Analysis Overview
SHA256
0fda176b199295f72fafc3bc25cefa27fa44ed7712c3a24ca2409217e430436d
Threat Level: Known bad
The file [email protected] was found to be: Known bad.
Malicious Activity Summary
Modifies visibility of file extensions in Explorer
UAC bypass
Wannacry
Deletes shadow copies
Boot or Logon Autostart Execution: Active Setup
Drops startup file
Reads user/profile data of web browsers
Loads dropped DLL
Modifies file permissions
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Enumerates connected drives
Drops file in System32 directory
Sets desktop wallpaper using registry
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Checks processor information in registry
Uses Volume Shadow Copy service COM API
Suspicious use of SetWindowsHookEx
Suspicious behavior: AddClipboardFormatListener
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Modifies Internet Explorer settings
Modifies registry class
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy WMI provider
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Modifies registry key
Views/modifies file attributes
Checks SCSI registry key(s)
Enumerates system info in registry
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-08-12 05:55
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-12 05:55
Reported
2024-08-12 06:20
Platform
win11-20240802-en
Max time kernel
1500s
Max time network
1501s
Command Line
Signatures
Modifies visibility of file extensions in Explorer
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1" | C:\Windows\SysWOW64\reg.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Wannacry
Deletes shadow copies
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD376D.tmp | C:\Users\Admin\Downloads\WannaCrypt0r\[email protected] | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD3784.tmp | C:\Users\Admin\Downloads\WannaCrypt0r\[email protected] | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WqkQsYQo.exe = "C:\\ProgramData\\IGMUAIEw\\WqkQsYQo.exe" | C:\ProgramData\IGMUAIEw\WqkQsYQo.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\zthdngla894 = "\"C:\\Users\\Admin\\Downloads\\WannaCrypt0r\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Windows\CurrentVersion\Run\SEIwAsoo.exe = "C:\\Users\\Admin\\lUsEwwwY\\SEIwAsoo.exe" | C:\Users\Admin\Downloads\PolyRansom (1)\[email protected] | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WqkQsYQo.exe = "C:\\ProgramData\\IGMUAIEw\\WqkQsYQo.exe" | C:\Users\Admin\Downloads\PolyRansom (1)\[email protected] | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WqkQsYQo.exe = "C:\\ProgramData\\IGMUAIEw\\WqkQsYQo.exe" | C:\ProgramData\IGMUAIEw\WqkQsYQo.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Windows\CurrentVersion\Run\SEIwAsoo.exe = "C:\\Users\\Admin\\lUsEwwwY\\SEIwAsoo.exe" | C:\Users\Admin\lUsEwwwY\SEIwAsoo.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\WannaCrypt0r\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\NoMoreRansom.zip.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\IGMUAIEw\WqkQsYQo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\NoMoreRansom.zip.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\iexplore.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\System32\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\System32\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\System32\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "831731380" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\TypedURLs | C:\Windows\System32\Taskmgr.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31124701" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000\Software\Microsoft\Internet Explorer\BrowserEmulation | C:\Program Files\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679169867955296" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "14635" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "8" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\WorkFolders | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133670856963704520" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "7" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHost = 6801000088020000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1064" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupView = "4294967295" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Rev = "0" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "14635" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\PastIconsStream = 1400000005000000010001000400000014000000494c2006040058002c0010001000ffffffff2110ffffffffffffffff424d3600000000000000360000002800000010000000800500000100200000000000006001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000808080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00000000000000000000000000000000808080ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffffffff00000000000000000000000000000000808080ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffffffff00000000000000000000000000000000808080ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffffffff00000000000000000000000000000000808080ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffffffff00000000000000000000000000000000808080ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffffffff00000000000000000000000000000000808080ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffffffff00000000000000000000000000000000808080ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffc057ffffffffff00000000000000000000000000000000808080ff33333388333333883333338833333388333333883333338833333388333333883333338833333388ffffffff00000000000000000000000000000000808080ff00000054333333880000005433333388000000543333338800000054333333880000005433333388ffffffff00000000000000000000000000000000808080ff33333388333333883333338833333388333333883333338833333388333333883333338833333388ffffffff00000000000000000000000000000000808080ff00000054333333880000005433333388000000543333338800000054333333880000005433333388ffffffff00000000000000000000000000000000808080ff808080ff808080ff808080ff808080ff808080ff808080ff808080ff808080ff808080ff808080ffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002010004090600132017002d4734004c6b4d00729169009bb78400c3c18c00cf00000000030200070c09001a251b0035503a00557253007a433000478560008ecd9400dce3a300f2ecac00fdefad00ffefad00ffefad00ffefad00ffd99d00e7bb8800c8d69b00e4e8a800f7edab00feefad00ffefad00ff7253007aae7d00baefad00ffefad00ffefad00ffefad00ffefad00ffefad00ffefad00ffd99d00e7edab00feefad00ffefad00ffefad00ffefad00ffefad00ff7253007aae7d00baefad00ffefad00ffefad00ffefad00ffefad00ffefad00ffefad00ffd99d00e7edab00feefad00ffefad00ffefad00ffefad00ffefad00ff7253007aae7d00baefad00ffefad00ffefad00ffefad00ffefad00ffefad00ffefad00ffd99d00e7edab00feefad00ffefad00ffefad00ffefad00ffefad00ff7253007aaf7f00bbefad00ffefad00ffefad00ffefad00ffefad00ffefad00ffefad00ffd99d00e7edab00feefad00ffefad00ffefad00ffefad00ffefad00ff71520079af7f00bbefad00ffefad00ffefad00ffefad00ffefad00ffefad00ffefad00ffd99d00e7a27500aea17500ada17500ac9f7300aa9e7300a99d7100a74a36004f6b4d00728f6800998f6800998e6700988e6700988e6600978e6600978e660097805d00899d7200a89d7100a79c7100a69a6f00a4996f00a3986e00a24834004d6c4e00739169009b8e6700988d6600968b64009489620092876200908560008e7756007fedab00feefad00ffefad00ffefad00ffefad00ffefad00ff7353007bad7e00b9efad00ffefad00ffefad00ffefad00ffefad00ffefad00ffefad00ffd99d00e7edab00feefad00ffefad00ffefad00ffefad00ffefad00ff7353007bad7e00b9efad00ffefad00ffefad00ffefad00ffefad00ffefad00ffefad00ffd99d00e7edab00feefad00ffefad00ffefad00ffefad00ffefad00ff7253007aad7e00b9efad00ffefad00ffefad00ffefad00ffefad00ffefad00ffefad00ffd99d00e7edab00feefad00ffefad00ffefad00ffefad00ffefad00ff7253007aad7e00b9efad00ffefad00ffefad00ffefad00ffefad00ffefad00ffefad00ffd99d00e7bf8a00cdd99d00e7e7a700f8edab00feefad00ffefad00ff7253007aad7e00b9efad00ffefad00ffefad00ffefad00ffefad00ffefad00ffefad00ffd99d00e700000000040300090e0a001d35270039533c00597655007e443200498a640093d59900e3e8a800f7edab00feefad00ffefad00ffefad00ffefad00ffd99d00e70000000000000000000000000000000000000000000000000000000000000000030200070c09001a34250037543d005a7b590083a17500adc79000d4ce9600dd000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000ff00000060000000000000000000000020000000b0000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff000000ff00000060000000200000000000000020000000f00d0d0df09d9d9dffc8c8c8ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff000000603f3f3f66000000ff00000060000000900a0a0af0c0c0c0ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660e2e2e2ff474747eb000000d0000000e04c4c4cee999999ff939393eeb1b1b1f0e0e0e0ffe5e5e5ffe5e5e5ff8f8f8fff000000ff0000006056565660c8c8c8f7adadadf6858585ff000000ff000000ff737373ff999999ff999999ff999999ff999999ffa0a0a0e8868686ff000000ff000000606d6d6d88aaaaaaebb2b2b2ffb2b2b2ff7a7a7aff000000ff000000ff696969ff999999ff999999ff999999ff999999ff5f5f5fff000000ff0000006045454571b2b2b2ffb2b2b2ffb2b2b2ffa7a7a7ff1b1b1be8000000c0000000b0080808f08f8f8fff999999ff999999ff5f5f5fff000000ff00000060303030607f7f7fff7b7b7bf67e7e7ee2525252e20a0a0af0000000f00000003000000020000000f0101010eb5a5a5af6505050ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff676767ff000000ff000000b000000020000000000000000000000020000000b0000000ff000000ff00000060303030607f7f7fff7f7f7fff7f7f7fff777777ff080808f0000000d0000000000000000000000000000000000000000000000060000000ff00000060000000602c2c2ceb5f5f5fff5f5f5fff3f3f3fee080808f0000000f0000000300000000000000000000000000000000000000000000000a0000000600000000000000050000000b0000000f0000000ff000000f0000000a000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000424d3e000000000000003e0000002800000010000000800500000100010000000000001600000000000000000000000000000000000000000000ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000ffff0000c0030000c0030000c0030000c0030000c0030000c0030000c0030000c0030000c0030000c0030000c0030000c0030000c0030000ffff0000ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fe000000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff0000ffff0000fff90000fff10000800100000000000000000000000000000000000000000000000000000001000080070000c0070000c80f0000ffff0000ffff00000000000000000000000000000000000000000000000001000000080000000400000004000000340000000100000000000000010000000000000001000000000000000100000000000000 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\PolyRansom (1).zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\WannaCrypt0r.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\NoMoreRansom.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\PolyRansom.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\lUsEwwwY\SEIwAsoo.exe | N/A |
| N/A | N/A | C:\ProgramData\IGMUAIEw\WqkQsYQo.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected] | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Windows\System32\Taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffba6d3cb8,0x7fffba6d3cc8,0x7fffba6d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5688 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\WannaCrypt0r\[email protected]
"C:\Users\Admin\Downloads\WannaCrypt0r\[email protected]"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 7941723442243.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "zthdngla894" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCrypt0r\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "zthdngla894" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCrypt0r\tasksche.exe\"" /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5944 /prefetch:2
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\PolyRansom (1)\[email protected]
"C:\Users\Admin\Downloads\PolyRansom (1)\[email protected]"
C:\Users\Admin\lUsEwwwY\SEIwAsoo.exe
"C:\Users\Admin\lUsEwwwY\SEIwAsoo.exe"
C:\ProgramData\IGMUAIEw\WqkQsYQo.exe
"C:\ProgramData\IGMUAIEw\WqkQsYQo.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\Downloads\PolyRansom (1)\Endermanch@PolyRansom"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CWkAUYok.bat" "C:\Users\Admin\Downloads\PolyRansom (1)\[email protected]""
C:\Windows\SysWOW64\cscript.exe
cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Microsoft Office\root\Office16\Winword.exe
"C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\PolyRansom (1)\Endermanch@PolyRansom"
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" about:blank
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" about:blank
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" about:blank
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" about:blank
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" about:blank
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" about:blank
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
"C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe"
C:\Users\Admin\Downloads\NoMoreRansom.zip.exe
"C:\Users\Admin\Downloads\NoMoreRansom.zip.exe"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\PolyRansom.zip.exe
"C:\Users\Admin\Downloads\PolyRansom.zip.exe"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\Downloads\NoMoreRansom.zip.exe
"C:\Users\Admin\Downloads\NoMoreRansom.zip.exe"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\Downloads\NoMoreRansom.zip.exe
"C:\Users\Admin\Downloads\NoMoreRansom.zip.exe"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7068 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 /prefetch:8
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6356 /prefetch:8
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7240 /prefetch:8
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6836 /prefetch:8
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+buy+bitcoin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffba6d3cb8,0x7fffba6d3cc8,0x7fffba6d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" about:blank
C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" about:blank
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7584 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Windows\system32\launchtm.exe
launchtm.exe /2
C:\Windows\System32\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe" /2
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Windows\system32\launchtm.exe
launchtm.exe /2
C:\Windows\System32\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe" /2
C:\Windows\system32\launchtm.exe
launchtm.exe /2
C:\Windows\System32\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe" /2
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "USERNAME eq Admin" /F /IM WqkQsYQo.exe
C:\ProgramData\IGMUAIEw\WqkQsYQo.exe
"C:\ProgramData\IGMUAIEw\WqkQsYQo.exe"
C:\Windows\system32\launchtm.exe
launchtm.exe /2
C:\Windows\System32\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe" /2
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8052 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,18030887852518885146,15419295731870434671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4772 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Windows\system32\launchtm.exe
launchtm.exe /2
C:\Windows\System32\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe" /2
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffb553cc40,0x7fffb553cc4c,0x7fffb553cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1744,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1736 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2112 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2216 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3036,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3068 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3528,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3468 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4492,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4520 /prefetch:1
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4668,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4648 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4872,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4504 /prefetch:1
