9604d038f159165e4db182c1
SHA256 fc198091ba110605aee883c8c5b8c855f272197eff38c443f47ae24dd4dcb7e7
SHA512 c6b0fac184cbce665759ce0b601c14a15b4a3e5c595a48cf25c2cd535ae398e8f74fde269808594e2785fcd31046be4d7a029a256f7995fc9b4305363fc0f1c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec6302983d060d61_0

MD5 411875af7de1877b24047b5746e91746
SHA1 4424b7985a5eb59e5a987b6efcd52c135d43b0e0
SHA256 c9d45863f78d8a4a5679fe12fa3c85207310cb635c5081d624c1e3e3093d778e
SHA512 6b7c9587cd9389bb36b8362d029eabd6375bf7c95586dee0baedd930cf73266ea7490e8ef4c3cfb713d7072a85385f1ac5999b36ef8c89032248e70996f47035

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d1d5771f5974fe10_0

MD5 921b5f514660928ad15ed07c691a36eb
SHA1 9e8f347f98990130e586aea0f1350394109a9ec1
SHA256 b3c22af21e8c5b85297b9904a1117b486202c6b2ff5263344ae349ebe6ae6a36
SHA512 fa3784980c107cd682661ebd68dbc54dc8c9d2d55a4acaf27b6a7d9b5bde547ef852dc1bd3fcbd4f9d5ee84f2ebf28f1312b21bd4a39644f351994618aebcb3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d47285f80fa7ccc_0

MD5 ea8011c5710e546c3656fd9d499de657
SHA1 3f9c6d1af6beeaecdec5f1d00f750f3d885a77bc
SHA256 8006ca1c4e22f6d320f0fe97fabea5bbeda1b9f1f59a6f67e18c25f93a7e6f26
SHA512 760951e71c1455ba1590c2420658f9204b8456e3704e3dbe43a219f72cef59bc1b537c36d13bbe43542b843649f9f05d3f28bf4224dba9a06b2795e3062c39d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e43ac1661eccf45cd8ca351fa2d0d5da
SHA1 6992535fa460d7f401ad95cb5bb10eff9f087490
SHA256 5d28ea872d074f2e325d9db54a1f91a189c95bb88f1013d81da71fb70628a0c5
SHA512 11aaf91dc5f298403cb3927f9c449d7a1c59faa7e20386d6a9b2fbb2a041b9a738bfd4a45e6d81ea5aee4694df0996809ffd02e81fe11a9186387dcec37041b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 34e376f979592bbefe0f1c5a18d33ac4
SHA1 03f103a22353d302bbdf9941008aba105fc8bdde
SHA256 241be6be3d9d486a83af792e101da89f625833e19fa4b486a52fba343fc6b5de
SHA512 527e7418e2d1d54eaf26bc87eda44b30d6c125128c12ba6a1150ba1511fcb4ecfc7d35bb71f0001c32bb7eae7fd0151815fcbe1bb2f209025a499aa94414b2f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 75489eeb95265a42f57c7efabda2613f
SHA1 fd4da651c5ea58aeb7112f889767c63e48edf4ce
SHA256 ccafbc0039413dbe349062757d417736d87660244b62775216a359537c057559
SHA512 37483a271c5b5d03578c38fb5c4dce4c5aea8ac2f015a06d4abb7232e32196be0e43703660315ea92ea93b639b52a8bc86b7042ed96e441f74c97ab1a3dabbc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 129eb21819f5cdd77df51da67796ac65
SHA1 8267441818efb35b064b1c795dbc2f64ee0f4ebd
SHA256 0270832bbef459918662447b60b4ea46252eb609d22b0382df5ee6c6402ab102
SHA512 845545fcc1d5fefa81731d388e1ba32584116d53f58c6e979c13eec2e51a0f8fa75e5a8981bd5c3f01c180dbcfb773fea4a48bdd52d9dbae9d8c54df888dc055

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cbe93f5f03c7350986f43b3af6c7bf24
SHA1 6e3cb370d085bd2d7cda1b414adb3f6adbf07919
SHA256 656332d2c5428b3eb716507804288240dce911043e7fcd1d7aa04e124b5a6878
SHA512 55a56f642d9155e8eb3e92514c3b79f059d6d046785f829a8061d0f7803a4dec37464db28778d49dc6cd5a04e679e34b21ad6e4de853bf0af8839bd4d97d7646