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4408,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3896,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5108,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4392 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4548,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4896 /prefetch:8
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4692,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4956 /prefetch:1
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3164,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3444 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3212,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3408 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3304,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:8
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5064,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4584 /prefetch:8
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3384,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4568 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1496,i,2635203611182406332,6896808381290662696,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5256 /prefetch:8
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
taskdl.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| GB | 95.101.143.202:443 | r.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 15.197.172.60:80 | malwatch.org | tcp |
| US | 15.197.172.60:80 | malwatch.org | tcp |
| US | 15.197.172.60:443 | malwatch.org | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| GB | 92.123.26.121:443 | img1.wsimg.com | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| NL | 142.250.179.142:443 | syndicatedsearch.goog | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| GB | 92.123.26.121:443 | img1.wsimg.com | tcp |
| US | 52.23.82.228:443 | api.aws.parking.godaddy.com | tcp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.179.250.142.in-addr.arpa | udp |
| GB | 18.244.155.107:443 | consent.truste.com | tcp |
| GB | 18.165.242.33:443 | consent.trustarc.com | tcp |
| GB | 18.165.242.33:443 | consent.trustarc.com | tcp |
| GB | 18.165.242.33:443 | consent.trustarc.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 172.67.168.207:443 | www.malwarewatch.org | tcp |
| US | 172.67.168.207:443 | www.malwarewatch.org | tcp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| US | 172.67.142.245:443 | use.fontawesome.com | tcp |
| NL | 142.250.179.174:443 | www.youtube.com | tcp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| NL | 142.250.179.174:443 | www.youtube.com | udp |
| NL | 172.217.168.214:443 | i.ytimg.com | udp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.170:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.250.179.170:443 | jnn-pa.googleapis.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | play.google.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:51857 | tcp | |
| FR | 5.39.92.199:443 | tcp | |
| SE | 171.25.193.9:80 | tcp | |
| RO | 176.126.252.11:9001 | tcp | |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| DE | 178.254.13.126:443 | tcp | |
| CA | 204.11.50.131:9001 | tcp | |
| AT | 86.59.21.38:443 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| FR | 163.172.138.22:443 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| NL | 194.109.206.212:443 | tcp | |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| RO | 185.100.85.61:443 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| NL | 172.217.23.206:80 | www.youtube.com | tcp |
| NL | 172.217.23.206:80 | www.youtube.com | tcp |
| FR | 52.109.68.129:443 | roaming.officeapps.live.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| SE | 178.16.208.58:443 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| SE | 178.16.208.58:443 | tcp | |
| US | 199.254.238.52:443 | tcp | |
| BO | 200.87.164.69:9999 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| NL | 172.217.23.206:80 | google.com | tcp |
| NL | 172.217.23.206:80 | google.com | tcp |
| DE | 131.188.40.189:443 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 92.123.142.185:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 185.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.142.120:443 | r.bing.com | tcp |
| GB | 92.123.142.120:443 | r.bing.com | tcp |
| GB | 92.123.142.72:443 | th.bing.com | tcp |
| GB | 92.123.142.72:443 | th.bing.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.67.219.177:443 | id-ransomware.malwarehunterteam.com | tcp |
| US | 172.67.219.177:443 | id-ransomware.malwarehunterteam.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 172.67.219.177:443 | id-ransomware.malwarehunterteam.com | tcp |
| SE | 178.16.208.57:443 | tcp | |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.16.25.14:443 | c5.patreon.com | tcp |
| GB | 95.101.28.56:443 | aefd.nelreports.net | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| GB | 95.101.28.56:443 | aefd.nelreports.net | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 92.123.142.121:443 | th.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 172.217.23.206:80 | google.com | tcp |
| NL | 172.217.23.206:80 | google.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.142.160:443 | r.bing.com | tcp |
| GB | 92.123.142.160:443 | r.bing.com | tcp |
| GB | 92.123.142.80:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 80.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| GB | 92.123.128.187:443 | tcp | |
| GB | 92.123.142.75:443 | r.bing.com | tcp |
| GB | 92.123.142.75:443 | r.bing.com | tcp |
| GB | 92.123.142.75:443 | r.bing.com | tcp |
| GB | 92.123.142.75:443 | r.bing.com | tcp |
| GB | 92.123.142.75:443 | r.bing.com | tcp |
| GB | 92.123.142.75:443 | r.bing.com | tcp |
| GB | 92.123.142.160:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| IE | 13.69.239.79:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 79.239.69.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.197.79.204.in-addr.arpa | udp |
| FR | 51.254.136.195:443 | tcp | |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.142.89:443 | r.bing.com | tcp |
| GB | 95.101.28.33:443 | aefd.nelreports.net | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| GB | 92.123.142.89:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| NL | 172.217.23.206:80 | google.com | tcp |
| NL | 172.217.23.206:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| NL | 172.217.23.206:80 | google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| GB | 92.123.142.120:443 | www.bing.com | tcp |
| GB | 92.123.142.120:443 | www.bing.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 172.217.23.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| NL | 172.217.168.195:443 | beacons3.gvt2.com | tcp |
| NL | 172.217.168.195:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | 195.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| US | 172.67.219.177:443 | id-ransomware.malwarehunterteam.com | tcp |
| US | 172.67.219.177:443 | id-ransomware.malwarehunterteam.com | tcp |
| US | 172.67.219.177:443 | id-ransomware.malwarehunterteam.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.16.24.14:443 | c5.patreon.com | tcp |
| US | 8.8.8.8:53 | 14.24.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | udp |
| US | 172.67.219.177:443 | id-ransomware.malwarehunterteam.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 172.217.23.206:80 | google.com | tcp |
| NL | 172.217.23.206:80 | google.com | tcp |
| US | 172.67.219.177:443 | id-ransomware.malwarehunterteam.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 154.35.175.225:443 | tcp |
Files
memory/2664-0-0x0000000000400000-0x00000000006BC000-memory.dmp
memory/2664-1-0x0000000000691000-0x0000000000692000-memory.dmp
memory/2664-2-0x0000000000400000-0x00000000006BC000-memory.dmp
memory/2664-3-0x0000000000400000-0x00000000006BC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b0177afa818e013394b36a04cb111278 |
| SHA1 | dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5 |
| SHA256 | ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d |
| SHA512 | d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db |
\??\pipe\LOCAL\crashpad_2020_OYLZMQSKIQDMZOMS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cf3fa8af57c3b422cbdf1eda83b3f5bf |
| SHA1 | 82cc53960fa985652f181f1b280032c5f91d0a76 |
| SHA256 | 61d63e302300904eea5ca60a240202b9a6ab06e9ac16c4057cee1edaca762993 |
| SHA512 | 1db4f8b67e343bdc64d56dfe217c78f97135592f23098e884ec82eb3ff6c3a47ba8f2e0f01a99f134cb940a79f6135d093944ce99441fd97ea6f8cfc8ab5798f |
memory/2664-54-0x0000000000691000-0x0000000000692000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 08ec76fe3248f8940835b760b9e0af4b |
| SHA1 | df869709fa15d5b3e393b456dc2bebfbef818459 |
| SHA256 | 43becf7f82f51ea867ea80699b9b914cabc9728c2b4d1fd2cfd5ab05a01b32a9 |
| SHA512 | b1bd6c0884a702a1f615b38e56cdd428dee7f217405bb07822702cfa687cd6b81a56304e89ea4adedb9fad4fd3b65452b6c979c2401705c477aca5ec813b53d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c0cbb44d539ad3fb70bfa6cd79ae0cdf |
| SHA1 | 42096e40081ebc968fe876e87af0bfefeb495156 |
| SHA256 | 7c356ca69a36005aeeaea973c201f9a35951805d5111ba860ad376dd31c5beef |
| SHA512 | 6f1eee92991961c8b9fb63f08e61b66b3ecdcbd520c1746a830696d18b3d3bd6e7222b8aff2ee3a57ba32ac0373bc0b72b9d9589518c539c238833b7874ab3a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1f31f6b56ae2714ce5a18cb2eb2bee89 |
| SHA1 | 3ee3fd57f2bc91a5e419b37579f224c91a4bb21c |
| SHA256 | cc2391d915f0b4b76030bd2a9e3f44778edf5bb9f9dc5967797a690ed4137a8b |
| SHA512 | 540ec9322da816eb3c3c2ba86bb1759cc59d880080c372ee6429f293dd82bd1d304a723fc6936bf029a5da72bb3f626b4b8eac55561f6cfd93b116ab18670c01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d99708cdbb5b09d5c0d0a5f8cccaa020 |
| SHA1 | 044d21b1994facad5145b8f8437ceb787c8cf427 |
| SHA256 | 3271c6810b55b16fb945ab222c2e09d86f12719455b8b8184417bc7817e1bee5 |
| SHA512 | 9d404e25d6b8c00ea84e541c890cf213758817b1e9d59f898fc7d52a4925ea7f601141457b392c3b77a379655482d4c63b0e5456ecb866057c93d156fac5ae37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5843ea.TMP
| MD5 | 5e33c14d78313b76fd3469eb04f10b40 |
| SHA1 | 23b59ff40ab174855064f8788698bc4a1ccdc1ba |
| SHA256 | b4b7941af0af14b39a938cf01575d968587725bbd7eed54f74f2770b3e112eea |
| SHA512 | 5935a76f3b1019ef98ddf60bbda04b8f4c6be048f0fc76bd3af798693f124bc906e77a7a85f57600a10fea84f102b9e3d8bcddaeac52e87af9eb72cb92cc041a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e459fa14bb9bc4f002d4ff2182c23369 |
| SHA1 | 49ccd37c4cb5a634afbfdba8e5c98a0bb1c825f0 |
| SHA256 | b05105c77cf5913407853c40d1025fde195e1b5c333bc64888844881d44f5f2d |
| SHA512 | 4f01bb7a209721b2085f22baff37649394a4d373a3bf3db066a82718652221435b514c47bed1010817f0a80a9f46131cfd208c05e80650b1756f0eb1c78f579f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a88e5a64686c909be0f05fd217ef7bc9 |
| SHA1 | c69b58771e7308b829ce47e1e33cc8881013fe5d |
| SHA256 | 4f48a4ee82021f5363d6423ac33bd85c787d093001bf0fc717a57bd1ef16e70b |
| SHA512 | cbe2385bc339bcbb0dcc8761526fdf7224523a355bb9087374a9993090abf394a233f4a0f1e074ce46dff3957cbafa7dd5c4728cd63152b948da0ec02f00cffa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bfdf11a4aa9533c748282824c4a6c308 |
| SHA1 | 66a54ccb94e55c4855c7398e421d313ccfb5f127 |
| SHA256 | ae598d9bc367d94c952dda71890325b453bcbb5fa9574c2c735280b56e3fcc30 |
| SHA512 | 2bde558b7f4949e4ba8b1454dcded49d2fa435c978765b36d7b93c8f91eccd0b09cf912a1ee0116ad36a01cc6571c0fe3f21d77d3b2368cd43442f5660623519 |
C:\Users\Admin\Downloads\WannaCrypt0r.zip
| MD5 | e58fdd8b0ce47bcb8ffd89f4499d186d |
| SHA1 | b7e2334ac6e1ad75e3744661bb590a2d1da98b03 |
| SHA256 | 283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a |
| SHA512 | 95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c |
C:\Users\Admin\Downloads\WannaCrypt0r.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d762358d1fab1ec3ce76f88d21848bd5 |
| SHA1 | 347c02d55e4c8997e878b026863ba21f94b224c3 |
| SHA256 | f35fd615741f09001706c8d71848d699e84703adc57a5eda1f1d17b57db3554c |
| SHA512 | 5e196476fa1d2305a84dbb2f52157a0fd2eb426af9bf79b90a9519de59dab405a1e7c5f1a2edb91138fc7e22c76f2072d813ae6eca11fd99dfc29b87b11e9821 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d5ee002c04b6876b0ef16e96f53be12e |
| SHA1 | c2754c8de6d93bc74507011adb74be8310e4bc5b |
| SHA256 | 9264c7f24704e482c32eab0157016fca6253566bf7a8d6a1e07b45e4a1dfe5e9 |
| SHA512 | 2ae05a73dc60d45a964144203d7224171aae1a61d608f3c6fb2ce7ed14b2e642ff2952721aa8e592518bc63711a159dbb9d18d493d9ced123452f2da20e1de33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 312e30e36294684a5a2349b3d56d9db9 |
| SHA1 | 02729d26cf205a1a5ee9bb1d198d783c6c61f1a8 |
| SHA256 | 7d69bc72e8986429757afc0eaa9c2df4ac2a3b093c3fd058720c4c1b798079f1 |
| SHA512 | 40ec54e1fc72225a1a71bea2457c9484e6cad5a0c2fb301d0195b18873a1d94f411b1dcd76f186ae70ce65969cd6cc6928021d784a6c26c44e336eecc6b8f100 |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/2312-614-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\Downloads\WannaCrypt0r\u.wnry
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Downloads\WannaCrypt0r\taskse.exe
| MD5 | 8495400f199ac77853c53b5a3f278f3e |
| SHA1 | be5d6279874da315e3080b06083757aad9b32c23 |
| SHA256 | 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d |
| SHA512 | 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4 |
C:\Users\Admin\Downloads\WannaCrypt0r\taskdl.exe
| MD5 | 4fef5e34143e646dbf9907c4374276f5 |
| SHA1 | 47a9ad4125b6bd7c55e4e7da251e23f089407b8f |
| SHA256 | 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79 |
| SHA512 | 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5 |
C:\Users\Admin\Downloads\WannaCrypt0r\t.wnry
| MD5 | 5dcaac857e695a65f5c3ef1441a73a8f |
| SHA1 | 7b10aaeee05e7a1efb43d9f837e9356ad55c07dd |
| SHA256 | 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6 |
| SHA512 | 06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2 |
C:\Users\Admin\Downloads\WannaCrypt0r\s.wnry
| MD5 | ad4c9de7c8c40813f200ba1c2fa33083 |
| SHA1 | d1af27518d455d432b62d73c6a1497d032f6120e |
| SHA256 | e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b |
| SHA512 | 115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617 |
C:\Users\Admin\Downloads\WannaCrypt0r\r.wnry
| MD5 | 3e0020fc529b1c2a061016dd2469ba96 |
| SHA1 | c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade |
| SHA256 | 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c |
| SHA512 | 5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_vietnamese.wnry
| MD5 | 8419be28a0dcec3f55823620922b00fa |
| SHA1 | 2e4791f9cdfca8abf345d606f313d22b36c46b92 |
| SHA256 | 1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8 |
| SHA512 | 8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386 |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_turkish.wnry
| MD5 | 531ba6b1a5460fc9446946f91cc8c94b |
| SHA1 | cc56978681bd546fd82d87926b5d9905c92a5803 |
| SHA256 | 6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415 |
| SHA512 | ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9 |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_swedish.wnry
| MD5 | c7a19984eb9f37198652eaf2fd1ee25c |
| SHA1 | 06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae |
| SHA256 | 146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4 |
| SHA512 | 43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020 |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_spanish.wnry
| MD5 | 8d61648d34cba8ae9d1e2a219019add1 |
| SHA1 | 2091e42fc17a0cc2f235650f7aad87abf8ba22c2 |
| SHA256 | 72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1 |
| SHA512 | 68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079 |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_slovak.wnry
| MD5 | c911aba4ab1da6c28cf86338ab2ab6cc |
| SHA1 | fee0fd58b8efe76077620d8abc7500dbfef7c5b0 |
| SHA256 | e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729 |
| SHA512 | 3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_russian.wnry
| MD5 | 452615db2336d60af7e2057481e4cab5 |
| SHA1 | 442e31f6556b3d7de6eb85fbac3d2957b7f5eac6 |
| SHA256 | 02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078 |
| SHA512 | 7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_romanian.wnry
| MD5 | 313e0ececd24f4fa1504118a11bc7986 |
| SHA1 | e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d |
| SHA256 | 70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1 |
| SHA512 | c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730 |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_portuguese.wnry
| MD5 | fa948f7d8dfb21ceddd6794f2d56b44f |
| SHA1 | ca915fbe020caa88dd776d89632d7866f660fc7a |
| SHA256 | bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66 |
| SHA512 | 0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_polish.wnry
| MD5 | e79d7f2833a9c2e2553c7fe04a1b63f4 |
| SHA1 | 3d9f56d2381b8fe16042aa7c4feb1b33f2baebff |
| SHA256 | 519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e |
| SHA512 | e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_norwegian.wnry
| MD5 | ff70cc7c00951084175d12128ce02399 |
| SHA1 | 75ad3b1ad4fb14813882d88e952208c648f1fd18 |
| SHA256 | cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a |
| SHA512 | f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19 |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_latvian.wnry
| MD5 | c33afb4ecc04ee1bcc6975bea49abe40 |
| SHA1 | fbea4f170507cde02b839527ef50b7ec74b4821f |
| SHA256 | a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536 |
| SHA512 | 0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44 |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_korean.wnry
| MD5 | 6735cb43fe44832b061eeb3f5956b099 |
| SHA1 | d636daf64d524f81367ea92fdafa3726c909bee1 |
| SHA256 | 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0 |
| SHA512 | 60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_japanese.wnry
| MD5 | b77e1221f7ecd0b5d696cb66cda1609e |
| SHA1 | 51eb7a254a33d05edf188ded653005dc82de8a46 |
| SHA256 | 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e |
| SHA512 | f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_italian.wnry
| MD5 | 30a200f78498990095b36f574b6e8690 |
| SHA1 | c4b1b3c087bd12b063e98bca464cd05f3f7b7882 |
| SHA256 | 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07 |
| SHA512 | c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511 |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_indonesian.wnry
| MD5 | 3788f91c694dfc48e12417ce93356b0f |
| SHA1 | eb3b87f7f654b604daf3484da9e02ca6c4ea98b7 |
| SHA256 | 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4 |
| SHA512 | b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_greek.wnry
| MD5 | fb4e8718fea95bb7479727fde80cb424 |
| SHA1 | 1088c7653cba385fe994e9ae34a6595898f20aeb |
| SHA256 | e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9 |
| SHA512 | 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_german.wnry
| MD5 | 3d59bbb5553fe03a89f817819540f469 |
| SHA1 | 26781d4b06ff704800b463d0f1fca3afd923a9fe |
| SHA256 | 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61 |
| SHA512 | 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_french.wnry
| MD5 | 4e57113a6bf6b88fdd32782a4a381274 |
| SHA1 | 0fccbc91f0f94453d91670c6794f71348711061d |
| SHA256 | 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc |
| SHA512 | 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9 |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_filipino.wnry
| MD5 | 08b9e69b57e4c9b966664f8e1c27ab09 |
| SHA1 | 2da1025bbbfb3cd308070765fc0893a48e5a85fa |
| SHA256 | d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324 |
| SHA512 | 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4 |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_english.wnry
| MD5 | fe68c2dc0d2419b38f44d83f2fcf232e |
| SHA1 | 6c6e49949957215aa2f3dfb72207d249adf36283 |
| SHA256 | 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5 |
| SHA512 | 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810 |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_dutch.wnry
| MD5 | 7a8d499407c6a647c03c4471a67eaad7 |
| SHA1 | d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b |
| SHA256 | 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c |
| SHA512 | 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12 |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_danish.wnry
| MD5 | 2c5a3b81d5c4715b7bea01033367fcb5 |
| SHA1 | b548b45da8463e17199daafd34c23591f94e82cd |
| SHA256 | a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6 |
| SHA512 | 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3 |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_czech.wnry
| MD5 | 537efeecdfa94cc421e58fd82a58ba9e |
| SHA1 | 3609456e16bc16ba447979f3aa69221290ec17d0 |
| SHA256 | 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150 |
| SHA512 | e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_croatian.wnry
| MD5 | 17194003fa70ce477326ce2f6deeb270 |
| SHA1 | e325988f68d327743926ea317abb9882f347fa73 |
| SHA256 | 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171 |
| SHA512 | dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_chinese (traditional).wnry
| MD5 | 2efc3690d67cd073a9406a25005f7cea |
| SHA1 | 52c07f98870eabace6ec370b7eb562751e8067e9 |
| SHA256 | 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a |
| SHA512 | 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_chinese (simplified).wnry
| MD5 | 0252d45ca21c8e43c9742285c48e91ad |
| SHA1 | 5c14551d2736eef3a1c1970cc492206e531703c1 |
| SHA256 | 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a |
| SHA512 | 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755 |
C:\Users\Admin\Downloads\WannaCrypt0r\msg\m_bulgarian.wnry
| MD5 | 95673b0f968c0f55b32204361940d184 |
| SHA1 | 81e427d15a1a826b93e91c3d2fa65221c8ca9cff |
| SHA256 | 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd |
| SHA512 | 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92 |
C:\Users\Admin\Downloads\WannaCrypt0r\c.wnry
| MD5 | 93f33b83f1f263e2419006d6026e7bc1 |
| SHA1 | 1a4b36c56430a56af2e0ecabd754bf00067ce488 |
| SHA256 | ef0ed0b717d1b956eb6c42ba1f4fd2283cf7c8416bed0afd1e8805ee0502f2b4 |
| SHA512 | 45bdd1a9a3118ee4d3469ee65a7a8fdb0f9315ca417821db058028ffb0ed145209f975232a9e64aba1c02b9664c854232221eb041d09231c330ae510f638afac |
C:\Users\Admin\Downloads\WannaCrypt0r\b.wnry
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Downloads\WannaCrypt0r\@[email protected]
| MD5 | 7e6b6da7c61fcb66f3f30166871def5b |
| SHA1 | 00f699cf9bbc0308f6e101283eca15a7c566d4f9 |
| SHA256 | 4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e |
| SHA512 | e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3 |
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
| MD5 | 40f168cfddf7689a5180bf8e34bfa896 |
| SHA1 | 199085b0f16a08099633b28050b02eb392227bda |
| SHA256 | b86c08ddccee94570f67bb754921b5dd37cfb638266bdf1135f806ce9eff6cbf |
| SHA512 | b03b94006b58fc10c4760fd84ef16b34320c0f424312fc96185a97750c0bb27e78452108e3b9af8361bdeba4a80b5d0c9b06eb771a6ca213bd22d04ba8f77d6f |
C:\Users\Admin\Downloads\WannaCrypt0r\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/4864-1988-0x0000000073BC0000-0x0000000073C42000-memory.dmp
memory/4864-1991-0x00000000738F0000-0x0000000073912000-memory.dmp
memory/4864-1992-0x0000000000B00000-0x0000000000DFE000-memory.dmp
memory/4864-1990-0x0000000073C50000-0x0000000073CD2000-memory.dmp
memory/4864-1989-0x0000000073920000-0x0000000073B3C000-memory.dmp
memory/4864-2002-0x0000000073BC0000-0x0000000073C42000-memory.dmp
memory/4864-2006-0x00000000738F0000-0x0000000073912000-memory.dmp
memory/4864-2005-0x0000000073920000-0x0000000073B3C000-memory.dmp
memory/4864-2004-0x0000000073B40000-0x0000000073BB7000-memory.dmp
memory/4864-2003-0x0000000073C50000-0x0000000073CD2000-memory.dmp
memory/4864-2000-0x0000000000B00000-0x0000000000DFE000-memory.dmp
memory/4864-2001-0x0000000073CE0000-0x0000000073CFC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9bb7bf66bb0faf0650591247e6edc30a |
| SHA1 | d9dda6ceb165946152eea0a3be35a11fcf30d894 |
| SHA256 | 29105f1ce29e5fe6c789434b82ba54a396b996d28f643353aa9313e67fd09d84 |
| SHA512 | 08550f644ae3a0a426153314d5f6aaee8afd9ebb7c5637d68d014bff683eb3822ec6476ac0060b580bd4e1e6c17f2153cbd635e2eed761521f359eafa8abeafe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 017dd829a69da2754a1e53f0bd27beb8 |
| SHA1 | 9616f6814296e6431071b6201db36f17f87a4f41 |
| SHA256 | 11fa9eb052ad27508ba57210d91bd6d8c70d775598991066bc2d9e211d81cd55 |
| SHA512 | 376a0694ef7071f94cffcb3ebe87311a0b771bc709d19767a074db0395f0657b47004c7afbc36b525e7750e3dfe77ae2fe379b4d2f4c4846e3d09e810ba00ecc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 055ee8aeb5b8f240a78d88a4a98eff49 |
| SHA1 | f6932d1269ca3d7beac97238303be4b7363199b4 |
| SHA256 | 3f623bf9664e267489fa44b91438a30a867277d1e46321482281e92ca7f07d8c |
| SHA512 | 8560cb89393b2e52365b2a822b64659e9f522a39d7596c60fab5fe29222124caa6ab66f3a71406b2add4af2020932748dbf1ab814ff0f1e994e4571656aa409d |
memory/4864-2040-0x0000000000B00000-0x0000000000DFE000-memory.dmp
memory/4864-2048-0x0000000000B00000-0x0000000000DFE000-memory.dmp
memory/4864-2053-0x0000000073920000-0x0000000073B3C000-memory.dmp
memory/4864-2059-0x0000000000B00000-0x0000000000DFE000-memory.dmp
memory/4864-2064-0x0000000073920000-0x0000000073B3C000-memory.dmp
memory/4864-2076-0x0000000000B00000-0x0000000000DFE000-memory.dmp
memory/4864-2081-0x0000000073920000-0x0000000073B3C000-memory.dmp
C:\Users\Admin\Downloads\NoMoreRansom.zip
| MD5 | f315e49d46914e3989a160bbcfc5de85 |
| SHA1 | 99654bfeaad090d95deef3a2e9d5d021d2dc5f63 |
| SHA256 | 5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7 |
| SHA512 | 224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e5db58e647f7c9437993df1f49e0def7 |
| SHA1 | 7d85744442125c176451685505895973065dfb53 |
| SHA256 | f22b6865452c238d3af50d99053c817ee244682be127d47c9f67d23e8eafe1c2 |
| SHA512 | caea18d1cb9005cb3445b547be7daa2369949959ffada6362f9148f0db135ce1ad70c412780293e72a7dc9ec4dd01699731d9a042863e98c6ae1ed844ea336d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043
| MD5 | 7a5ab2552c085f01a4d3c5f9d7718b99 |
| SHA1 | e148ca4cce695c19585b7815936f8e05be22eb77 |
| SHA256 | ed8d4bb55444595fabb8172ee24fa2707ab401324f6f4d6b30a3cf04a51212d4 |
| SHA512 | 33a0fe5830e669d9fafbc6dbe1c8d1bd13730552fba5798530eeb652bb37dcbc614555187e2cfd055f3520e5265fc4b1409de88dccd4ba9fe1e12d3c793ef632 |
C:\Users\Admin\Downloads\PolyRansom (1).zip:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 60191e77441dab8cb53fc8d14401bab1 |
| SHA1 | bdd8f21091617325f8af392e45fe727fc1d0a1fd |
| SHA256 | 59dd9e472b7bef9e8d96b87aa85f58f6fa978cb5592a63580cea1d5a8391b611 |
| SHA512 | 992566b20cfa029b2212de5465178fa7b86dd032c35164fd67ade76273161858f8694ed9e15980dbc7ebbe6e595aa0d0906edefdd5bef3e8df3c1b939b77c43f |
memory/2132-2255-0x0000000000400000-0x0000000000439000-memory.dmp
memory/2032-2261-0x0000000000400000-0x000000000042F000-memory.dmp
memory/4556-2266-0x0000000000400000-0x0000000000433000-memory.dmp
memory/2132-2270-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Users\Admin\Downloads\PolyRansom (1)\aIUK.exe
| MD5 | c6936c65cbda918354f089f1b241106d |
| SHA1 | 4021c6eb56d76c8e05ba08b4fe7e904d19d47163 |
| SHA256 | c33fe2d7e7dd05b0f50e3170c1ffd4885b55cdb3a34bdd5a23e760c9f1444abf |
| SHA512 | b5095cd81f6ab8f9ee10bd8c6b00bffaeccdda90fd3747e49c2c186383e81c9ffc7986b8d7a504150bbb0467aba43435806d1ec76c93fed2035c1ffb680e4816 |
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 2739d7f23dd3220ff274245cb6234c40 |
| SHA1 | c8f72140a62aedd6a73006c1d14316a2b954cf22 |
| SHA256 | fc1c9fa0bf58ea8daa263472e7b402f50961a96e778ab6813e4779845939399b |
| SHA512 | d5b475b87a5dbdd5ca9ad4e20b0793ba69df18e4fdb831c86a92907cae1b621495c3054db49f72c9af0d56066d9e9f7fa1c3af04129a95f7e1cfddae63057962 |
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe
| MD5 | 6917edffc5b23f49989d87dc4ba1befc |
| SHA1 | 1559fbdd697972ec611443775c0427d08b2249de |
| SHA256 | 5c02bd9f9074ab9f2bc386c88917c9bcb5449ff4c435b59a4e70e6a598651e58 |
| SHA512 | cf4fc0cfe759aabe82a643146b24c68019cbe617aaa50eef3065025f89213d7aee746ec02162dd49c49935a542e75cc9553917f77498fd1cc94c476a00cc312c |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
| MD5 | f6b1ca032f29bf30b452159d9358fa78 |
| SHA1 | dca2c2461b4ab5c3e076b8161087bb1088fe6952 |
| SHA256 | 49e9f9c992238a77a98e62fc61dfe2481e7b4157a5a7560b872d04c6c756493f |
| SHA512 | 6f8afa82a518bba30822a8fe1d5be07037140ccec80e7f8a2d1a50f83c4a41c03ae79b9d433a67c7b3c8446f5768719065e175d305adea5b8fceda5cb134ec81 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 7c98f30d935213b607da009e4e1eaa3d |
| SHA1 | f1f21c137c5d30c142a66c3a515997053bf59346 |
| SHA256 | d3333aa645f2fc672df7e0386b9cbafed1ba96fe8602d4ee4057a199a7950dbf |
| SHA512 | 079ec76cd6a5a0b6f41a846741eeefc6d58aa038f04398452911c4fa4ca27eb52750695ee52d183d092874e7c736dd8e14f7af9031432cac76d2d45c1d54af70 |
C:\Users\Admin\Downloads\PolyRansom (1)\iggE.ico
| MD5 | 9af98ac11e0ef05c4c1b9f50e0764888 |
| SHA1 | 0b15f3f188a4d2e6daec528802f291805fad3f58 |
| SHA256 | c3d81c0590da8903a57fb655949bf75919e678a2ef9e373105737cf2c6819e62 |
| SHA512 | 35217ccd4c48a4468612dd284b8b235ec6b2b42b3148fa506d982870e397569d27fcd443c82f33b1f7f04c5a45de5bf455351425dae5788774e0654d16c9c7e1 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.exe
| MD5 | bb6bd898a2f572ce1bde77d02c9b457c |
| SHA1 | 571c11c54235a15677b8e85f403272c6a8070818 |
| SHA256 | b620396c59aa5c0bb442e68fda1e5c550d2a9e1269f4bd4fedfc7981dbefa3b1 |
| SHA512 | edf96c175a8e4f63aeb841278ff5c3863dd3b4785e31e5e14f07dbebf07eac7be2ac130bcb953371502853cb4e38c73c4db603dda9804c67caeb02cdc6e77750 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.exe
| MD5 | 449c5b74060940ef4d72bd6d4924f567 |
| SHA1 | 6ef0accb551a02d90e8df6f5737148a6b741061c |
| SHA256 | 0d5f0c825eec22f3562338486bcff8c6221bdb461f0465fb35ba49a9411c12ae |
| SHA512 | 30c90ea1946d35dcc488621d98dcfe10d91b27bdc392c34a788deab89582af0ad5c4db2f3908ce7d650aa38c0f5bd26a4284e4010fac8d82b870a683fa104869 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | 4d0ee81bbb0596e84cfd7f7083e4e96c |
| SHA1 | 2a034f0231bb9c5b9883913b7b64ac3999479e1e |
| SHA256 | fade75e891e88d54621ae1b0735d1e56e46d56616cca7cee76cb52389f59e2e5 |
| SHA512 | a5e690ddf88b19e887071331b0545dabc9bf6236908bdf914bddaba5768816f2b2570d7f10fbd2aba4576c1282a8116b831036b0b2d6d2f9d06d46dab5704ea7 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | 775fe3826cee08d691c23b8840a1a2f4 |
| SHA1 | 2ced03dc6e6a22daf43e151fa2ee148d84ea4e05 |
| SHA256 | 756f1e1925dfb8f4666d4ee7cb785d548e81db42bc67e3430ff2091b54b3232e |
| SHA512 | 1fe5688f7f10c0ea6365555ac79604c53bf3d90dbce96127851b53c8eee160e78254dc0a679c5cd4bf93c22a5240e6fa90fc86b14216e2cfcbc76bf7002564c6 |
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
| MD5 | 92d227cd940eb58dcd064ee450951d5b |
| SHA1 | f2b3ab3713c4eaf52c1ec5c553a3b5d5a6668664 |
| SHA256 | 9a6fb778bee407a8180a0a2855c00fe4efcd26facfbd72c2794b9f95b87d302e |
| SHA512 | 274e4b4cbbae561e73cb4c6b96e2845e74b4d26c1be6371ef01d91c5a6c38edd1b542eac74d5098be1f0a46a27c48d9d84830bbbc8172ef941f54cebbda5676e |
C:\Users\Admin\Downloads\PolyRansom (1)\GAEc.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
| MD5 | 0033d59f423fb40429140372f1fe0612 |
| SHA1 | c741df2fe1a184667bed09259830c38c43c40d02 |
| SHA256 | 92fd849486245d670f0e90a8e46bfe061c2d4481cd5e6962af3270ae6ab44942 |
| SHA512 | 4b68c5c1474b5d26f5ec68dd0fcc3f96502993d5e8d4e2298e08db771753d74ace96dc5a32ec81e754041cab5e4bcf88a8202b931fad43fcac285c58f7be9317 |
C:\Users\Admin\Downloads\PolyRansom (1)\KYwA.exe
| MD5 | 04261059c5734dde6aa5380886fea50b |
| SHA1 | 15fb701bae5b4050b4506065f75176136bf20f7d |
| SHA256 | 43cf9b459b8781b00e9fc602b9d862ddab32b2a895788cecd533cd63ea9ebc8e |
| SHA512 | 02deb29716d399a619fe07ea53729a12ad88f70da0633d94cd73f7c5c3089eb7422b2191f1b2725170f95779d85894f7f9579d10c5a507bcf9b07c621414c3ec |
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