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 672efb74d4ce05f10273b6c9bbca77e5
SHA1 4fdeb392cc5c454cf9bfc976d38830d04bc1b8c5
SHA256 1c9d26c43be95c552efc1b688af79559de54fa1e12106db51f1f9d39215a035a
SHA512 055668d73f4fed0dbab13e6ae6bd74897f411b2e2620b6f54d84826169f1ed29543a267f93caaf61073bf925d416fc8e4ff0928da0ddf70abfebad5a8225c178

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 213c9f4a141cf9538b0322337b8b4a3f
SHA1 7a87efeb31a5e63e9673196d61c302e0a64b7362
SHA256 57508633490a9ae0b0e06fc099d0555cfe87a7ac4a54854ad9af7601fadbcca5
SHA512 f0d96ae6e5700af23fd2dae35eeee739e566d183a3342a6453a9f53afbf88719b9d18351ec5b8f1f69b69912f446791e872974ab68a83d48d9a7dac2deb9634e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7784d1c4dba96d0f9ccc6741a82d28c1
SHA1 6a76975a70a1a4e99dd53a25789e4cccfec8afed
SHA256 67bea83c0325f714a5521d29a07646b7daf41f1b90fee089793d32b8bb59a9d4
SHA512 f3c0d6766572702832d16e8c607ca380e053715bc7ab4e7842b90ccd44a479fe3e812426ec0e951d6911cee57c458d01d02977b187f0470bd8868a604dc8fd1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ebb24587-0a55-4efe-a004-7da4e81dc1de.tmp

MD5 9e9f878fb3c4c4ebedf9534531bcaf15
SHA1 4fb39c67becaca73c7b8a94dcbf2aeb7c27c57b2
SHA256 f7d632724d12e55ab393ce903e6ca6a89d43d570128498594e5d127c06297a1d
SHA512 67f073dbeeafa535a4c0258a8507212a3d553fbfd6034f42467aaa83c9e0286c1a783e36858ffe021d4efb5aa732abd6c12c13054b87b97d3f77809e866a16e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5789ad4c0f76fd8d6c51cb3601fe1d6d
SHA1 7c03cd4e83cfb839a853c41b87539bdd1fd6a91c
SHA256 eb389e12b801700421fdcaebb220c42c573a890be1bf98ecd2b48ab6a02c5de3
SHA512 dd78e8e9840d7208d5ce2be3f75178f435715492d776c157f262e1d02e44d432b00d9df6badf1038ccdf438a73b2aec259fedb8a9fb3654dce6147b80ef2ec47

memory/4392-1930-0x0000000000400000-0x000000000044F000-memory.dmp

memory/4392-1931-0x0000000000400000-0x000000000044F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\decoder.dll

MD5 3531cf7755b16d38d5e9e3c43280e7d2
SHA1 19981b17ae35b6e9a0007551e69d3e50aa1afffe
SHA256 76133e832c15aa5cbc49fb3ba09e0b8dd467c307688be2c9e85e79d3bf62c089
SHA512 7b053ba2cf92ef2431b98b2a06bd56340dad94de36d11e326a80cd61b9acb378ac644ac407cf970f4ef8333b8d3fb4ff40b18bb41ec5aee49d79a6a2adcf28fd

C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\0A01606\Error file remover.msi

MD5 27bc9540828c59e1ca1997cf04f6c467
SHA1 bfa6d1ce9d4df8beba2bedf59f86a698de0215f3
SHA256 05c18698c3dc3b2709afd3355ad5b91a60b2121a52e5fcc474e4e47fb8e95e2a
SHA512 a3ae822116cddb52d859de7ffc958541bb47c355a835c5129aade9cc0e5fba3ff25387061deb5b55b5694a535f09fe8669485282eb6e7c818cc7092eb3392848

C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\{C16A621F-B762-414B-999F-94D9DC8BC6E4}.session

MD5 4c12b4016836fbdc338a29222b7a8e6d
SHA1 e33430288609d1ef6d2b17bfb92496486d9b01ac
SHA256 a1654e1d99ebbce0dabb2eb55661018c6a7f7cf5b2a21d1ca1813cbebcd4eb09
SHA512 a167c87675fff2677e554d185ddf4bd4640a330ff9d102cb73981353c7362dccf9e6640cdefb996b8102df465ddf7e3f6fe9496a705c5c618d04750e5e42135f