| MD5 | ceeed89c1dfd34a160e61f5427992e2b |
| SHA1 | b1800ff2f4e11161c43ed8a077aa3ca65ec08fbb |
| SHA256 | f86f8a56fab2740a5a838875b78c491cf23f089dd2de9ac7b91ac3a4e1b07628 |
| SHA512 | 81d377cdd31e509015dde468423936ea4e540ccaadedbb6ae0706716d1139bac81499a64397f8b1cbac375a53b7d0079bb9a38ff77a9c9ca32d33a2fbfac80dd |
C:\Users\Admin\Downloads\PolyRansom (1)\KEQC.exe
| MD5 | 83b6f6a697ef6e09d1c361de5c03f398 |
| SHA1 | 809a11e44b2789ca3b0442e3859961b7218d4c92 |
| SHA256 | df00e277a8f834d29c3f24bad63455ce1d4712bd16cc1d0a6222d901ad54b65e |
| SHA512 | 46c2b2b8cd49563ddc01e8ee15587ebafdb73a72880f3f3ef3cb591f65ecdb99cc4ab7c15928049f02ef1efb2d0d24a233a77e679985f9da60ff158f931d7d84 |
C:\Users\Admin\Downloads\PolyRansom (1)\UAEo.exe
| MD5 | 8026b483adf374eabf520c891483bfd7 |
| SHA1 | 127c8245290025704ad072211391c1ccacf38f31 |
| SHA256 | 0be02bd95fb1e3fd110b46d2f6c685d8b4298ba9e8c644eec4ac52c5d2c8b2dc |
| SHA512 | 5dd76628a37e586f70c1592103c2ff933cbcdf0e0b08d3625835ae82824d865e60d2aa4f86c810229b940f6fa5bbf52dee7e30d2e932c5380855990cc8fe0ce9 |
C:\Users\Admin\Downloads\PolyRansom (1)\GEIU.exe
| MD5 | cb7cd06431f41acdac0f0f13c185d257 |
| SHA1 | 64c5e783251ea5f45b03c65b3066a9133785aa53 |
| SHA256 | 477d5e1a9118886f40cf9d27bef029b8c0669c9a8e7b128bb9b4ccd651964c37 |
| SHA512 | 30a7d91d0546ccc6dcbd4285a301e37c6212c5b7c062928c8dc92e291ff8c366ea50f1b1e153defe1db517f400eae9ccba1699b4a3805bb7d504ebca521936ee |
C:\Users\Admin\Downloads\PolyRansom (1)\soIO.exe
| MD5 | d5f1fe2844dd24bfcea3a8634aa3ce25 |
| SHA1 | 0d793f7e394102321a064bb56ff5eac2d98f8ba8 |
| SHA256 | 597c1defdffa9e0a8dae215736f827826b0a76903646ae47904ee5cdadefd1d9 |
| SHA512 | a6609c13519521efe017afbcd0d0328bf12e8e946b7bf66fe2e331ea5294e739a84a6a5e2ee34e47b766098588857563820e0a18f5d2603102696672501126a6 |
C:\Users\Admin\Downloads\PolyRansom (1)\CsUI.exe
| MD5 | 7c346dab68e2cd375ef398f9de1fc5a1 |
| SHA1 | b1edd068d527027e673293c2b9ea6804a3ad6580 |
| SHA256 | 635c3af3e60315789d548287a538e3c8d7795b6fdd390c08f8c6d7c90fe52643 |
| SHA512 | b9ea058eb69e389ac583b2771ba14782d629513a8de5ee86eb0706c767d7964a085207ac1496faa01587903bb93725e95b52a7ef1a8ce1cd96f9540304863db1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
| MD5 | 6e1a6c0082804aa47f6420c8b7f7b68a |
| SHA1 | 5573d5d4b6f1c382ea841430f6c1a809bdfe37ac |
| SHA256 | 1bf81b6c4a79e697a0f617cfe3ff47af987c07ba969c4f9e5b406735233d0a7c |
| SHA512 | 4314687e252b43e384b958fe60fbea265fe697fd93ca82965eb55e130b990713ce059af2755ed2f4c49a5d80b6b936322425be2f1d7d9ec0d789590926d86885 |
C:\Users\Admin\Downloads\PolyRansom (1)\gcQY.exe
| MD5 | f45b69f894eeba48524cedb604c0250d |
| SHA1 | b3ccbfd83a3a45acce87e49998585deb99e5809f |
| SHA256 | 207bdd787406e7be04fa5d781067044a9d2b76894a94d8f1f0e21fbb02494b0c |
| SHA512 | 1ee1e5db0b5cce6e2eef365f526e85df36d81263890fccb74b7837a6ea5a4bc337f066468430e65f1bad8b9f3a922581731ecce7dda73f5ad156e0ae103ff902 |
C:\Users\Admin\Downloads\PolyRansom (1)\egwU.exe
| MD5 | 76afbc2d988b5dfaf81f4fc6ccd7382e |
| SHA1 | 14a07e3a06426a88ba16e0dce0a16e7ab97d726a |
| SHA256 | 981f63e5c27eae1b155954b039ba05a5f85ee51e6d534aa14b5af9647dec40a7 |
| SHA512 | 4e8d1815b15ce1086ba1635caab6f46d7ae2b34b2587dd478e348b39aba854b87809102291f90b40662c6577fdc00214b89076afb814cb71b9adcf17c0330b6f |
C:\Users\Admin\Downloads\PolyRansom (1)\isgk.exe
| MD5 | 8a3a64a92b0ac51625006efa9a18c19c |
| SHA1 | 3fd23b770eb9a4c440f33312228823c7829be823 |
| SHA256 | 47d65f0e798124aa65a3113116b8a64d48a0090e1e0b9a4993f5e985705982bd |
| SHA512 | c6912a86c192c0d61bbfba7d9d4ee19271b359b4a5e219e1a7cbeb50fb38e9fb92837efa7a6ab3cbcdb3975eb1e323e084819af672d0540d01fc881749e5128d |
C:\Users\Admin\Downloads\PolyRansom (1)\yoYU.ico
| MD5 | 8ff64aadbcb8620bd821390e245fa0e6 |
| SHA1 | 4d03910751bff2987d165c7c43e52851ae064239 |
| SHA256 | 38d6a9052a4fa9fbd656388704522cb851247c32650c387c19b15cd28ff3b6fc |
| SHA512 | b5d4dc4bea4ca5c7238d875f2f934f5813b97100e364a16c4c6bc800e9a6df06a3075d7807d8ab42e551faa3f8a870b21abb61ae4816ef95f0e7163df5f62ecb |
C:\Users\Admin\Downloads\PolyRansom (1)\EwMc.exe
| MD5 | 4f6eb65d09dd404b69be448117bc7766 |
| SHA1 | 12e26e87b217e783fd809b0bc4760727ab03b177 |
| SHA256 | 013fd0968b39ab95eaa6f1b9bcad7be823fe759a7f82b76025be08dcb1a42cf8 |
| SHA512 | f507a9073cbc9aa3cca6833b886bd579412fe4d7578818b5657f5ba7f36d4f5f4fc9e24e2f8009ddccdc4178371b9b0efe70238f8a5e154783a338a3d293f16d |
C:\Users\Admin\Downloads\PolyRansom (1)\cEkG.exe
| MD5 | 832b4f74465174d31d2930801098d480 |
| SHA1 | 7debefae2d00471b718f5713c726f9062773c8f6 |
| SHA256 | 85c99ba63e461f1fbb1b28d8dafd372427f5e9a97fb159047ca339213ba25cb6 |
| SHA512 | f5ab8442532ea69a87aa1b4ef68311f8fe9a9529ae30d31c392ba2fef9551fb5040deb431dde40fb4174da629fe938011abc45772568f6fcac8d4d9fff6d845a |
C:\Users\Admin\Downloads\PolyRansom (1)\yMcc.exe
| MD5 | 6876bdb1028fc368b588e708d1ad60a5 |
| SHA1 | 86ae898300acc6c644195edf0f46c519309f9c3e |
| SHA256 | 62be3d2ba66f93624e8b6578dd227f1141b39181b3ab267778a77410c86428ca |
| SHA512 | 3a3019df3ad1049cd2cd0778cbf08744ced2e14571c4142e4c59befb9b7a7a74dad83b0413d9c4d4d3999d5041bd12e39f9b2ac87907fd49ece655a162c1dc23 |
C:\Users\Admin\Downloads\NoMoreRansom.zip.exe
| MD5 | 5a1a9754bfbaff6909f4c01aadab5c3b |
| SHA1 | 99ba23dfd3654f33e46730fe28e75618196891c0 |
| SHA256 | acdaa6a06dc0cbbcf31755b54356babfadda9b5cb3c1d56a7e73fe71e703f1bb |
| SHA512 | a6881a8fefc3d5a5134ab931264515dd947325216b2ff1e2e4775dfe6e3883afd84f0a5d5c169016a23eb1c2f83b625d622df008d236ab93c073ed046b824896 |
C:\Users\Admin\Downloads\PolyRansom (1)\cMwY.exe
| MD5 | 28dbb9b4a89fd0eac67694122dacbdeb |
| SHA1 | aff87004e229e64aab29479948a29c778de75d64 |
| SHA256 | 8bed3944d629e992bc2d40f4308a24d23c45eebee3d20a7752e445f886243d19 |
| SHA512 | c7784e0966cae4739a60b8ec65f87de1ca69da6b97a31c4befce2bb9fa51a6f8e52e0bb20deb765182f9ba0453ae63e5c217e96d5ce6d41c77153ad5d9529e81 |
C:\Users\Admin\Downloads\PolyRansom (1)\UkcQ.ico
| MD5 | 7de70c5f9fde94ce0179324aa5720a58 |
| SHA1 | b34c69a980c52938d5b4377376adf15fad17dce6 |
| SHA256 | 955ad377b15d14e80d8eb194375f26e0e9e339b1cfc1e4047e16ae0e0f90fe24 |
| SHA512 | 0b5b089bb8ae1a97e4a882f7e35c7295cb81127f0915379676590a2af296012782192381e2bf3d010f0a1c693e2eaaa2f083fd8fdd7c3191a8537b4553676ef1 |
C:\Users\Admin\Downloads\PolyRansom (1)\mkcm.exe
| MD5 | b42747fa7b027b80305fa069f6cd9ae0 |
| SHA1 | 299b34593161e777671a17ad2af5b6baf6467f56 |
| SHA256 | c8f4cf15bf1b64570b96d654c3ee9ae6c1736d32df855ae341de772b28264db8 |
| SHA512 | 066d0e0634d978e8844c3f67355aa503367be21a7907337f21ed44245dea18a7253d5bcccffc0a035c3f622edabe9ca384d78a53b91d40c3da06b62d9040b408 |
C:\Users\Admin\Music\@[email protected]
| MD5 | 76d789c86a9c9cd3cb8ca11c46bc14dd |
| SHA1 | c156b9e79bb551ab3a6b424ef61cbd3ca277ba66 |
| SHA256 | dc5d8035290366314fef753b3abbf80e4ece1b79370a1983ee8f74fb7df60ec9 |
| SHA512 | 7024e8effbb6141cc325a87907815cb027d13b89728f6a32c7309bd646261d76adfb99e77c161bb008af7bfb3b083849ca154cdd486d95674fbdcfdb6359ea27 |
C:\Users\Admin\Downloads\PolyRansom (1)\Qokc.exe
| MD5 | c0ae0c224a1385d94b74160239fb28e9 |
| SHA1 | c26601bb6fc1d9adf2eb396b9e60cceba10e9af2 |
| SHA256 | 5820239156f9add161b43f6e4b83cbedda08acd9667ba138acd811e37feb8730 |
| SHA512 | 0e1cad25752c467c63f770b4cc934db8ec20f575c7e43007133a50ec56596808f32d62af841f9778f7a2592d4559fc093fe11f9e5e8d8f14e1a6f56cabd0a2f0 |
C:\Users\Admin\Downloads\PolyRansom (1)\eogu.exe
| MD5 | d2c87789818cf654bc499c962f1ef62b |
| SHA1 | 9d9071d2bf1f3c1e564831eccb5b1d3531540127 |
| SHA256 | ee8ab6cc181e05164e056ae9c5ad99c7608da3bdb29b7f2ef3ae3438e32974cb |
| SHA512 | 8c5095d108474de544a60a9f199a4033059a41476e2d30b9bfb9305fbb4643fa22eef0915a1bd4359a0c3ed3ac3336bb2b4c04f6c6046f337c43e44531fd6582 |
C:\Users\Admin\Downloads\PolyRansom (1)\gMgQ.exe
| MD5 | 7dc66ec8f8dabfd2865d8e3a63e439ba |
| SHA1 | 06a7a6fbf288736bb795ebab3ba30cca4feffdda |
| SHA256 | 6560f21d1df7728cc0721fcdf4086d1bf249f6f2f3bf172e23bd70de18cb46ed |
| SHA512 | 29953a3b140f98f24e4931817f1e0b4ef07cd0f6ee58bac15675c59c0c4bf50d746ca85da408baae8f709f795251f1b01f8b9755a3ed6afa12862d08cb62b6eb |
C:\Users\Admin\Downloads\PolyRansom (1)\mIcE.exe
| MD5 | 2951e84083e941f1a853129f3ee090b7 |
| SHA1 | 7fb6448102e2a91d03e13337a77981451af1ffb7 |
| SHA256 | 410a7d48d788fb4bf04731b5955b2f048978c98709cd824f8077449411e1ef48 |
| SHA512 | 046d4b13208ef41defaa8e6b4363036bea31362e8a35ba845ce1e5cb346e5f71960a1d6d1c166b8f579313f88b0837b6f6e82a967fff5d13d68b98ce53bab17b |
C:\Users\Admin\Downloads\PolyRansom (1)\GAMo.exe
| MD5 | 5406756b2a6e935101f20ae2a874f171 |
| SHA1 | 26227678cc1a42d3906ec0fde40bf74efdb5dd79 |
| SHA256 | 67639da6e6d0e3e67deb42a13ef4fe7ee41001fb3b367da5dd32c1195ddf6df6 |
| SHA512 | 0a1b6df38c06a8d5c285659a325d5edff0e6ac8998a96b8fbe1a8e216407260b4405a7c6c9ab93e506e811ffd0b3b5e93dad38a588f4f85b766cbf6966523d5e |
C:\Users\Admin\Downloads\PolyRansom (1)\AccW.exe
| MD5 | 552336fbebe3960fb1bdf25c0e647989 |
| SHA1 | 581460870863412fcd1e30e8411dc89d2458da29 |
| SHA256 | 8847bc6e735ae3ed566f2a24a996f5f34995bd7f02258c8cb5ac3928a5209677 |
| SHA512 | c30b706ef685a648a3a8f7d6166e540424739cd89acc21a390a55877538be62d79f190de1e84e312c39f2204aac7fe25d8be72a8ed7338f4f4a242828404c4f3 |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.exe
| MD5 | 2d456afb17b2b43f7971482f05399dd3 |
| SHA1 | 00fdd3ca800e14c44ffd12c5779d5b24c5cc1729 |
| SHA256 | f86cd41922549c293d8577e0259758c42e1adde19d04f1b36859322fb6579872 |
| SHA512 | e32302f4c6791026cc7ed69ff7239ba6425bb0ffc226bd8c0feabbbe8cccc2b7ad3e8d9f6c5a22fdbd3b7c84dc308ba1c78d1a082289ecf27ac81db1cbe20d7c |
C:\Users\Admin\Downloads\PolyRansom (1)\WYAU.exe
| MD5 | 5098b74edd38ff11acc7eee8728cacf3 |
| SHA1 | 1592d7d6438079bad6c01918c5ff2fef06b1d8ad |
| SHA256 | a2f7ac0441ef9a6b4cea1bf5872f10cae28130cf007c8a0bd9cfd3a83359aebd |
| SHA512 | ee905e66c19efac5a8eb59b86d0f7872065fd3b67bd85533063fc31602d65f4f0933cab15a7836627c53e06b26c3c69730707e767e8afbfb8a0e8dbb780eb50b |
C:\Users\Admin\Downloads\PolyRansom (1)\ioAW.exe
| MD5 | fd48fd06c5960a8200d1977d06720c05 |
| SHA1 | 78518750280f23306f092b45022bf752b9c36a0a |
| SHA256 | fa83ffdafcb8727c0841d4391801a4fbf4c729ef424349984ef8f8f8e1a6a730 |
| SHA512 | b7acde7c10126a19eccfcfad4a27aee99202892c6ceeeb89a06f979afd5d555a9ed45fc9d71645a39687f3b2258ae2501e86fd9b4103f7cc77118862de11bcc7 |
C:\Users\Admin\Downloads\PolyRansom (1)\iwwy.ico
| MD5 | d4d5866fa12a7d7aeb990ba5eae60cb1 |
| SHA1 | a1fdfc36c9500844fe0c4554fd60cc95808bb9a8 |
| SHA256 | 5388384511211df8aa81844cff67add9646c8196456f34bb388c2bceecf5f2b4 |
| SHA512 | 7e8537da4047e751e3613bd089014d6ba3f4418a6d8f71c2cfdde146c0ef83895e74417ef19c30a63adc1d38fe0c1f8fdee3f2eb5bb0146e5043f06c73dba06d |
C:\Users\Public\Desktop\@[email protected]
| MD5 | 0a01a85b1aee131f9a33ddb30bcf31bf |
| SHA1 | cf0137b65d89264212f20c9048c8e96129072f4d |
| SHA256 | ea53d7d529e41c39e1e37bb9f3154aac87ce11df242b2c5732dbe9395829f344 |
| SHA512 | 04815ddef1858449f25d6e955fdb26d9ca0bdd09f35684b41b889cace51cabe8cd098107eadffa61624db08013185af2f050166ebec1e385e0a9481ef8b552ad |
C:\Users\Admin\Downloads\PolyRansom (1)\UoQE.exe
| MD5 | 07302a366dbd59bd715e875369fdfd4e |
| SHA1 | 714dc062f5b7856c5a99758c89bbaebc6f2e6c7b |
| SHA256 | 76098953feca0c0c1c89ddd705b9cdd1a97c75fa99d62566ede7da85ec04ec04 |
| SHA512 | c6fb33676428112868dc3f0801442a56ef09105ee70de0079679225a0b5b8572115ad9ab64db88ca7f3809d17ea269e80233d7fb1e9a569a29782e3b2f38e56e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b0ddf7c0efb1c4b15aef1843022277e2 |
| SHA1 | 5034aac3b7a0f44ce7952479e37e2f32c6c3d07a |
| SHA256 | a0bd207e4d12a9cdec5a559b9984d2ecfc67454d56e3a554ae1a300d7a98a699 |
| SHA512 | 493c421f45ccc1bd136ac3daf8df51ba028ca9adfe71fd6953358b1c5a2eb80a8165e122a2696d8c63359b820e4117aed43cc38c3b919a22e6fdee22f507c72a |
memory/3600-3347-0x0000000000400000-0x000000000051A000-memory.dmp
memory/3600-3348-0x0000000000400000-0x000000000051A000-memory.dmp
memory/1464-3400-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1464-3401-0x0000000000400000-0x0000000000454000-memory.dmp
memory/4664-3410-0x0000000000400000-0x000000000051A000-memory.dmp
memory/4664-3411-0x0000000000400000-0x000000000051A000-memory.dmp
memory/1728-3423-0x0000000000400000-0x000000000051A000-memory.dmp
memory/1728-3424-0x0000000000400000-0x000000000051A000-memory.dmp
memory/2032-3487-0x0000000000400000-0x000000000042F000-memory.dmp
memory/4556-3494-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d9dcce4149abca59432021f09ee703ea |
| SHA1 | 70db997509ee465d9195587da512ce0e45ac7c2e |
| SHA256 | 4ec3307c6eb6ae4b0084797840dfb48be1d0ace274229231267987e1acd0ce9a |
| SHA512 | 9f65532fde10ba132dba4cf47b76dad25d835d43aa7eccb966cf58ac923aacf7e30b10262b9f84efac25c7f4a099855a2b04a087b9746cefa216ece6322f042e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f3e03a50fb983dd3e62f8933d1a58304 |
| SHA1 | 1f52de04bdc17dcbc062c02e5529f519ed8a05bd |
| SHA256 | 292c5b2ef52bce5c369b697106561c524403f6cc8beb7a212a0de82acc73b602 |
| SHA512 | 5fe4bb9962243c2bd4d0fdf29befca4f7bbd07ac9b7233ac3e746fee9157efcc59b693cef5b382d61885f2f4fac42b700fa2b02fdc3cdd6f2cdff1303fdf1429 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 34c1e8a56c1914f891dfa5f4e652154d |
| SHA1 | ef59bd48a6a0e8ecd65c1c6d2f3ccf02954d6aa7 |
| SHA256 | a176024bb74e413012ed50df75a26f5f427567085d66a9327ac9e1300f1fc221 |
| SHA512 | 5151c9f85f5ffd461a80467204b58a729be414a4b6e1cb3eb4f09f8c499b5087b233bfb7016e3bed3882b2d7d9d21bbfd271b34b910cff88282d8a388d089059 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | a074f116c725add93a8a828fbdbbd56c |
| SHA1 | 88ca00a085140baeae0fd3072635afe3f841d88f |
| SHA256 | 4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6 |
| SHA512 | 43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | a7ee007fb008c17e73216d0d69e254e8 |
| SHA1 | 160d970e6a8271b0907c50268146a28b5918c05e |
| SHA256 | 414024b478738b35312a098bc7f911300b14396d34718f78886b5942d9afe346 |
| SHA512 | 669bec67d3fc1932a921dd683e6acfdf462b9063e1726770bae8740d83503a799c2e30030f2aca7ec96df0bfd6d8b7f999f8296ee156533302161eb7c9747602 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 9f8f80ca4d9435d66dd761fbb0753642 |
| SHA1 | 5f187d02303fd9044b9e7c74e0c02fe8e6a646b7 |
| SHA256 | ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359 |
| SHA512 | 9c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 31d7679801ec0e166e96b7e57df57fa0 |
| SHA1 | bec4447108edfcbbf3383edcbe3205ea109420eb |
| SHA256 | 1e9da763cdb0261f6043e9b81a0efa6ead6b1392da353458b183ece31cd70795 |
| SHA512 | 31923f6ce3b4868a9929258db79a2373546a1710e159202fcb961c039c8335aab74b43fffc18f3d5f2262aa5ff970dcc19e638aaf3a796ef08a7a514704dca0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | d9b427d32109a7367b92e57dae471874 |
| SHA1 | ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39 |
| SHA256 | 9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3 |
| SHA512 | dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | cf604c923aae437f0acb62820b25d0fd |
| SHA1 | 84db753fe8494a397246ccd18b3bb47a6830bc98 |
| SHA256 | e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4 |
| SHA512 | 754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | c3bd38af3c74a1efb0a240bf69a7c700 |
| SHA1 | 7e4b80264179518c362bef5aa3d3a0eab00edccd |
| SHA256 | 1151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8 |
| SHA512 | 41a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 95064ed0e7b61c9aeef3f76a36732de3 |
| SHA1 | b434997e9cab2a425504b383b64097a4490f1ca8 |
| SHA256 | 50381293e4fe892434716bb183f8cc5bae3b08c1d9482c70c357f4d67de4458a |
| SHA512 | 1e4c0588e7a2b34b1b5850d30e98388f231eb1681cfcdfc90f9de81f3f4d73ce0a4b99b727155dbd9d59a9d33ee26832d34e91db8e7b02708dcafbd43061187b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 111463cbef23646511680f07b1ade1fe |
| SHA1 | d50f5d64d66735f2c98a2a74a0e131af27b27625 |
| SHA256 | 4022db65dd127cb227028ac0921dd0ed0f5b4864d5d6585d328a7161520f8543 |
| SHA512 | 2e5340b76d00b1e075672f47634421a3c04554d6679c7a694eb51a854417e7df08e2e8a449bb44b307b66ef457f07e21ad63573cfe25b27f62236a2ee7bcf2d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 65bfe164b94004992f64c8da9d280fee |
| SHA1 | ddb2363be15889b592477c67b1179f8a9bbe2dfc |
| SHA256 | b89cccc18ac0351be6e013d867d95e795dd71e8f90bb73012c41a2a9e541b3db |
| SHA512 | f7b5bb48e4a519b0b9c9c9d2b68ad5120a6e2306e7126bc966d7fb45f592467a1a9b38847a26c46923671c4b8ef3c3a88343d24e6209c4f734b01a23ba8449cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 77536903559e85b884916be76b081884 |
| SHA1 | ebb26a267a007f43b573e702ba9ab7d0c679224a |
| SHA256 | 095323caf0629022dea33bd46733fb4eb9397613bcac3a08fba5221dca0cbc75 |
| SHA512 | ebf8ac60f3f02407488894b8b52db06024390031a61700bbdbcd30d3608e9cc229f65e2168e1f25fea752f7acd65a08b824d6d3cd931af40e7c8399b610aaa46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 175914fa782ca5a59b7ae5780c9b3413 |
| SHA1 | b1f095620e3714bdd5604444c3fad079075a2665 |
| SHA256 | 340b9d7eab66a574e832453da6bf42bceb2a7bd41ffd725f39ac81725d71c2c2 |
| SHA512 | 6be358d6faba32412e81a58f1b6c57b387476406966864343620a6d73581ad0e19245779f296cec4ea8ed6d75271df4a5032e1ac9ccf67496a4d22eb6b9bfca8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | dc9c2df216853c814bb8a15c68db5db4 |
| SHA1 | c9b99aa1970a2d648be3f352d52d4c5c20f63f67 |
| SHA256 | 5a0d323ba823a918398c75e5bd7b3ddadb97cdfcfc82be626105194c07d8a02f |
| SHA512 | 3d56cd7eeb7c1d50260eddff9ce2b62ceeae1598bc5c047a5d842f0ac93642f6c8186f1e1aa22412ec269b2ac7928716d8d4198a4dd97db7ac4c691e4424941c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ec20fd13c6287e78f6c42e0bb93f2c91 |
| SHA1 | 870c04c3fcb6a6051676de84cdf899b6a05e6116 |
| SHA256 | afa84048b8ec2022b76cb1e70adba469acaa0b5490fa57d49c01da8dc3fe6032 |
| SHA512 | 193d269bd8de92b021da7022660bf2a9b89cd9e0971cfec94f1d75ad1318155659e2c44b5453685d60ac5b4623dec40840f326868e04d7f85bc8c8e2df420e0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bed0dead017d0e374a7235147d83f649 |
| SHA1 | 63fd9361a670ab172f0ec75656125521a2538dc2 |
| SHA256 | 2ab8c6550537380cc7279c07cb372bd8139ec0b9f4cac4400262b6ce85935a49 |
| SHA512 | f0df64be6bd25676ab97bca91b8eb5df83b32a3e1b4d7e6f1dc163f2c7367e132a374ce0ff893a0f7c3983e26744675f712d3408d28209755d4270fd56068d0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e
| MD5 | c0c52a527183bb101101bcf2cf04072d |
| SHA1 | 8f69ba9fd53159eec0252347f14826db560f0627 |
| SHA256 | 2c6c5380a4e66f59c8958b9fe681e3b7b1a0dc1e63c77a56d71c7ae7175cf19c |
| SHA512 | b2a944538c5bba24798155f0cfd401a6298e1a3f24957024dbb5c1340a4a2618ce8ce5772167d61d5a95724eecc3ff88a2d69b5c575caf736482e438f9935190 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f
| MD5 | a77d6af96572edc92d069f23a496a6ba |
| SHA1 | c9bcbc506af9e5166d1c6ce1c1e67db6244f698f |
| SHA256 | 43150b44348532ec40ec57c58897bd8fd53d35ff39e241763c911a77d13c3a72 |
| SHA512 | a27f796a30af998a1bf06a6d2e0d74d5320831c35eb6817eb9c52fef8421ec995e807c4873fd780d50a5cd33dbc5b8e01bbe66f23a663ea7885adb1de9ef98f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056
| MD5 | 48d2860dd3168b6f06a4f27c6791bcaa |
| SHA1 | f5f803efed91cd45a36c3d6acdffaaf0e863bf8c |
| SHA256 | 04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77 |
| SHA512 | 172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5048cadc4ae67430a9faa4df62328d4c |
| SHA1 | 0b00a508453aaa1c20d0a953f43b3c3537398c2f |
| SHA256 | b561b4e168854fcc6afb7b4bb6a95000964bba38e9c644091f970dea4860f4dc |
| SHA512 | 9dc76cfd612afece294d7692820912b4ffed073b43f6e5d51aa22889457ad904a5c179e144a4d15afd9fa58000b1d635d94e0251d31034b05b2fba1c86f42743 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cc6e00d73a84ed2e4ca7915d80f341be |
| SHA1 | 302d0ba8c18c781609f272c456d5d1aa1ee1b81f |
| SHA256 | 018498153362ba81bbb94db92f47c34ec428a3353ac6bdc1061edc08e1eb43b7 |
| SHA512 | f7ef4f563c435339a4c5aede21673c6a556c6cea3583084f5ed33f1c08e96ceb16c02ae2f7dbed2f9fcb00f3b30f47dcd3b7e3115a50c6434675ee12dfb3ad95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 223b0f39231e1e3ac92fc89f84fa44ce |
| SHA1 | 2d25aed8105c2aa3f84e499b1aafd4762eb64813 |
| SHA256 | a0850e349ad99c4c2b4c6e37cf93d7c79ab24da1deec2e32d89c4e1253df8656 |
| SHA512 | bfe52ea8f32287efb598689526381c5595c342d4f8dc3c6b8f3d11b530a625250c9b351c318bab521e77a3ca5a903caedfde2c995861d82fa688bd737845a946 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | aaa5d17f63327983d7740b990daae5bf |
| SHA1 | be88f0ec29493a650ea54f36c171c61afed350e5 |
| SHA256 | 46caf68b7f8f23c94d336ee9ad8288c70ea1009abd497a89b6d52b656f7d99b2 |
| SHA512 | 98d20922542b29feec7e766c305cc56a55d7743919fda29046f74deb314fc1ddc6d349dc0bae825d511cfd5d9776a309234670ad4ca21d59f9d6155035b59b66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8c9e4e273615c710a23bd8acd374b2cc |
| SHA1 | 7f55a776ea8c8bf98033b092c4ed3336562285ad |
| SHA256 | 3b19fd78e8e10f7babc2c8b3e21ca749cba8fdf9c43032a44d2d1029f844a116 |
| SHA512 | d942a2054a3bfa0ee49e026433e85d95aa0ad6914be8e504fff9945a829d754aa1d7b62442ece4c75b65ac3126c0fc72d581091dfebec6481b61b45f97b05614 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 45651aeb5ae6f880f030ecba72ed677e |
| SHA1 | efe3800b18f37cf946888abc0cedbbc341509124 |
| SHA256 | ead23001f23db591b0b41d94fae241532152f8ec18c71a7a754dfef5bfe94e2c |
| SHA512 | fe4ccb0e43521f0907e245f90bbb66725279c6f6066c35aefc755d809371c3201822f7acbb43288178e61a6c46b06324869f69c55ca544be5a1efff50efe3991 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9895e4769e1a19ba4899679f1629772b |
| SHA1 | c2bef4cbfef286c7f4a7aaefb58fe536e6e4bc18 |
| SHA256 | 0784e85b2981d2913969f0ea0a45b2654a7917b85110746882e4340466576609 |
| SHA512 | c7fd2db1b76c7db3b54827b18c71005619739bd1cfa7838a2272fd3404a32eeedc4b571a6acfd94ae522d7aed0b1f1f5bd64d64386098b4617876daaedcfc2ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bbca2d10d7084c485893e53d9cc92dc3 |
| SHA1 | 1908d33fc1e6d3a9b2473b7e922a3691b561e1f6 |
| SHA256 | 5d7aae139b301e2207e9cbade706946f19dc4f98976f959fbcb356859050fe91 |
| SHA512 | f44c08f55849e805e327d3873395f9d404e7f12b487b59442655ef236207e0abd21320e93a1dc629029fed69a1ac040b4a68005782984160df85ffb214294905 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9af507866fb23dace6259791c377531f |
| SHA1 | 5a5914fc48341ac112bfcd71b946fc0b2619f933 |
| SHA256 | 5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f |
| SHA512 | c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 61cb5c0f687c2462ef2f10854adc3cd7 |
| SHA1 | eff02c7ccf2bbd2f6862d2a7e2c48d811799e525 |
| SHA256 | 9833a806dedd428e7daf76b9fb406fdf14891309acd986bc27c0d6535b9140e0 |
| SHA512 | 65a719a2634861721701731f67e3679df706dd0089f640e81203095fdbdf86f376c4d91c7149c6a84188a4fa2cff894efe3e710f236a2acb7d5bb205a40879e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f0b4464a19e6a475532f6804c0614c3c |
| SHA1 | dcd70fe7a424da494bcbd3c73e69cc6fa38824f4 |
| SHA256 | 0e76c425c5e94b9579cea37a5e02c5dc48ce1475c0b441a7093f3c251bd4ce95 |
| SHA512 | cee9f85efba412ef8f021507ba0baa04ae2d4862efb23f32bed47d39b1e958f2f7f224367b7bd3a8a41fc00be2307fa63a3b3a9ddf95976c778f4d30a03777a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e709e63215f05ed4a3f9a89ee7120313 |
| SHA1 | 0de4b155445b1e0cbe13615d59d1187d9a2ed33f |
| SHA256 | c21631c4deb9dcd08eb6c274371a0212c4407349e69ae3968af695cce383944a |
| SHA512 | 07adcaff7a8a29ab1dccfa044c2c12558ae8a803535a96e8c4622b2ca1534dd0616cebbec9d29be6ff3cba4090723c1c7d3bef58db593f57abe20f88253a3aec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1f446c16eaf109d54e783c32261b5cec |
| SHA1 | 7c29a58ff65156adce01e6d749ebe1b3b1bf05c6 |
| SHA256 | 51ffda4712b65606b2bf92bc4e088010e3432d0ba650e5ad021be270be7c1edf |
| SHA512 | 1845e7013dda73a50091002e428b3a24d090850922fc2c6021937a9a8b12bc45f6891d22dfc510a9e3a4179d1d09abf588e34d1b7e28c048de25a384fc8b6d83 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | fa7689400f16f032ed4f7fbb69a55eb3 |
| SHA1 | 12d4bddc086983c08f6e6531802b728cc9bdc9eb |
| SHA256 | 0d9b9bf83a5cb46b2f3a7674b6d652c2de68a5277253f6a809f46c32ebe58485 |
| SHA512 | f191efcfb61935d10a3425a2e74a16bc6e9edd1e3436f5773833881636012dcfb93529e6af29d3f0dddcb8621d2e00cb6d3bed8648ca3ff9231a29e1bc34fe63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2835553d9dd6313dc192b8282ad34bab |
| SHA1 | 335c26ca41dca3a75bd8bebd2da697774b6b640a |
| SHA256 | 125c3841f88a45b67a8190aa86f570ae7def6e9875d4b0446d1b5477c3137f51 |
| SHA512 | 5fd554c073e38fa58387ec960444f735ce75595a1181e8f14993f71c08f8dc22a2c1ceb6dd8b4fb461490d6e006ce6a907049edd11624cfcfec15b5f7ecd5baa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c2ccdb859ebdb2dddeb3de1bf430a226 |
| SHA1 | 15ad314e8b8872f226823a78d00077d6c7bf69e5 |
| SHA256 | 9e8769923d69843e9eaf61f8fa7cc66185f105b1cd9df75c4fba63c04dadaff0 |
| SHA512 | 56ae45368807c4b2d2e0918957d8c8f082b3f3e869c66eea2e0c08e27a8c8cde05774768ae3f47cff03b239f4d358386efebccd7fab7aeffd3f225e3ae9d1d5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b39d1248f7126fa8e8a8d49c62cb21c7 |
| SHA1 | 12b411e39ae722e247af9d5b118283cbb643ca32 |
| SHA256 | 230831b2f9a41a3ab32915032a7b03e38c1e085f6a4f1c21255f038a5f7c6cfd |
| SHA512 | 1b041a1c04c99562f403613bf27048f3bb5c8e5ae458264a624b9345afe1b978f46f3e41982f07e7d893eb90a179fb9b61dec9cc696db61abe66671b20cdaa80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5ff54fce4d77d0d6ac4781d8f467a103 |
| SHA1 | 3f2e00b5960de98e6d5d6515fcf036578fa11e03 |
| SHA256 | d5a6ee723baa2da2ad3602eef56f50cf0217cc192cf9c9062423f42e3684d2ef |
| SHA512 | 3e83c9e2df67169a283cd386b679dbfbfb4d14f609c7673858a372c043afd8e377a0f543755772c0fe567f2eb25318e883552f5fb5d212c3b7653f0a9d6fe94a |
C:\Users\Admin\lUsEwwwY\SEIwAsoo.inf
| MD5 | 5f54ac758b0d06d823ab2feb4a6edd63 |
| SHA1 | 2fdd7b0553e391229d1b58c308a5754475d58e95 |
| SHA256 | 89c3e8d520d38d30190355abafe8d172a577655c592a741f5f2cda65e17ce44f |
| SHA512 | 09e1ecda129fc272fe66305580c5b78a3e0e83a22d0777aee925ebc5bef69983f6dd89c0536fc9598f5c58a0320e6e229682082d2faaeefe2836daf62aab3437 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | f21560e7f2d4922b269507db7d484556 |
| SHA1 | a65ac90c4295e94a2332dda625cf6e4b613fb6df |
| SHA256 | 55242c13ed8f22ee874ee07d5ee91271d97dcdf9f4237207570f7354ada50e6e |
| SHA512 | 279a3576c82e6c029c29a5c2250e5a8aba192a062e0a0e5664016a19dc3289fce971ec4674ec950d4adcf71b25e94f0caa927fddabb3f628b7718aacabf1ed97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 952d2e1002b0ca83afe9192300c0412a |
| SHA1 | e8623c0ffa83d6218fa87b5bbf7e9fd0327dbe8f |
| SHA256 | 091e3ffa0d1232df4c4bd71501b8bc6220645c8bc074db367e87d5c0cb35f201 |
| SHA512 | d527dfa33a1d310dfb48427c785ab4db24983f216102c828e5d3534220b507be326b45bf089704d3b750677e6eeceba6d69c7a7be5ea8086446e69731a7c6214 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 376288327737c1bb587ac6719b419322 |
| SHA1 | d88f41bfa8e1fa421d07c4338dd93c9c8d8ba619 |
| SHA256 | 2985edd78b7179f5bff16415823697a111469b7ffd380a7ac92235d3333af380 |
| SHA512 | 0b159f2832cfea016de65f215e50a1bb2731a2e4dda2205bd13a058797c743ef9e22e7588f79be1198786924dd362d0dfb04f17ddca46e5f6df06c1e3aacec4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cc0d876d82e898ee46972fbb645e25bb |
| SHA1 | 34d191a10aefd067cfe98a906ff0bbbf8f7dc49e |
| SHA256 | c7138cb3fdde5041d923856cdf8d17dc3096081f326f4afa00c6847d821d06fe |
| SHA512 | 90daeab39c37356e416fce7a99188461650d08e7321598219bcfa61e099dc023e0be5c36c0817e096ebbb9618bbf6c91e6f3a194d7e9e1790f4fc1d015f19d60 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 0265834e86e7457ab622cf5657d5171b |
| SHA1 | 977dc9906a225316977fcb47c4786b013d9cbe69 |
| SHA256 | 0614393c694a52f0ee12bd9dff9fcfa5a422b4197f96604e7eebed8ccdea22bc |
| SHA512 | 5d4228e44acbe16e6d00f82842e3f3fa408c247fba8accd7ad940b578bfb88ca8a1a5ca155ee680e054d70d8a74fd0136b1b7ee484ae0413400a8d33c81c9ce2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | dc21be03d721baaeb7238dd50dad336c |
| SHA1 | 97abff0860b1e0346247121fb824bcbf7c07f2da |
| SHA256 | 5ea758497aa3e6c76578fb6408a78a2fb76b52e471890d64b33f69c8e3ec9b39 |
| SHA512 | 44297706fe9f74c36d5b6c0035f9c6f81fcd878afec9606777d53704f6a3635be31c06d5d0ad074ba6a226e07e5303d0ca6abb1c526a128bf73b8ec643a3e31e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 782ba3fa47cabb0bccaf5934349ae7f8 |
| SHA1 | 073c3b1c06093c61bb83453001d24b9814804a7d |
| SHA256 | e9f9bae563ff8b9d996055b2febcc7b0748c74090ab1994fb683e4a7a9997610 |
| SHA512 | d0fdeaba112a2ab5767d7271925f73e4c956712687da6ee829ec86ddc0fb586de4673ad665e3599c38f064de07cb25288fe24c7181594ba3d4b7d3e936cd5dbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1c720b3344f023064175c17bef902016 |
| SHA1 | cae55a9b6813e3c6dbd740a4c67f23033654deab |
| SHA256 | 34cd85ac74d793c9946874226baec8473edf14ada88b2b8a2d6a32a3474b7ffb |
| SHA512 | eec2b53c0e34f3bafe68ca70a9b2e74e8fc6a612616cfc78b77a34be157bd9aaa26ca16f51f3053bb5e608394de3ec22795762b3114df1f4fbe10d26b0e27333 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ead2b79b4172b91666dcf867e846f60a |
| SHA1 | 38323b8e0d96c7e3b75f75273965235791ed28c0 |
| SHA256 | e881640da97be5eba0f5542a8b4ed9fdb383db2ad45eef3fc5a8acbe039b5607 |
| SHA512 | af8f4e784cb727f796397b97ac4fcb737b6d8e3d04bd5e50f81354ade4c9df59daa8a7ab69109f117aa1032fafd9d5c8fc8273976d081fc4a52a084788762935 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0
| MD5 | 5cf2ed5f28e505578f2582771c1e3562 |
| SHA1 | 01a9a67058fce3970cc14e971eaa7b1d66e5443f |
| SHA256 | 3e44ad1980ce2803d764d5ad58a4c3baab859987d5e2d3a4ca23fd80267d9a0f |
| SHA512 | 35d1d73e7a48986edad7220f5483491a26df36299f0fecdb158c973caf7de6738f611a831bd6002568c3409901452911495bc75df769e71d04ec97d59e3a6280 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0
| MD5 | c055d6bcb7cb640016f2282a37f39c02 |
| SHA1 | 907c95f41a3d27f5514bd7bfb40e54156f8acab4 |
| SHA256 | f4c764effda98ecb0c763ba3de15fbb230025da024e2c22f6489dc9dd28d2e32 |
| SHA512 | cf432e4da64aa694941303680a9a2dd499e7b125fb939644ec1ea7c5d2b7f2cd9e1e01729a8ded3a84e9020033a13f8da13e98aca4be0a753d9f87f5dd6accab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0
| MD5 | 968b569c24eedee6448569ad047b12db |
| SHA1 | 01bb084d0eec7cdc750927f169434bb856bc7910 |
| SHA256 | ac9dbf6f78a56c21c2622917310ccd3efe936389c0c3ab8d819993e615f31c05 |
| SHA512 | af800cf77aca4fb0c7c4fdd87f236c556816b11d6fbfd22d228e6c7a713ba2e443baf5dcc45bd5bb2dfa12140e2a3f8a9ff4ee405732fd24827a7953ba29d0d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d37cb16ef5eb861d_0
| MD5 | 8615d5da97fad3594e13736567c7171b |
| SHA1 | 18cfe81e9a88698fb7f16aeb1d0a84085a2d579d |
| SHA256 | f9df2a3a069f59240a9697c846f142e737fddd01c3dbcabb31179812c16fc70f |
| SHA512 | 7b1f55c883acfd9f2fc7935ba52af2e5eca3e5401fe29191d2b392f0430b0f917cdbdd97766effdbd05d4809a48ccda945e2523b7604dd22e950312b2ca8781e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\168251be7271d371_0
| MD5 | b91c52bafb142ab1feb114c3f1a4c2fd |
| SHA1 | 580f177964e3757ba1b340bf44b448426ff1fab8 |
| SHA256 | 7a15100bffe7ee2cdd224674b87963cf8c9c62a328f17ee0be784253b0dbcf3b |
| SHA512 | d34f94deb4a548952933fd4ce128f236f2e75f14e2af3353bed5a7dce362e05780176dddf693a08057f8312e9751cdaabc0c62355b13756796eb8d155bd508e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e504183595893c5c_0
| MD5 | ad029aba5b383483ee16a27873333cfe |
| SHA1 | 6b7b0bf4400fdd706665c9e036971f6d3dad96e6 |
| SHA256 | 9b1976a21491d14d2fb47dcfdc57b3cbc4cb961d4d22e3eac92f197860687079 |
| SHA512 | 942d853a16b006fb893216625d8e3d48ba4dc90b9270e9d5fcd2f300e4e2bcb10d4431fee9817200a1e8a516393203ef04d01c82171123bf4c1ec67ca976ea53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0
| MD5 | 3cd713faad827a11a8d05166e5550533 |
| SHA1 | b3dd7a2bb57a2ac5bf51651199e9b0271b6fdd8f |
| SHA256 | f078ae7f00868eeb29bbd3f7e5f00cfa94922eb833ab12575e730233d50c51ad |
| SHA512 | 0bfff5b5c482e28bd4b127035f07fcf40be1a81b1d2952a0811bda68d6508166e606aeeee9271532b5d5b93c3942124fcf86f23d218a83fad1690f76a8dcacd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20c296787a3f88_0
| MD5 | c039b94125b5f8758d9f232335a571c6 |
| SHA1 | 00e6d0def58073359189293cf1d7b1c52606b2a2 |
| SHA256 | b6a8951937a926a73cc55fe955ee75aefbfa79c00713ecc466791b0b4bbf25f2 |
| SHA512 | bc64c272048bf3b55b2b308dbd51083a763981d75065a0d00dc19977d6a9d2637f1aa7db262014795c98b5f8c66fe957b40be75f6aad56aadf4488578251f050 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e
| MD5 | 9f995e05fac4fdd596568fe18c8696ae |