C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\{C16A621F-B762-414B-999F-94D9DC8BC6E4}.session

MD5 55b694f26962d4913fc38aef68efd52c
SHA1 b343c251b8370688d6b89bb3a1a59b51950b3b00
SHA256 2ad1ec2607d33503e8c4201a090c091e46b260043f1e76ed560817b266d829e1
SHA512 b01df047c92987d81538b56af5a1a0b4a6ae36de665c035548294fe6184a8d146d66c9c69b6a06982d631a5e572de1ea731f94e9fa026a7314750e5d15fd06b0

C:\Windows\Installer\MSI32C2.tmp

MD5 d552dd4108b5665d306b4a8bd6083dde
SHA1 dae55ccba7adb6690b27fa9623eeeed7a57f8da1
SHA256 a0367875b68b1699d2647a748278ebce64d5be633598580977aa126a81cf57c5
SHA512 e5545a97014b5952e15bb321135f65c0e24414f8dd606fe454fd2d048d3f769b9318df7cfb2a6bf932eb2bf6d79811b93cb2008115deb0f0fa9db07f32a70969

C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\tracking.ini

MD5 093f66ebc17d7d8cec8ed733444e425e
SHA1 dd3305da50775a6c6b1524a1a5f33c114e17f671
SHA256 a948bf762ecba16ebf43a7f6b237342b10365958a1cf4c4d0bbc64770a457f30
SHA512 7a16d905d8b4bfc7f6f9a61c0865e29bdcabd6a90adb91bd3898d55d705c2d6f8c10d749105128bd520fae51c0177f5b763e2e56930e0d5846a8a2137efffc77

C:\Windows\Installer\MSI3301.tmp

MD5 4083cb0f45a747d8e8ab0d3e060616f2
SHA1 dcec8efa7a15fa432af2ea0445c4b346fef2a4d6
SHA256 252b7423b01ff81aea6fe7b40de91abf49f515e9c0c7b95aa982756889f8ac1a
SHA512 26f8949cad02334f9942fda8509579303b81b11bc052a962c5c31a7c6c54a1c96957f30ee241c2206d496d2c519d750d7f6a12b52afdb282fa706f9fee385133

C:\Config.Msi\e633159.rbs

MD5 4f372f2a5303b3f42c070236f4b904bd
SHA1 9313c7d22a27d1dbecfab7d2368a495ac0f2706d
SHA256 3bbf5e7b3d6b707246d3da6963a2885317ea30320482c876f3fea05a807d0a4d
SHA512 6ce65ad7d2842157238b70b90c804714ed0a21327c30992391ecbf10b7264c8e4f646d1b9691de7d9301d5b1ba1c15fd39754cad84b6979a9dbb472b2bf6cad3

C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\tracking.ini

MD5 93b0709bb8b669118dc95453b3702938
SHA1 90e9b3ae177e7fbd2b6c8ca1b176d97e51e0eb69
SHA256 d6d506098ec123c2d33677e44628e51fd6f347e3efc53b8ac8660a7412e3f25b
SHA512 ab86049075b025713319c6717089b3de86949bd5582380de30e5d905d97755afbeda42153251e9639344ea82a91d516913fb600abb7ba6b0003a4d51c295af72

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

memory/232-2231-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected]

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\@[email protected]

MD5 f97d2e6f8d820dbd3b66f21137de4f09
SHA1 596799b75b5d60aa9cd45646f68e9c0bd06df252
SHA256 0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a
SHA512 efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\u.wry

MD5 cf1416074cd7791ab80a18f9e7e219d9
SHA1 276d2ec82c518d887a8a3608e51c56fa28716ded
SHA256 78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df
SHA512 0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

memory/1116-2452-0x0000000010000000-0x0000000010012000-memory.dmp

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

MD5 9fd34b1806c196c5c1e630088bf15f1d
SHA1 ec24115e56197e6224b778dd425325ea137e04a0
SHA256 a16ac8825fe268fe1702811caf37b13fd3b5561adfeca01c295d11c746bf704a
SHA512 8a73cd452bba9f62430ac6689f7a4f69c6f3d8e7af5598ba37ed67b74556ea88004ae11a9bfa15b163d4820d35b48c1592c85c0ef83afa9a6c21bf9f81a863a5