| SHA1 | 180bdcc54bc86c8693024cb93ae615a18cc073ca |
| SHA256 | f7b47e205c68617c99b889a3958dbb26c73746ec2a5239f9c4aa10d42bd54296 |
| SHA512 | 9d8cf710dffc7e79b9cd5d6ccb3d9a0cb8132bb66c9ddd802e3c16c3d73ceb82da2a43f182a2174d477734d16741513f3b52add3bb70f14c4ec4f9b99c5e031f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0
| MD5 | cfd1a3013f4ca23649676946594a6ebe |
| SHA1 | 2a05ea88fd0e1fdb6120c1a1ad79b2302a5da3d1 |
| SHA256 | 34d3f4f0db7614e44e2249bde4182a75dfe78d7ea16b5a13252a6bf6eb8d150a |
| SHA512 | 07cc5f9b05418ce3c2daa45f507f5e2c1f06c6486f7b84480d58aee653ccad22e9afbcfcc16bce1f9dbde849e5bcee4ef9e309a9fee2014d05de04faf554d82d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0
| MD5 | 9832dcf958f73c702a8c387b41ccfad4 |
| SHA1 | 6271df607b244a07a080f39fe4a64db9c83ff42b |
| SHA256 | 04aa8edee945e23b0537a043e4d88a88227f829028980e5c15845e5e73fdd08d |
| SHA512 | 1f158739155deee38d1fb63be375a96329f5608f5a32455d96dca019f2b3ea010ee13f70d3a03a45fc02ec3ff864330ea73142455fb9b8a532c2379046397d5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a3a85db8d23dabbf2455da42573674a9 |
| SHA1 | 283451327f180f3f5eda17ff83d2f3a310d52f4a |
| SHA256 | e5f180f12804081b03499876ff52019b950e3a303c77dd103583ee1cd4fc7762 |
| SHA512 | f35e9719e3fa7b733aa7ea904122ffa65e425d0f4ff947b5671efe1695bd6fc5ac989951e74de08d001aac97655d1ba7f567fc802fb796ebd31278c34088bc71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 995e0f07b34e310302147c5e80647bf9 |
| SHA1 | 07ec69ec68812baef3fa668597b835f9fe993bb7 |
| SHA256 | 712299cd2e56942c1841b87867fa3e9dfa0c002f1ed04d68a2f2d8415ba262d9 |
| SHA512 | fa4d01ead6b5342e6bc8f02026418d2ab3fdab907c4867ab7ac640dc12e7404355752884aae77838628028bfa86301cdd2cae4991dfb1c0d144c8f46fc79c3ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | af4e9c3fc869b54baccafa8f634925c5 |
| SHA1 | 14a58c2da9ac7195a29a440bb1fe1593d643ef46 |
| SHA256 | 7e19ddd8a13c39cce130a9b2226e8d97a41242c3dddb5c963a5e567d3960454f |
| SHA512 | e7171addba28da68ef4c4d5c5f3393e3df9d9ac9f5cc1f569c5b464024a7ee1d60d672ee3e9a90adb320fb16b286d0e54ec9847c57f09260137f6df0830a100c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1b2ca5087aa8b28ee46dc3a311ae91f8 |
| SHA1 | 97d71ecebeff7b742b5b242a8ccb326778e51cb0 |
| SHA256 | 03e8d3a3f92793d46606fa3f546f8303329624486f65cc2ac256b0f7c8a55983 |
| SHA512 | 1eddb0a4a46b187a1c728feee4713b272724b5b095a3052342a34263c9110db1c6684bc7b4e4de9dc1488bcf434303f199f6a052f4fcbabde142cf3e8ab3ea3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 79cb4d20690b2a8fbd480031eb0373ef |
| SHA1 | afd40b726977db46ee0af1a929e0d84b940f5571 |
| SHA256 | dbc52b48774e6ce16ef8a5ac1e9bbff36d7e517e6d9db065e35b778ee63ecd4f |
| SHA512 | 86a6d6908e92cfd59a7525cbeb767887f9c7e9f41d1ddc9bf80d4b8f397ed42d6e6a55507471afc2b115cc4626f645c061fa2ec4301c09d3014f393b5bdc2223 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e83798036165846c_0
| MD5 | b6e1248d31e22a6bf12686e8deaf3387 |
| SHA1 | bc236d8ca90747a9565e15b6b96a1cec117cf07c |
| SHA256 | f8cbd37653974be6f7349646b3f3c5875fd47b4b657a9ca894486ebe3eab2658 |
| SHA512 | 606099d31f68a3f2712385381c6634919677af433438a3e5c78b0ba30d8e66683fb27f62b0ff864f92e1137bda91efb03d73578b68e2178c4ffc8c8a539dcd33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\580fd9376c2d4a3e_0
| MD5 | 621eac46c29c97b80b9a71b067b7659f |
| SHA1 | b959ede2526005579ab0376b2c4237f97d44cad4 |
| SHA256 | 2e949f5c0c827fefd6f702cf6c01ec533aa4b01abf8320304a06980470d4304f |
| SHA512 | 52febf03f7fceabc339214a40ad936ee76237f7272a47d5894ef1d647b07bd03b83a5c3c865f8ad3cae18c0172bfb20328edd380588d1be92e9d700423a71029 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e23bcf4dbf5c221_0
| MD5 | a2d94ede49a0c41c59eb6f7165ec2a2a |
| SHA1 | 0cb163bf125936d556d0e37721dc0c0301c2821d |
| SHA256 | bacdb6de84a5abb4a9f993272e250a45175b920f801cd1a60c7731e4ce821584 |
| SHA512 | 5386a5b70cdfa607ba8a91c21f2f52162d356d380f591aa22f7705552df0e1e1dd925d0723080146046b0332c43084feee828560509881d60c5d5b9445786d09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0
| MD5 | 297d59a1e23d238008ba32c38d1b863d |
| SHA1 | 1b288fff51d8c6a77046d8e6b58079706aa144f0 |
| SHA256 | a061708e6e7d138f079a8cd647c9987db9fadd53572cc3b1ee69536a42a113c0 |
| SHA512 | f48e10ad694a5d0caf2a0289065e530f185b1e68b94d7a7f4f8e5ac170a6c8418c7f81b74061dc9cb357591657d8d95fc8b27f1038898f6bcee8014dc8611bd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f02c4494b1a18ff_0
| MD5 | 97a9adcba3f0ba820c47ae5b3aba0dd4 |
| SHA1 | c9bc64ce1adc8ba67ae7810101018807ee096aaa |
| SHA256 | cb01c1cc28064ddd245abfd9af2eb61a0f3613984fe3976ac2a79f84efec6752 |
| SHA512 | 59869425a4b3f2b04cb422d51a88f5bd88afb6d2ce7984a4c8a224f345a040327888f66bd5db35ff0f03fdab26ccd3a0d7cc4e9cacf77493195533a4591a8f92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0
| MD5 | 184decd8a826f467a762de8d1d2bc30b |
| SHA1 | 4483055facbdc22b39e8781df520adecb9a2c0ac |
| SHA256 | 5010d23d9def67878f2c91bf0913395fb8d63e7b39a6dda3a2b460f2c085c035 |
| SHA512 | 71809e9b4b81317f0e2f660171ad637f726dbfaea35893f4d0a566aafa94a1761f938a98cb7e69f13288457135307c9bf0ac00b45d77d5af007fc63fbe60ea4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0
| MD5 | 976f093259d720294aa053799416296c |
| SHA1 | 9a5aa5beac38a6bad49b605944880ebcd574b966 |
| SHA256 | 44fcbd5430aeced3c282a5cbcde7ed03d022a469390730a8e6966946b3817085 |
| SHA512 | e48ed26036d0b2235b5b82eeb696e906574098c28b1f332e17380e07fa9fa0c687a78db02bc7d0bd4dcf16bd1ddb438a86e25bd3e2ffb828c8dd34be7c7b89ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e313660e1f732dc_0
| MD5 | abb7d6994c4aa8f6be28fbc8e343b383 |
| SHA1 | eac874e7c465d1c701b418f17c4bc22585cbd8b9 |
| SHA256 | 0f15863f39c5d22e9a512f5a0aa26bfd1be5562a914b43a9e0a1f61ef342c04f |
| SHA512 | 4522a6a8e56269f80edd1f57595d9478cedafe101ade0f955c23f7914597bde4e01987ad9a9cfbfe708f57878d73321057998a7a2d43fd4e78339f5cd3ce2022 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0
| MD5 | 99974a88a3f2ade67c456fdbbb30eee4 |
| SHA1 | 138bf71f9f60f081a4db79c2f31f235342fa3bb3 |
| SHA256 | b0c4f4363517bb3a3c2c1227aa8ec018d4b1eec015a85f4111660e699a5dfec6 |
| SHA512 | 71befb47974c86ab20b76d24077ef0978e4d9170102829ef2775f8bc634b4eae9d6cc98bb4fc4bff8f61d747ad1160992ff2a28c13faeac5272d738417141b47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca892b448ce010ff_0
| MD5 | dd5dddb39624a7a8c32b1ecdf70834c2 |
| SHA1 | 29b5db71fa23a2ccd5ae55a2f32390b1996e16d4 |
| SHA256 | 6ca28574f216895bc21333b157f37f5da56cc79b21f98eb5b5bbf0d1d1b6b145 |
| SHA512 | 3008621222c71d2613466d96d094403cedc35d246dbd78ef4c9db4951f2a37e6ff3418e4876bbf0431f98504cbf4fd62e57eecf6a2055f5643e3759dac77dc5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0
| MD5 | aabc1e5834ed4db49447c1a994cdba62 |
| SHA1 | 47f16984904f902c6eef442cc0eb4996752acb52 |
| SHA256 | a190c533ae388f5f6cfe63c06ca9c621d0cb7f747a6d90681a222a2a67eaf5f6 |
| SHA512 | 8792d31f2cf1bb742b23df05605398039c7b1b467a9aa826d9eff49fbd7aeb3057c8bd1b8046d50eea4f5ddbcc19727f3ca8e0273da854f20a006e030e4c566f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0
| MD5 | 8eb7e30275ea3ea3af9dd693a361e0f4 |
| SHA1 | 528595ab4a246157ef072af32cc37f0ba1a0f3f9 |
| SHA256 | 763a3b64f4d2ddd872c93970fee6e0e9318c5303fb90067cbaee319ff9848bba |
| SHA512 | 8b894c9527f440b659bea0ad4c88a52b503cb25322b53cbf286d5e630004599807e786c70f28df60b363c8a392d5a4474b8470b8d3fb7b0155cdad35f36e17b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0
| MD5 | f4427d9693c33c56fb2346054db4956d |
| SHA1 | a3fd9b03cccf862522d48121d9e3a2f81f6d966e |
| SHA256 | fa1a19c6420e6d71a82a2d867835f41302343bd520b923f9e38a0acbc2d28224 |
| SHA512 | dba6a58bd1fb3b03635c04af2908444842c4c92f7ae33b2cc8b0d82f21d1b9528495025cb7275e7ae9806350be395626b7b6cf12bab6b1a9ee81d13f17c09167 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfd9b5c29c5c8524_0
| MD5 | 9608d8aae1579354892219e873603274 |
| SHA1 | 6ca46fa31e8fdd4c00819dd044f742acf8cca9b6 |
| SHA256 | f2cac4042490387c83cbb39472c6df0b821086a9727f349ee37634396ae724ed |
| SHA512 | c0c742ce0050e6571cdf0d77822f2c4605a674895caebf9f48a24e281c327ce24a29400a13492833d31d3c67c15ee36de3fd5682a9e84bd3e0571811043b0eb3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\537f62c2e00def92_0
| MD5 | 28467eafa8a95cbae07c91f751e63bab |
| SHA1 | eeecddf37b4cc2aef93370fad2f5743f7f836f88 |
| SHA256 | 1111d7547f2f6419c84763d9a74bbf9342706454d5a9bbb733f231c7c728e188 |
| SHA512 | afb41eb18ad9b40a521f550c79b9cfcffbe05d36c12e22351f761fa493411359bc41845e2856540c99b5a838e3ca7ee0c99c22d008880d5d458f8234f0b46953 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0
| MD5 | 5ef5ed58e1d092866f7c0c71bfb211c6 |
| SHA1 | 5cb8f189fe581210bdc0fc3a7bf822da380b588e |
| SHA256 | 2e06c00a4efe12f0f65481f1faee8887a709d3286f8a5922c82149d226ca1bf8 |
| SHA512 | fff9202403fdd20000c66d6a6ecdb789ec50b34370f68898241d562e85e22931033c6a674e45c1f58590cdbd234f260da940d17d888f6e7ac9849ea42869aca0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0
| MD5 | 11868c5a385ba308a0dcf7f6e8a0de36 |
| SHA1 | a868da715b745a57ff7590a2bd9675e5710ad426 |
| SHA256 | 4e36109d87b285555ec0fb78f6dab6db12b1c8758b25e0929ed9321e1f12bd48 |
| SHA512 | ae71f8c1a33ea9f6463513fa6719e77d2c85eaba1f780495067880cf728cd11355b4abc63482e8265d9e3e1c176e98c6cbbe19cb561f40743f183290bbbd810d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0
| MD5 | 7f67e8aa3923b34cbdb992cb0b593fb1 |
| SHA1 | 660873ceda3af6f64f59d372a5c9783ebf1a1348 |
| SHA256 | ec1caee87af7ba883e80f949425edc9b3d779a8fa9bd70577ba7c9b67dd6c501 |
| SHA512 | 6512e8f32f6c01f06b55d057bb6d096be960184a074d575b6d37576fc5737886618619cc49d2dee19873c891bc36eecb43a128ba69d1ee244e6bf796b2f82db7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0
| MD5 | 6c53fd91816e0c0a9709415710f0fb64 |
| SHA1 | 728a953bc25f406ad8c3eb3c8b233a8f57da5949 |
| SHA256 | d5ca198c124c52010a06e699748a6d7c672a25284f5e547f2805123af9ff9d29 |
| SHA512 | b45dc8a15357781eda085435842ce77003b04b1327d573a33dba2caaaf04fa832c165d6490e3b2fea91409df97e8bec18ff6fe3d1bed1d63fc7f0b89c0788e33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2acb160b6e8bfce6_0
| MD5 | 189ef2053a521e305ac2cd2419b3bec0 |
| SHA1 | eee4b2534fd02878d1dbad263667b317fe9f07aa |
| SHA256 | 87171a006877ee9ce2b27777ac1509781e283d083daa799b1af084bed9b654c5 |
| SHA512 | 28db84308234f9e01b42f78f69297028960977c34ae4ce31e7cdb6a7e9ba1bada8984af2538a189e6fd3952bacd1fcd25b3dbc634603b69829c6f53b7db24154 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0
| MD5 | a9da6be7fdad0c317657714d51bd7b13 |
| SHA1 | 443f54da307416c062fd433e3fba6ad564d747f7 |
| SHA256 | 5a3aa16b93d23f99413b55bf0a37a8b912c97c35a2067b7bf0af25d8eacbf52b |
| SHA512 | 886cd15a5f8d20851480f284ca675166dd2401628cd7889d7677754e36ca043fcee2327092390fd3b75dcfe9c9c359dd4de16d7062a79e2c436647f7d762ad77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0
| MD5 | 736b1565bae878bc71b38f76c95eed3d |
| SHA1 | ce57f87c1302378720f3b7c117580d70bfe14373 |
| SHA256 | fef30a720041a33a53c65ab1f178a15c32d21f0f41db579e0eff54d3e3744008 |
| SHA512 | d1c0156a918ecd388a88ad0bff6e8e4e2c4d2b5f95454db4aa21caa23445d71841dcc659328cca2216fe87151a3761decb90f4256c9e36eb985609b282a4895d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\feadcc6fa014c0d1_0
| MD5 | bc623d45ea277571da5ee6d0ef36923d |
| SHA1 | ff72e2656db9716f5e78aa40338ab25dd024bc5d |
| SHA256 | 84a110059fc117c2eb29f04dc0edf603422e4163ae8a173f76e039885df503a2 |
| SHA512 | 47df065bc1734e2587c27d8cbfcb70be6644fd0fe992fa8a09e21b23dd61372cf12b68fef719b935932b30ead88f36f15f0448aa545d04da756805e07bba65dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0
| MD5 | a4e3dd88ce8f1d0783f24094303765ee |
| SHA1 | a1bdb81786a60a2888e8b7290a3fb5341e8b876a |
| SHA256 | af21734ddf6da2c25192afd7fa0f4777edc82de829d5ad710655899cce54ce37 |
| SHA512 | 643b45ca2e74e2b9c02370c47b3d24422f6b69a7564a2751f11009d2be543c56a8c3c2d8a683f595a1afa22c2dc6d0288be7f05c11402bda095a417329000562 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54621936eea23565_0
| MD5 | 13aa2a43ece5d6936189af38f1203788 |
| SHA1 | b57c4f41086a47021ec0b4535eab6f30e741aa83 |
| SHA256 | 7a877720d9d4213bad0ca0fb188f150f2f137a1274f41ec1cadcef7428bea2ee |
| SHA512 | b757da468857d850d24368305bb33f35c4636f7768cce22974c970063a920ccb8d7e65122cbc3280a1e8ff9d7b1b69cdc845d7d0c36dd6f26f3d62c176d264ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daca09b4eb185a45_0
| MD5 | df47b8b2556457ad4e9a87dc5b18273a |
| SHA1 | be2bc42b56e27b3d8412727289001cf6f7635851 |
| SHA256 | 820bd5668c65b0b58ac1ec90ee7fcc3c8ee5d15e871549dc0cf944270e32f454 |
| SHA512 | 60443a93c2b0e9561094fc48f898e1437e425e2aa52ad14effc2b07d8c6fbce7805fc01fbcd5eb36d1a03e8ec1fd997f8756ee6c1ad89e569e5993870299795a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\97e5761b2a976f35_0
| MD5 | 140f6798a4fbb4ca0d5d75c397c08e6e |
| SHA1 | de86a9df91fbcc294c12d7c29e5c2113409fff4a |
| SHA256 | 99e80146fad2cf075c88fa042b7b65165a08d1d1fdffa328bbc85b5a47a4f234 |
| SHA512 | f5b7d1adfaa904deb75d2d631ec18740f838a79d798a6dec5fcad7a64a75962f3af18c71d2a34f124ada17cbf9943793a6cb8d26eb15c5fa0c6f83ed9d111c33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a02d987e07abd9dd_0
| MD5 | 137663427871a3d05e1a6953d432f538 |
| SHA1 | 9051b9dd7baa51ddb3692428025efa9ac4b52a66 |
| SHA256 | 4362edfddc0ee66dceab229a15584afe71a6118f3370451dada53fbd0db7a392 |
| SHA512 | 9b0d2b2d9c296dd7febe04f27678c4bd5bc35806583b96c06449c38fcef019a1a56ad80b1d8f200070a1366f0c53f7140ff8ba0359d0117049181a2ea4646b26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a51ef587dc6dd4bd_0
| MD5 | d1f439e61ebff2a0b1c236c6fa515091 |
| SHA1 | ca10c6fa3209a4adad0d07b243a9ad5e6b1d3c3d |
| SHA256 | 5ae5b0608f46580757672ed41cfcf5b1e1326aef529fd3417989445148c0f31d |
| SHA512 | cba2292999645bfa7eb342a0dcfc79abc6a40da858b4ff9b6ecdfe4b6023268b00d23eb17050bb696630719b05d8653042ad565dc85762332a1b34bbb858be2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065
| MD5 | 151aa008b9acc8dfe55802371cd825f4 |
| SHA1 | 48686a81af8c939be8d64151b7f4460745f91e0c |
| SHA256 | cb8e391470d6004ab3bf6b52ba1987ae0d1251d7ef5c5a98b4506d5098b6d7c6 |
| SHA512 | ddd56957088fc6a54a08feee287220d45c37fa02aa2b68094a833b85d616753017a41672b947a4416df87edc8926852ac2448257b0e91942a2f76a4f04893b54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a7c2c0a0790ced5c_0
| MD5 | 72269c73c45108024368c35851421319 |
| SHA1 | 8525f46f67323156b8af30bfb9d92cd4875775c7 |
| SHA256 | 905c544804acb5614e7b785639f85492a1d14485932ce3df74dd648d4d2b7192 |
| SHA512 | 371a31553b33a60eca5caba7d95334ac2a2978982d328f4a6bd503622622cf3abfbe4e7b8124172cb33ceef6976ad222fbedfd4fe89d46111dc4191912aef2a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0
| MD5 | 5371c0b52b2aba0220159773c21db8d7 |
| SHA1 | 464ba7017904ebe0b2554939c910d3111901de42 |
| SHA256 | 9eb3cf2520be46656c239e3b860f0d7a12aa71d1a5dce658c27eb9a132c6af49 |
| SHA512 | 06b5df4f165f601c02ee1b7a27564da075bdf194ec94d946e41da9bb6b36f438dfcddd80bb779f13890fc6d373a9d30a2e680fefbbaed41285e838a813832b1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0
| MD5 | 7216388fc77e60ab9a67f082e14419ef |
| SHA1 | 17ff47c1a5662b268def90f1a04863223464fb37 |
| SHA256 | 75ae78031a727fe80906d9ccb46f9acbd84cf66d747b9ba5f81c3da4dd62c8d8 |
| SHA512 | dfe0b1b1c378b9252cac10822b18d940d8f9543fbc15ad5ff7889899dfbbd95267b6984482def099ce2d4c7459ccd4b234703afa369396e819a3f4a0a7de5f28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1025d16d6e53eb6e_0
| MD5 | f279ac2d50f06e73e436bef59ab3eafc |
| SHA1 | 17dbbae93c6366406b89c325be5b8ae598532b38 |
| SHA256 | 7360a2c433273a55054fcee031f5b67401d4698043c6385dd53971e695e3a067 |
| SHA512 | f7ca69ac3c766cb79c9dc68e2813a41dd5d823083808b73683a8c4c16ae540fe2f954fb079238699e9148c6eb25e5da7ff3f04fb28b359da3a61c7a59557f7c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae8d0b05a4b538df_0
| MD5 | 3ae8729c7f77e157c3010556d3b6aa7a |
| SHA1 | 704d2d0aa361757fdb7f05adcafa4f9e4ffc4604 |
| SHA256 | 542757568ab08ac89d3caa262bd1f86e69e2e6cfd267511cbef68f877094577c |
| SHA512 | b2106e0c0083cecc35acc0335739335334f9abaa67b9391e951c774786013c391c974a7d13815a9652b12ad59a38ca6ef1b8aa6126357ab3267d89f0a0390671 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4cbd9b48327e0f64_0
| MD5 | 6014b22a35f9a176dd15406504776565 |
| SHA1 | 71518386a491b9ae59b5d4dd10e847054bba152d |
| SHA256 | efc71d2a6839a977b3e15c0757395d8b0219ade7923454d19e51450f32896836 |
| SHA512 | 36ecfac90cfa4a9ac8357da4586de9a68e1621b723ff40c292c8d53235db3a6efaaeb07d9cef4e84f4bc51e1ed894a6b590549119bc98b6d6e88b8bec39ebf1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9c0109f54c03223c_0
| MD5 | d5f6ecda3cb23e357afbea8c9077891b |
| SHA1 | 9ccecb17696698574ca557220ee93cd3cc00770d |
| SHA256 | 0ff3e01816f554f90774733a3a591d4340a0877e9b3e306955bb9932361ff2e6 |
| SHA512 | 548d86d475b693cc55e40b1c83f78dc9c9f039377a975050c3b21d655c037b5834fb58a87088838d6762ef74adb358865ec6946bc5983d3ec81cde5fae651ae3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b2f11f3f15a5775_0
| MD5 | fcd635292bde45287fbca5e4295dc8b1 |
| SHA1 | 7045d32cde969560bdb0d6dceed15b1174329674 |
| SHA256 | ce67b130d897ea3f9464c57278b97ea9ee886382905874ca9c6b1ff6156ff413 |
| SHA512 | 0b9c4173bb9afe1c82e420b47d8ddd1e10b608091ba8f3a083fee6ef3d762650e9e16d27c8e0f0a8ca83059da374d62cae6afa7dd242ad13e988ab6d756cd581 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3557d97bacb52931_0
| MD5 | e4e8ac2ee3412d9d5af7cf33baeb4451 |
| SHA1 | cbd7429f66e72f89fbfa897754990950bab8b652 |
| SHA256 | 8dbd477137d2d26cff081de0ce91d2e3cfd9376b814326c499193d48e4a06a08 |
| SHA512 | e5d65c669faba3f8f6b41856d3100051cdf1f95d8f52e40614c45ea5c7ee46a03e4db2d05e03d6ca7300a75db4ac9f2a2c0138e0db9b54b6e464ca191e54b2cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0
| MD5 | 3a21c4f317933cd77045d4b54e609626 |
| SHA1 | 3deb746dae218aebfb23798a16c6d205e7b615fd |
| SHA256 | 6fda7031a8e5de6a5c4911b124b30e685d235f6535dee257ed2735adf176adec |
| SHA512 | db63c29165b7e829e90a1a015fa83c4bced9db0b165cb8839e1a90364e776d525b7da92b47d9ff730531c9c4344d11cfd319353371cdcb6665656701e679e8c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0
| MD5 | acae678c8bd5a2fb210754bf396d5537 |
| SHA1 | 01262e8d393d3d3d7cf59bbacd89b9053b9b3a04 |
| SHA256 | 1159f5dcb0dbed91435c50ba61707cc033ac86a52dbfb88d89f5dbcb9e4e23dd |
| SHA512 | 377ced532126b691bdd879fb83fa7be5da571929f070ad0aea875285db1932d2925970424f294a40090b6cf208e2b9e0ed26ed90754c896e6d22ce9341ff68e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0
| MD5 | 56bb4894a107798aad2e3626f6230acf |
| SHA1 | ba1eee69305eda0fd9d5982546c4305ec24cc8a1 |
| SHA256 | 141f950c76f43499616fb4d3adb062b8ba16dc6e48d318ffdf02ed5a7519fef7 |
| SHA512 | f34c4587268c957ba5a251d0bef422b2202f94524adb5946aebd06df9820e06cc8e973f80a3a014d4ad62bb3732e1f0d8e18bc5fbd0fb078d605e362582bbb7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0
| MD5 | 956e483e622f64f78ad8db50da9246ac |
| SHA1 | cdc6c2aa068cbc57a3f37cfb7046b9625d9d1222 |
| SHA256 | 40c8b637b6a2e47b2798558eb0bbdc28b21ea93d6e4a74c4caabcc7fc1edab35 |
| SHA512 | 37f10e5be3965fdfd38ab315f53031a9403c44049b28dae8bcfe076b03cd069fd773b2372412f13c1dfadc7b2e3022c1883b79e699ee84648d8fe0561cba34ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0
| MD5 | 9d6fd46bcc3a5482b24d101ce48727bc |
| SHA1 | 58c3c2c5db7844c4f42c4057068f36aaac473cb0 |
| SHA256 | 4ab89495bb51b6cbe0d63d909f1d0dac6e2094229b8d42ec95314f0f3aec6062 |
| SHA512 | 43de38695924374ac97b3b04ae1be9b1e99804ad3fa69f20925ed1723d6ad1442545a65d180d11580dc2819db40a915554a762366cc5343f74ce8ffee363b59b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c807b8e9088e4030_0
| MD5 | 416273205ec5a72ab9f7c19a6cd29b76 |
| SHA1 | 5caf812331928cea0bffd87b0e8524fc3ef866e6 |
| SHA256 | 6a2df6318ff89839818c30dac1e90e00608f54b322f6866dd565eda5acf76722 |
| SHA512 | 38027e93282cefe9161e66a7b1cb2791c83f02cdd195838ef61c34229be2dd39025c49b67c60aecc2667de6b00ace2428c052a59891eecb8dd7f3dfca902a538 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0
| MD5 | 51f1407d747a81b7f6a073b6a10f149b |
| SHA1 | e60ed6d394474281d07f5aa00c8449dbcd8dbc1a |
| SHA256 | 54b68048a37d1950bedb63683b6620dc5f04419b75485aafd2165e4a4cedc1d0 |
| SHA512 | a9e0ba2239a35e7cfd4af3481e50afd6702d82802fea55fecc8c509e27d6bbd8dc602814b14059f06de44f182456ab244a4e1401a1d2cd3e5fd246603dca3cb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0
| MD5 | 26a8f3066b5842559b150bbfb9ffc6e2 |
| SHA1 | 0ba3d44e4b79f1f36d2d3f03162278c29ee0aed9 |
| SHA256 | 18eddf384ecd861a11c003c4a56a44817ab3db1498688f1bb22065ad661a3a6b |
| SHA512 | 12b87e1e047c5329b7752e530eeb84697199ffdacac4b992e131f9cc6a0ab61d8d58c25ef24d57c5a5ad127583c586e1ed169db028edee96a48f088c09e948db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8f6640eef188435_0
| MD5 | 51a59bf5834281d4de604ad7059e466a |
| SHA1 | 3213b6ae44b39c502ad3f97d145f3272dddffb0d |
| SHA256 | 6e570fa4fa22fc397b05b303a8c79a9df6a178d32955d6475eb22bd7681a8dd8 |
| SHA512 | 223f505067e012a337789c7f2703f580d133990a41ffb6814c7389324ef9bde28f04c875556cd8d7eed3dca495e093beb1724be2e8c7625f02a12803e24e2281 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\120ab24e8b469464_0
| MD5 | c7606ee8cb7521a57e6b524cc601d185 |
| SHA1 | f8f392248959c380be4140ac71981c5de68016e6 |
| SHA256 | 4bd2b1c50fecec98d1d4aacda38f0f38d74a0f603906f860796ed97cb50ddc02 |
| SHA512 | 399a47d2e4c17103dc56fc80fa73b9fd04ea5f028b6bd75b66eb44636d401de8cf0db5703015de52f94091c2897c94b05ec0d55d65d2df6d0aa64090cd635e20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6537dab24e365f9_0
| MD5 | 9940f1887ca66b8be61d85e56048979c |
| SHA1 | 0ad4f020c9c1aa8d4c2f0ed8f932d9cce519710f |
| SHA256 | 9fd2e9b63934f172be94315e2784f0da8f5444b9cd880cfe4c8e9f49d3d85baa |
| SHA512 | d071d5f1234c66f3abb6028802425bdd3834110c6722df7687c39c07620d3d841282be87d2ad439bbd20742edba20fe07a753033cece1d2e21399277abd96f55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0
| MD5 | 08df8886e61bc2d50bf08b2ed6accdb1 |
| SHA1 | 0c0bf72e9f1c40b1538c50dcfe97b2577bbdf59c |
| SHA256 | d8db018842303f2c4df4b7cd6ee453d1764aa9874440afcdb205fd7970945559 |
| SHA512 | 148d275f2bc6af93b8ee5f6649c89c234a1c285c840cbef08ad20a08d6ebfb2a6e5e2fb3e6b92309790f3cfeb169c20ffb90c64c5e44d659773052e07904ce85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0
| MD5 | 078bbad5eb53db0379606d95fd3e2e09 |
| SHA1 | c765318f2ea70a4f772788620aeb62dbe45a0b43 |
| SHA256 | 0e97a1eb4a59711abe0b2da2632711499812fa1fc0e38f5c969c90ea01aa04bf |
| SHA512 | 30aa5c0019015a59f853334dd53fc17e657b74199b78d81a3a7a131ff5d543e7fa5006e6b8d5077265214907af5004e259574df4bdf9548f5134ba74c99b15f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0
| MD5 | 5231b86935bb7213f043acfde807a265 |
| SHA1 | a412b1b12e7c3c0e36befeea1c259cd7325042fd |
| SHA256 | d47d78b5c8cca5ae3f1968bf0b48dbb2e0f2a207173504b0bbcfc64a7eaaf6ac |
| SHA512 | 8838c95ee082f8b73a3062b78e491b9b613ebcfc8b23434eec3aced6b575f894f165fa2836a3b3ade48eebb0625e3688a2b4c3bb492b78349827f2f1cb16ad45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3b533c7f9984a43d_0
| MD5 | b22c1ccd59ab53d1632d5875bb45ea40 |
| SHA1 | acdf1411ae95232ce104c05b2a9422d0209c8b91 |
| SHA256 | 9fbd0fc3b645c994e6e4a1aee09932f0e093b60b181f61522ca66d9f5ff71584 |
| SHA512 | 50051a67b38ae899720c517afcd4969a906b087193a0927c5c2ad55e7f233689d7e115c58980b649145720add5ad908d3d39762f6e8823ad19857acb57b33b56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d1d5771f5974fe10_0
| MD5 | 3ae3c708ecee7237aa594d47e323094a |
| SHA1 | b147cb034119dba03f587c93d8a23d5a30d4a63e |
| SHA256 | d26b0de5cc9dc196d7c68e066275f0e5b72c82fde5b799aa9c1d9bbe04bb2086 |
| SHA512 | d214afecef744f22db2c4009040222b7c63e0dc36480f57e856f64d2a03a0fb04d35c0c18ab10cccb03fb3490bc8aea1f121dce190431aff1a9369f522ba74ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8b65cb26998de8ee_0
| MD5 | 7f4db87c3494d72aaada3222f4d035d7 |
| SHA1 | 67b63197388c4365436f5b713e1a73a5a50da9cc |
| SHA256 | ea93ee6b9784dba6f4459ae507a5f6d50e3c9c559671de12b702144c74c7d72d |
| SHA512 | b93032bb98a131435f79ebeff3b9e3ba9d216c422ac934977e5d780713596b8b30753dd7a9960e7db083d0f7b1d0933a85b88cf631993808a2f3e85ced558aa1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d47285f80fa7ccc_0
| MD5 | ca7e79347407b4bc5b42d7b2bd9ed788 |
| SHA1 | 61c46d008dd8887cece3805b6c286e6102d3da8b |
| SHA256 | 3b00a12812e83be71de077415fff41772a8409898c2039bf38f341d57c7baad0 |
| SHA512 | 990443c9ac68f1e1ce03cc544a740a14d454933bf22888364d2d68551fec5d2745ddf9e6c27217f18a98758aa78bbd16c46411b17b60de5f2074169d8a519bc2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0
| MD5 | 3c5dc25bf4da49e6fae01746b415e7e3 |
| SHA1 | 76f35c285d482ca94a17c125533d16be34a00efb |
| SHA256 | 43a82de4b39923c836d673239625f0859e3e5993c5fd88fee1a49fe818fc5866 |
| SHA512 | f3fb9810596987fa1dfe029037840577860f53a6a83e045e7c6b9e1d526ed0b5f182b25e3c988989f6d00e118c62dbae5d3a7ff66c74c09c197eb4b072607044 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5666b24e92933f3_0
| MD5 | 6bd16334223cb25f5945e5e554a2b6a5 |
| SHA1 | f7292c4420e97a4d76f0b403508018bd3f61ca97 |
| SHA256 | c8217c313ee0d11c2e92cc9426daa1efcc288ead6000819f35b3186846f3d3c3 |
| SHA512 | a9d64fb15594498ee2c5e4826de2d8291ebd5b2116f050af1ae86471104de8d711f999d12b70e7ae4c6b04a52e10a01c5bc36b357fef86755c4c8e7115ffb240 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0
| MD5 | 48c4e5473d427c82fa6778cf6f5ef304 |
| SHA1 | 6269c4c59d7a4b7c4cd5a56ff0e03db936f584b9 |
| SHA256 | 1f4d0fbbfda3963ea0088d96ce62c2770c3768a36d813e73fd051f957c56c9a4 |
| SHA512 | 2f00d022a2373b1d381cbe390399b910e2b4b9e6b2e832f277f8fe341f27b9cb746c2d3490d9b932cbc2ac4c37f93b1451949b90a98c981bf16bdbd37080cbc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 301ec408d02fa1aa8d5de7e8a1f32df1 |
| SHA1 | 6eb4dc5865ab1531540bc4993dcab86b229b0073 |
| SHA256 | 5302ab620f1ea9e6f7d5545b28741276dbc80f10d3ee17483822baa8a15058b6 |
| SHA512 | 036eb7617a76a98f6522828b9daee4215eb05d84d8ddfa24df2d11e48478c4b39ec98f7adc8a30a837d52941f55ec42853eae4ca1739c8154b7b7862e9b5bef3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b319b05b7d23dd4561ec44e3d82d7453 |
| SHA1 | 64c740b3a262a7c8c7de4eda5e73b2214aea1de2 |
| SHA256 | 81211db11a9577286c99e210ea8edbfa4795108c39f94f9edbd1b40f94952abd |
| SHA512 | 99394e5d588bf2f4e2adc216b318b7c032c35d026f67c6d55f0c0ec25d58a1281cf5475629c53114cc377413f58738861f56d907271267a3c10baa564784e181 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049
| MD5 | 68f0a51fa86985999964ee43de12cdd5 |
| SHA1 | bbfc7666be00c560b7394fa0b82b864237a99d8c |
| SHA256 | f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f |
| SHA512 | 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048
| MD5 | 3051c1e179d84292d3f84a1a0a112c80 |
| SHA1 | c11a63236373abfe574f2935a0e7024688b71ccb |
| SHA256 | 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3 |
| SHA512 | df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3dbe2572d4173d1fafafe68e56f29fa3 |
| SHA1 | c0d101a171488f3c10a0278eafc18bd36201b91e |
| SHA256 | 2a4aa1e59b322461bed3c9595d07e3cf6d36a0b24e1f2016971074e591c2c84e |
| SHA512 | e11b87d4f9fedc109b585ff12fc219412c517ccd4077dad483eddb8003663de1324c933b1b3d56ef312131113b47b655eb5eb0f4a26d9cd9abf197b843beff1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5de9f44e801f6134_0
| MD5 | beb2ffc64dfa04057b4f1da8e6f89b38 |
| SHA1 | 1e398539f55847fa57fa19da9216eba6f679dfa9 |
| SHA256 | e52234580ba94e3872aa3ece6f677bf8b871cced3b7133151bf8d8af50ccf404 |
| SHA512 | fdadcdc4df9a68053ecccc3314c8ce9e3b34f425db2c2e2a2401aff740a5d677a0a9740dd19bd5fce7eb183080cf3c9c9c18460c959816fb8e87d143a1701418 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d016d0e9b56b1042_0
| MD5 | f262875fe1a3d4a3fa454e649a7012c7 |
| SHA1 | 5666fa2544ed59846c0a3317f88bae268bb88fe6 |
| SHA256 | 681c63436ae9352c60e87339b2cc35c49ad947d15cbe96e2af33762c417444a8 |
| SHA512 | acd7f8174b45d828e59c4786401929584691adb1b573d917066de7c15d786ea8151ea476aa694534c56247a2cdcc93bcd4920d104a3ac7b6aeffe7cc6b9735a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cc2f0fedd3e9608a_0
| MD5 | b7292969b74da591908e06bae7a4b39e |
| SHA1 | a7ad4a570b451bef4d66a0ad5e6ae9501138a81b |
| SHA256 | 34d22edb381042dfd2f7b7080a1cde7adc38d9bdbc62b81b7d4ed4ef3d362ea8 |
| SHA512 | 1ddeacb998a7361fdc2163b46dc279013837c70126575c32f25be7ffb03d43732ec554affca8a3b6dc3ebdf01063b7779bfd01e21f2502296b12c60fa2bc927d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070
| MD5 | 7f805cf1910da93129ff0d461a0d079d |
| SHA1 | 2b4c8a11f4797ec225ce3753d2ef2a6c21d7f8f7 |
| SHA256 | da632fea6bd810c99f056f625af41962a02c96035c347651286203a6287e7ed0 |
| SHA512 | e5a3d81b623efeba5cbfc7343cd5c91e5985990762a8e0516e647ba3b4c38f8a22b9a03d59f2f4114819dbd3d149e3c60dd73131a13259ec15a944fc04cba4fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0
| MD5 | 92ace5de9d8407abff1571f754619e73 |
| SHA1 | 4e786d138c240ec399ebe83262c97cdaadc24bbf |
| SHA256 | 7068d37f069fb7812a4ba349104501e9c8913ce2ebee0801ac21f883c4b0c0c2 |
| SHA512 | f5d26b6614ac7c116e63403b3b569eb784d756670b5806537f3ed53f3f38868135be55c523f7aaeddbba193aa3e406961cfce431f7ce804e43b3a154a76cca72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0
| MD5 | da3b0bddc43cb4b93c5cb8df1c130f1a |
| SHA1 | 62e66b958774f751f234d1e4cdad47d75d716ed2 |
| SHA256 | 9b1c2a263f98e787e348875f501e4742c8d8f3f8313eaa53f9f1fd8e1e534a69 |
| SHA512 | 8cf8cb766a3b2948f385958e47f1e5ab7ff09b046e28c011d94c029bdcad5543578349e6e0eec24668b0d5d79b926ab653cda0b7cf2413d3dcff0d5234dcf175 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99110e9a19c3c06d_0
| MD5 | 39db085951bad2f2ad541786e4c82b3a |
| SHA1 | 2b1fd18972c0039b9f1ce799177f3b9a85a95d52 |
| SHA256 | 4223f029261b6f5396a35dd622dd085540b45d35a43cdfc5ab3b36ec24bb3e18 |
| SHA512 | a821d672d77e4033f2f92646ced4f312fb347e6119a7282925d5ce4fe4c0af41f75aae833af49dfb1eeffe0af9e0a3fbc4ec3e5cc8796223683c2767dda04294 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a67769912ffcf13f_0
| MD5 | 949dbff3883f6efcb3db4f9943a642a6 |
| SHA1 | 822bd197a2a468919725c3914379f2a25d09afb4 |
| SHA256 | fca7ad3b24a9573ac4415cef80d440df807560068062e7fc8f2479c028c58c28 |
| SHA512 | fa3c577c1fa5802837100ee90da23cadc035e8139df05765c35b53ece58b766071f6692c6b8d6230ebcd8601901589db0c9f8cd12ca839f89daf3171b4114b35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a93a5af80c0c9ac_0
| MD5 | 1207f2b7178a693e9facfeb794ddd019 |
| SHA1 | a0a5bf4e8a97e539aaa56ae93cce084dd6613b17 |
| SHA256 | 4c2a3f62439089a8dd4ef92bdb5833e08b0c62ad3337952bbaf5742ea4b6e41a |
| SHA512 | 7fdcbf06d160e188a9600abf882307f40107093df5c7420806968559cf365f8ca7643980cfc0bc82e1f65d9d2afbd6db7dc849b71f2dafcbff89deeca5218429 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2b7ffcd51b01561f_0
| MD5 | c12d61395df3b7927860bd97096d563e |
| SHA1 | 80025307b810d2bf16bdf40e102bf7eac7711606 |
| SHA256 | 9aa51c10cbcb4e09904b9f275d3b03585d607b99f64002b9651734aa69a5ce31 |
| SHA512 | 751850c8600237385bb1e11b91f2168c41ce46f85809a474297c605201a07e0e981e4d39f83ee466913e6a2206609338012a4ad734eb5407832da4dfdbed29a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b9c1eb04784ce0c1_0
| MD5 | d527e75e0d385b6b2f164d31b4cd413e |
| SHA1 | eb56eb1287f103acb4c8569043a121c49ef42ac6 |
| SHA256 | 1074a5a4db2d64fd6f48f8addf97ab476ca619119299fc78c18a87c7d473818b |
| SHA512 | f8a069f8466504c10a4f07d086031d5af6ce760d9596465fd2dd6fb3776bdc63202dc4683f52a8727fbb2c2e87dd860458bbaf54d33a0640026a31cc138d09d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\10c6494adcdcc0b3_0
| MD5 | 366d5e4fbdc2419bb23eb8dc332d2b19 |
| SHA1 | b96c17830e8f7d8cedf3bd1c272847e707f5ed18 |
| SHA256 | dcf84dbeadbe163e515dac377a95eff2a7cd1240a95c012ab6b8e749d40e1437 |
| SHA512 | ba370f5924ac442d05c62b054ebea04f7ecbfd30c79a47a21fd33e01f0ffc5d0a91ccb1cd98994fa29f34656fd5ac81e1e8d534314c31d37259b083c5fc41b51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e48c80b801ea13d01ff33fdc07ff3108 |
| SHA1 | 85946daadd953910c06536e1550143927426b922 |
| SHA256 | a5f334a2ba8e8814f5103d458d76fe47a888430f70b155dc6a37e140e348193d |
| SHA512 | 18a7ce0802b8ea594a4d6f845bfba8e73cad4804576982c5b0bb75987c434e78ca6d711f0859b880c0b4f4918242d2cdd751a99ff4378a4f4520affc273987ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2ccf4d2aa698b1dda32dd33ef48a5d2e |
| SHA1 | dc2560de0548ac53ed28363fb079a51b76720c6e |
| SHA256 | b426f0ff4897d09b42c97a1f39596516a9d7d1e4bd3152b2bba6967f367ed50b |