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\!Please Read Me!.txt

MD5 afa18cf4aa2660392111763fb93a8c3d
SHA1 c219a3654a5f41ce535a09f2a188a464c3f5baf5
SHA256 227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0
SHA512 4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

C:\Recovery\WindowsRE\!WannaDecryptor!.exe.lnk

MD5 0c08f7a4b73dfe18417de852e870d8d3
SHA1 511536b9906af69543aef1bab57eb06f48184548
SHA256 9841125677ed8b2a85116cc62f16449114435f579ea850833d8fdc5092d1976c
SHA512 27f6240fef00a9a2b0a2f0e8159c2322810d71ee90796762361c218341b3bc9d50cd356e17539c76ea16b078b92758aa154c89b7a30ecae23b3e6520b4e86afd

C:\Users\Default\Desktop\@[email protected]

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\TaskData\Tor\tor.exe

MD5 fe7eb54691ad6e6af77f8a9a0b6de26d
SHA1 53912d33bec3375153b7e4e68b78d66dab62671a
SHA256 e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA512 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

memory/3312-5487-0x0000000073F80000-0x000000007419C000-memory.dmp

memory/3312-5490-0x0000000000210000-0x000000000050E000-memory.dmp

memory/3312-5489-0x00000000741A0000-0x00000000741C2000-memory.dmp

memory/3312-5488-0x00000000741D0000-0x0000000074252000-memory.dmp

memory/3312-5486-0x0000000074300000-0x0000000074382000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6cd453481a0580cf28f4e6989f5c4c8f
SHA1 8cb158f80673b285ab1021191c24a2438b599596
SHA256 716fa9659045d6cf4161e764973bbaf81c04f274cdf74b85bfdf6eb116c8c306
SHA512 88151f92d86d88935de4636ac16ebde3be019ab668d2d570dd9e35c6f4c21debe6b331716f3a332b0b918b5a19f6e553cfd4461f5b73783b253b69108deed26f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 58b43e11c280ae4c4657469cb75c735e
SHA1 c5867c7c0481829d964c9f383eed49692f6e0828
SHA256 1589e119bfd3e422574910b4bdff331fca939239684b84116ddc485cf95b664d
SHA512 b5ee7a66c85122bfb76ddc11bfcb51b801e341092cf13c0f9cbeecb733758fa3270b08e105af9181fc0c99e11ec635f0f7f68c3e5c2340448b521e5444b22e9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f38f5ff133f15dd10fdcdc48e5731be1
SHA1 68760817e6e44c945117e605be9184c0611a6327
SHA256 f80e2324e36c68acf41a94c60c5f7caa7676deb54ef7b55fb69aad401403d6e2
SHA512 d228df052ebfdff94273adb138b93405a861b88ec5d7895ac0ab999932bb2a97d7a654061ee10b1a882be484311d6a99c2b37b947e4038bac829ad2e5cc9477f

memory/3312-5522-0x0000000000210000-0x000000000050E000-memory.dmp

memory/3312-5528-0x0000000073F80000-0x000000007419C000-memory.dmp

memory/3312-5527-0x00000000741A0000-0x00000000741C2000-memory.dmp

memory/3312-5526-0x00000000741D0000-0x0000000074252000-memory.dmp

memory/3312-5525-0x0000000074260000-0x00000000742D7000-memory.dmp

memory/3312-5524-0x00000000742E0000-0x00000000742FC000-memory.dmp

memory/3312-5523-0x0000000074300000-0x0000000074382000-memory.dmp

memory/3312-5540-0x0000000000210000-0x000000000050E000-memory.dmp

memory/3312-5549-0x0000000000210000-0x000000000050E000-memory.dmp

memory/3312-5555-0x0000000073F80000-0x000000007419C000-memory.dmp

memory/3312-5559-0x0000000000210000-0x000000000050E000-memory.dmp

memory/3312-5565-0x0000000073F80000-0x000000007419C000-memory.dmp

memory/3312-5575-0x0000000000210000-0x000000000050E000-memory.dmp

memory/3312-5581-0x0000000073F80000-0x000000007419C000-memory.dmp

memory/3312-5586-0x0000000000210000-0x000000000050E000-memory.dmp