| SHA512 | 10b6ad73bc2dc3ee981fedb63de2a56c90cf85af8f6dc7dc735a869f95fb44011b6d32945a2c296c038ba86f5897125bc1055d8fa66875c252a74296ccbb44b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6a71be72db39bf66c4bb14e2e3eb956d |
| SHA1 | 123e290caa6b1b1fd705364b2ea9cfea2b3083a9 |
| SHA256 | 312aa266a9f6ec15660d27a3dde006a5b24ca36ebff6363ce6fc885038f179c0 |
| SHA512 | 5d74f16dfab58aa16592b2750405097d9110744708cdace9717e3b080d66d1df2a9587e6c0097fc6dde61aa19bed9c31571a5b407c32e275dbb320d86fa09cba |
memory/4556-7729-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 1ca52016a19b70c3c194436910a2738a |
| SHA1 | badd112f7f769d7b2a1952bfa7ffa4c533c43b30 |
| SHA256 | ee0d5dfeb1ca318d95b6a1dbca7f5ade0489ed81cd09717d9de5a5ed89d729e3 |
| SHA512 | 13bb3b280a7a344b9621697782630185a81629c62fda35719ebd0bd35867613e2805d3cc2229388ac0663ad4d93df3f4790318e18cbcddc0e156f27bb89709c8 |
memory/7996-7754-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 444f0d5e6b0fa956fcdbc78aa2ea6545 |
| SHA1 | e339eab81ff3257cd1470d10bf5982dbbb945236 |
| SHA256 | 154c70d635ed26013bba77d8968f4883226bfac3372a0f521385dd745fa96279 |
| SHA512 | ccbcb49b215075f3b8353405145ed194ad1dc7fc98c25e268fb515bf093bd145bbf7bb4920bd11db8253211a38778d71db5978edb5ff6fa4ff6084c713e88bf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000d
| MD5 | 79d4943dac89dce424bd556f7d12ab28 |
| SHA1 | 01ec21d479698cfe7140756ba7590c55b1293699 |
| SHA256 | d990a0854b80a71ea16454e1f3a43109347efa1ab7219fbe534ea1a4124fff18 |
| SHA512 | df8f879ca256f73a992ea70261632b3f3347bf98317e2b784aeef7ac59b88788c1b296f4844851967c823b36c03c9a689c49eeb7a6ed7e7e946c34b65f03493e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bacfd7014b19575cd11249bcd2701ece |
| SHA1 | c6121939601bab7eb0b1d1c5afa3ab8dadcad2b9 |
| SHA256 | 1c38db7db4cda196ee2b2dda5202fdef2d9f078780e7f5e206872a3a6beb414b |
| SHA512 | 79f3e80e0634a40479976467a97f1c002aa19e5dbdcc1124a2dd4e49af3466c0a90b16c6dba5104f5922a619edfad15769ac44ee4a0fbe8bed7f6e8bf5990b5f |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SettingsCache.txt
| MD5 | 766f5efd9efca73b6dfd0fb3d648639f |
| SHA1 | 71928a29c3affb9715d92542ef4cf3472e7931fe |
| SHA256 | 9111e9a5093f97e15510bf3d3dc36fd4a736981215f79540454ce86893993fdc |
| SHA512 | 1d4bb423d9cc9037f6974a389ff304e5b9fbd4bfd013a09d4ceeff3fd2a87ad81fe84b2ee880023984978391daf11540f353d391f35a4236b241ccced13a3434 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\6TE31N54\www.bing[1].xml
| MD5 | 94064c294191c88337a1c43a7f384534 |
| SHA1 | 04f49fa7b4d7c650527f2098007e01e73cd24eb5 |
| SHA256 | 441cb2b6562a6b6f858f63dde9dd80e5513178cfdacc374eb66d17a6994f39c2 |
| SHA512 | 2da14caf9890faef4efa161b69ab65b568aca31aba75ae1d0544f4e1f90c943ac48ca6bd1f800a34fc9529e641e710b9b6bdc2aa558aec3a6375c9bcdbbf6979 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 32275b3a6c3e2153870e23cdfdb8cb76 |
| SHA1 | 3080b17ce0afd22045d745f5231ec7afa1892d8d |
| SHA256 | 9f6c56ced607daa853cb11b506402f98551539845e086535b633c704a01ea2c0 |
| SHA512 | f09ff803267238a75bf8c83d194af64c50ef78ddba63fb1356b741174a89ea0746df0d93b52eb68e863d406444aef5864b1c3993a3809605937351a359e037a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4f289d0831c20ce0bfc3b7bf93a7a2b5 |
| SHA1 | 0b1538c2964b0694e9c7e56be0822a9fac7162b2 |
| SHA256 | 45cb297bb0ecfe6147f07ffa96a6ab8ea4b29d9fd000220032845803ca69b9d0 |
| SHA512 | 33e3f1e92e69f24b92e9e55b1b32bc49d08f185d69a12e2576ea6b25def3bb5cb8867c84582c8b45a3b6daa199007fd84d0f4632c97ddef13200b1f716cfe842 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 937615f9de012fb6ebf75c3996aee6e8 |
| SHA1 | 428f784e48fa3e5bb867fd03c0ea2d829a2f372f |
| SHA256 | 6ca245b9fbe4fa310ca39f5b273c02ddc9737bc39e0f06d8f7c714496fb40296 |
| SHA512 | 40024707b72ef63bb467c3a44eb2d320eb55f5740a3dca320e7f48c582d09648be7cc477ce07846a9b372536e0c0332432d1bfe55aca7358e1c3a19de69d0621 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 37cd7f20d9ebda6f47a6ac0f556913a7 |
| SHA1 | 568b15993b84f6f0aea262fb0847d1246aa27015 |
| SHA256 | c80979712925e03c51146fd00c0308f5818501685ee9942e7447e69b3613f0e3 |
| SHA512 | eee27e48639caea89ae6349797cf4f3f83ded2f59ee640f67d5717f60f34e92910b63c3f8cd2171e2a0cdd16c64725d7b917542c2d22bfbd5d07be7111c4adf5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 04cd6682682954c2f6422e854beff5c3 |
| SHA1 | 5aa968e0f514f3e2de5b9339c1f9bd6b4febffff |
| SHA256 | 5279cd631a1cba3fa2fda3a0716791e73359e81c58e6f9a9b88a5ce0c55fb8cf |
| SHA512 | 3845d72645f69e22fda2f74d2c84e3919299ea15bc286c9cb34cec08da899bfb995dea5ace381a82bbd49d9cafdcc0b181c2cb0587197717e69908de45220ebc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
| MD5 | c594a826934b9505d591d0f7a7df80b7 |
| SHA1 | c04b8637e686f71f3fc46a29a86346ba9b04ae18 |
| SHA256 | e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610 |
| SHA512 | 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9f54ecdb377b0e7aab1904c0cc4ae80a |
| SHA1 | 6fee0115031fba8318c555787dc905eafe30b182 |
| SHA256 | de40388e325f1fd57d5522f4c32ff0b9b2f782690591ac8946c9e5f11024b3b6 |
| SHA512 | b94b1bd4e2522c8b8b27b63ab5d1ffd597de755b0af3d0a2e1400427203c57749445724f71df69a072f61d0fcffd682bb3b0041ee2447ac9867f72e6c7f22e6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ed001874cfce9dc5dc1f0ae9a6fbca62 |
| SHA1 | 99f1802eff4afa321898f343093da0f28355aaeb |
| SHA256 | 303a945fb8b1c24b7f9e8e4b7e138fed038409d7bc2fb8ec900df4ec25c44b5c |
| SHA512 | 31c66f704a639b2f31dd2ebf36e0ab8478659996f8260804dce93e80be941dab8b44134e1699f06ad8c95d7dd1a7417f07b4d093bf0cd27e2a79bddc9e0f37e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ab1f44c82f5d5221afeb7aaf03db9624 |
| SHA1 | f33b178e6502b6ec2384a1c5ace7c694544c1396 |
| SHA256 | 53aa95c27310b91eed90ccde9f5d1d2c91f57a19d3f96caaefdb0f7f909253f7 |
| SHA512 | b0c7a6a4bf337d2858658218864206c6f6788913262211e10b301762e3edcb2fc99e8b6de76b96ee4c4cd4384758dc579620321e3d00a30b27313fbd9dd293f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe6b2307.TMP
| MD5 | cf1783ed25373deaf55c7a355a8a40d5 |
| SHA1 | 99562508e6bb7f99871715d337c5927bd1170e56 |
| SHA256 | 926ecaeee34bd4b695c0446f61750e147f0dcd3355bd5509aaf43583f7acc94e |
| SHA512 | d04851d0a7bf8a7b9c07b3a56415c366eb19fa97b970aa23914373431b02037237f5c08046bf863b40d1508aa21bd73545cd7a261ba4bc962cbf00ab581333ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d0e457c710cf0c9c0924ec3ee7a3fa9c |
| SHA1 | d3b751de991ba4c3f663f58b7a57235f59d7d13b |
| SHA256 | 30afd78ff3e2cb6c0ea7c29c0fe30584e03214bc843506fe7d7078ea9b4f4043 |
| SHA512 | 6c76d547b455378c6de1afc9d2b12b3828318b258197d31eaab343752f323d135a6d10143c0a0c5c4e3e948c83e3ef723f4eb0e0db4e468ca12c604ff62c6ce2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2881b957ce7d4a9cd55949cc8b0fce07 |
| SHA1 | e6548bbd0c740b857b41e1f309a05db59c6a553b |
| SHA256 | 5b074680b11b4399318ee9afd646989492e9765bda1dc30d620dea615c83adf7 |
| SHA512 | 6991225f29da271f2a77889828840bf0326784c560adbd1e0ccb5fd29c0e8e0d175972d7f39c50824373baaa24a84d34b2e949c9144bc29f41676b8a7f653736 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c54b8e8711640034b9a55d8aa5c28cb8 |
| SHA1 | 2ee8f32e235a10c0c4411a27f07ed1414e0e0d9e |
| SHA256 | 5fea2038bd226eb100753272d010089014626825b673414552da6b1a62612853 |
| SHA512 | 3da222b7f893c248dce17e517d0062b7ebfc1e841c8c5c46553fa79ebc0633292a077a7691c214fba921af78a72852812d5ecc2b8cee303e0b5ac2fa62f0c97a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 98ccf6808ac25d0776044b364536d7ac |
| SHA1 | dba16a498d58628b8cd237b00dc63d8be9079723 |
| SHA256 | 055e3b4970de7513dfe554b51926756af4ea109ed211cdcfe9e697e29ed69424 |
| SHA512 | 59904fcc6df8f7e33047f38b4cb51bc8659f68e51066840ebaf32f917c8981a17553b9f7de8bd81e8a41d91f70f2c26eb107a8d558b4eb03284d1df5617c368f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ececccd4fab4cea86147369220904c22 |
| SHA1 | 9666e2fab7e46fb60816eee457af1ca290cbe58d |
| SHA256 | 2267790240b1604eb658158b7d93908bfa7accf1dfcc94df73a0f08c1ba142c8 |
| SHA512 | 9f7855048fda028c1c516d782b5ae03d6bb63e2e3abaa442eac119e583f7560f33f7c77c439e219f20517afbad1993ead6df144e1bf9826688e0662cd17ed34c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fa5ddd056268a85d03e1ba95be9699e8 |
| SHA1 | e4b700f5573aed578fd98e6d7e57c13defe00513 |
| SHA256 | b709b1a989cc41cce3be42bba496f8e758c9700c8b73230491369b7ababe9d34 |
| SHA512 | e2bdbe4be8b4e974fb12edf796f3e7dc85dc06b5c761febe47632b6f056c4cfe6ba0cc0d2109bfe48f4a86b0840ade8341c753d4a50fd323dd01af667839f204 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f14fdb383e247ef7f7ccbfd09f825dae |
| SHA1 | a18ffc4f100b0fbd4cc0b313e015a4abdd866489 |
| SHA256 | 72fd1a417360b921940ff5234b7c9b793301477f72de84b7e37072db03285eb2 |
| SHA512 | 0eb8374c7788b05625a1e6cb18f83592b46ea0ebc7b8666e2cae67181ceb26ba9a6793a529d58f2ca14c90420c20ad1e2151b6445353b04d36a9d56eac93a585 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 81afa9654e61a57c2b6b5f4768b29850 |
| SHA1 | adaa7d81038ee13f1e332489abd2568e1521f8fc |
| SHA256 | 8e9714ff05aacfe0e36b2bade2b6baa6d475067c8d369063cbc2f58305426708 |
| SHA512 | 7fed9ca58b557d5e95f901969b5d4a2fea477ca491a6561923133b6d27ce66d37c08c4be970901810a693550f56506b2ca33a1e0dbf2685da691e84823b5db13 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 378444f5902ea9252e753f7e48d87aa0 |
| SHA1 | 82633fb7398b5b73ba5856253c36042f76214e36 |
| SHA256 | cde13cb11fbc838cc0c3a3cb7b3cdb1ceb5d9a5bcb65a65bf45fe98093c087ea |
| SHA512 | 284d93336e9a9c4438598e415b67bd6108bd29cee48b77df4e1c754b35ee5ccbfb28a61417a4568f5a94c2df8531f831cae9267f2ecbad4dc09561dcde87e83c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9b37356e8f88ae5fa54d7748f4ab0b9a |
| SHA1 | 014febb5cfbbfacafea8d4a309295c048e7a3441 |
| SHA256 | 2b7fee1d892be3d44f63c6205f1deeb4d5aa2d119fa4260cdb90aee818404e37 |
| SHA512 | 0ee513afc0da96c6404b4da1a03514c56c5f240212663b2ed3ed9ccaa88e3b92f32c694c1b8a35ddbdba9161dd82373d8d00a8f08a12f51714c0ce464f8fcda6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0e5187219cfc957a83c34b47a0d812e8 |
| SHA1 | 2f6151877f2bc6917fcb13464bc143f429b3ad20 |
| SHA256 | 330d202f0fcdd424d896cc1647c77207cea004f90fc6e1c568c16a87bcb20e6c |
| SHA512 | b2dbdd98458ec8bc67f1df436ceb9660261530c136e2ab0effe881a3e0f90976021d290fbd4ff4ea4db96116ded665234ad272bba92a482c4fb32ce9e5beac62 |
memory/7996-9085-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 100f9a3fb46720c96b0a76e9eaa545b2 |
| SHA1 | a0bea0b1c95b9a0fa595c49fca11d484c1c5bf75 |
| SHA256 | 1002efc8dccf3d79c62deefaf3da734612663291d56ac267772f01b8a408550c |
| SHA512 | a6c73304c67b1610abd02c983b916354919bed79eba51c65a30341582e991751b012b2feb8abe271f69121cfabcba0666474dc2abcf867412bf0bbb0ea6497a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | b256af9b44aeacfa6220aa4b1096a2af |
| SHA1 | 7a0b505db6a85419a547ce3e5a3e7507e936969b |
| SHA256 | 84ab6b1d735ed2c24f5cdc0c63249c33dea53923b318b4d219fac7710566c14d |
| SHA512 | 99c6c133eaf923fe709d9013fdc1076c194c454dd47b1802401a98cbf6355fbe73240214e2849c01a0591875781f22fc8d036ffc21eaeb7918ff75485c07437e |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0beb6e2225a8d34cb5e9ee733304196d |
| SHA1 | 6cd1b053c2418d7ddc54d017b5e7380c0bc8e0b4 |
| SHA256 | 095834feb7ff142620c6df22901c90e9b3b103b9ad9abdbf1e556b2de2a54d74 |
| SHA512 | d437cd58863f4ab80c5d2f4f348a731a0899b61049e1bbbae5a38be6c1d238cbbb99b7e4f7f8670f8aabe58cbd4db4079ef4a5972df30ae4070fc0caea0ff86b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f9267704774fa9a067199881af1ec728 |
| SHA1 | 945ae156dc0cf174664ff2b4f91bdf273a78812d |
| SHA256 | 2f98b949aeb3432571ba51bdad87dbae3bda04ef81eabd4b8bfc685d51b9385b |
| SHA512 | 3ecb637bd0f9ad1d8828cf0f0c69245fee33b7e7e55d1040b5da59a2ee7c82f3548c65db41bbc2ad85a1f4befdc88f3aa73e1665c0c45490f60303d03ba1e524 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dd2d0d98c68eab88ef24a5b8592cfd59 |
| SHA1 | fac3b25e4ca7a1d476a6de928d1aee6347ede170 |
| SHA256 | 965207289e8b0900d7badd7d62ddf12f8f92044b11919ae349d44bb5d60d60d3 |
| SHA512 | c1d7f44526a32aba0c8e80b983944a4e27f3aa56eb35f8bdd13178921739e7394337220472b50d137d71119f06e25b4758b05119abed1f2c10062979166a1e76 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 32043e9034bfb34b479095e218fe0620 |
| SHA1 | 734c59e04bcff0f92fde2202abd9c1309a3f17c7 |
| SHA256 | 7260dd645e8afbb96dc50b7815e6f9cce3a54b9ebee6df78f0e7c433dd2eef4e |
| SHA512 | f1693236978fa2b3d833f2f7beec7a0daf3f9ffbde7dc7f8aefdb23b5d773da56294bfc137a2179ec32dccb3e048d7f7932d32db8ecbab4f0984a7b13528aa56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 362e018ea04b44c8862f77f3b4153009 |
| SHA1 | a620a44a29c06ec335a5317e4b44ab8a2b790161 |
| SHA256 | c2fd11ae8cb401555d3dfd80baf553ad9240aa2d8223faf651ae5045b036fd02 |
| SHA512 | f1128c48d20bfb8d9df7d3350cc670c62a681ae019a91ba67adc3238e9da10473bd0fa1587882987e4449d63a179485b75609c911a7c55c926199fd3f0ab1c4d |
C:\Users\Admin\AppData\Local\Temp\{C4DAE9D6-C9B4-4838-BDC9-AAAA9E9032E0}.png
| MD5 | 589d77eadb85bdf4c192665d565882a9 |
| SHA1 | 4805582329ac6b80a045b82c04e1c9328565a13a |
| SHA256 | 4aadc5a6fa4dfbaf3b4c635760fd55476de39ef37d27eacf5c8c6daf99230273 |
| SHA512 | 65d881ad2561acde5de4ceea1b1b634ddc44735b3139ab006c957f2543d33c59df6b371e1b5234f504f435595b7ac48330d9afe1fbc85fbed4acb485d1a61bb8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 80828aa07f2110e33445bc9cf36617ca |
| SHA1 | b4be052df1ab8e9116084d14603b2cfb04923f4e |
| SHA256 | 3dadb6f0a62779f67cb7286b0b68c7861a49d2c60bcde120cdd053a63af5adca |
| SHA512 | 965579987d312683f6b89cdc4f247a82a45c565b40b5b8613ecfd83aabaa43223028eddc5c4790ee00ed2a7e1d918566e8852be1e3fa0f7c553dec92ead5f446 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a9942e4fae728812dc8eb46a0ff66888 |
| SHA1 | 5c56013976105496876ebbfcff7fe8d94be0b7ef |
| SHA256 | 25e457cf594b976248b637cf6e5d13e789011dd756689ff2562d13bf1d7b4558 |
| SHA512 | cbdc1f715a93ae50cf8cceca0c76753656e405e6b2c00d827f50bc958756e292fdf88d3b1562f9297fca75877b1f70897f43c140c5a647ba11d4a6c89e87e1a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c453ea4e55615539a61c5f1c7b2f9fc0 |
| SHA1 | 377096c23ccb581952c812a1e71fe50da2f6abfd |
| SHA256 | e333ebec6b29d0b3a5b7e0d129ebc243117a5f5090eb19b479bbaec55568ebe6 |
| SHA512 | e5bb2d2331c484afb5bc8a8b32fb7d75550e3afdba4ee5b9e24b0eb6f720aa353bcf080fc59bd89a9e1c5794caa7578329c2587d21b5956b165ecb95ddec0a77 |
C:\Users\Admin\Downloads\AddConvert.xlsb.WNCRY.crdownload
| MD5 | b6ff534b858d1e5c052560d7d4cf09d0 |
| SHA1 | bb0ea53638d23ab035dbea65d2766a8fee23f68c |
| SHA256 | d8b48f70479898103bc08e9d628c2eda407be4ba1890206340ecb50c84634424 |
| SHA512 | 1fec8237db58634b34221afca4fbf1bcdda2695e65cb4f9d70eb6738c19ea71b756c3c679d45746eb2e2f7da29ecb85044060250b27039ec1f0c523730417022 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7ed513fa94ecf82eb94ae5ad511de697 |
| SHA1 | ac6e4b24184ef766f3781c82377d98c9d6628136 |
| SHA256 | 72134863db8fb0b4f1317ed7376fa7f12210d787b19024b70706f9b1619dccab |
| SHA512 | d000992d40a30b24afbc217340a44f97604fc413e6932b9f8981fc6322329ffe25947d49b468b6fc559bc8286bdeed82d135a3f4dc1e2047f7c42210b81635f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9958aa85c83423b5da282ad52e97071e |
| SHA1 | 512392ab9ce3477d502d0fcc986419ec816c0edb |
| SHA256 | f4357900a236c2630e643edd6b11705b41f0e900f4482d91953cb4a429f307cb |
| SHA512 | 271c30f9af3265a58cb0c2b4a189345892ad0eb04b9d0ef1e96cd19eca1143b1491d7f3d5c39edf9c38699e00376753580015b35b124140aa3494bde833d4124 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6c151fb430441d6360b130d1b5a3548f |
| SHA1 | f4e8afcedd2a3171e38f8e0f1aabd1787ac716bc |
| SHA256 | 935adfc9ece5cebcfb7cd26ad469c526e6b90740fcba3d3053d9d48357dffac3 |
| SHA512 | 61ce7f40198dae2b632b76264c7680aaa0a05727300e60f156200e1584c731d875de7ac98bf97414ca3bf835dd028b0a637461a98d12dce0a15db8aa9c62eb6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 646f70a96f582bb09363f77e356c7fef |
| SHA1 | a018e0ce9440e66b1d791c82d498c208b39b5577 |
| SHA256 | 77ec6691746b8e4e337bf5183fbbd8a1c075663b75a9e9a443a975ff6f454d81 |
| SHA512 | c7ef94b20824b5c13d9e1794d142a9b2fa79338974663f56d44637596cf899c7732d384234b5ba5dca8b57e972546eb448dd7dbbca2dca6f9128007c31b0aec7 |