Analysis Overview
Threat Level: Known bad
The file https://www.gimkit.com/me was found to be: Known bad.
Malicious Activity Summary
Wannacry
UAC bypass
Modifies WinLogon for persistence
Deletes shadow copies
Disables RegEdit via registry modification
Downloads MZ/PE file
Disables Task Manager via registry modification
Possible privilege escalation attempt
Drops startup file
Modifies file permissions
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Checks whether UAC is enabled
Sets desktop wallpaper using registry
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Modifies registry key
Views/modifies file attributes
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies registry class
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
Modifies Control Panel
System policy modification
NTFS ADS
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-09 18:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-09 18:15
Reported
2024-10-09 18:28
Platform
win10v2004-20241007-en
Max time kernel
752s
Max time network
754s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\windows\\winbase_base_procid_none\\secureloc0x65\\WinRapistI386.vbs\"" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
Wannacry
Deletes shadow copies
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\windows\system32\takeown.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MrsMajor3.0_2.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD6E89.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD6EA0.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\windows\system32\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\muueckti936 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\\\wlp.tmp" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\windows\winbase_base_procid_none\secureloc0x65\rcur.cur | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| File opened for modification | C:\windows\winbase_base_procid_none\secureloc0x65\ui65.exe | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| File opened for modification | C:\windows\winbase_base_procid_none\secureloc0x65\logonuiOWR.exe | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| File created | C:\Windows\rescache\_merged\2229298842\2338367480.pri | C:\Windows\system32\LogonUI.exe | N/A |
| File opened for modification | C:\windows\winbase_base_procid_none\secureloc0x65\gdifuncs.exe | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| File opened for modification | C:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wav | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| File opened for modification | C:\windows\winbase_base_procid_none\secureloc0x65\WinRapistI386.vbs | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MrsMajor3.0_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MrsMajor3.0_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MrsMajor3.0_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MrsMajor3.0_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MrsMajor3.0_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MrsMajor3.0_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MrsMajor3.0_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MrsMajor3.0_2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\Cursors\Crosshair = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\Cursors\IBeam = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\Cursors\No = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\Cursors\NWPen = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\Cursors\Arrow = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\Cursors\Hand = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "194" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 18083.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 910102.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 440758.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\shutdown.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\shutdown.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe | N/A |
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.gimkit.com/me
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bd3d46f8,0x7ff8bd3d4708,0x7ff8bd3d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6216 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4bc 0x2f4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3528 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7576 /prefetch:8
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 190641728498266.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "muueckti936" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "muueckti936" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:1
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7308 /prefetch:8
C:\Users\Admin\Downloads\MrsMajor3.0_2.exe
"C:\Users\Admin\Downloads\MrsMajor3.0_2.exe"
C:\Users\Admin\Downloads\MrsMajor3.0_2.exe
"C:\Users\Admin\Downloads\MrsMajor3.0_2.exe"
C:\Users\Admin\Downloads\MrsMajor3.0_2.exe
"C:\Users\Admin\Downloads\MrsMajor3.0_2.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4bc 0x2f4
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=4756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18141172244034908136,2181426297892469072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
C:\Users\Admin\Downloads\MrsMajor3.0_2.exe
"C:\Users\Admin\Downloads\MrsMajor3.0_2.exe"
C:\Users\Admin\Downloads\MrsMajor3.0_2.exe
"C:\Users\Admin\Downloads\MrsMajor3.0_2.exe"
C:\Users\Admin\Downloads\MrsMajor3.0_2.exe
"C:\Users\Admin\Downloads\MrsMajor3.0_2.exe"
C:\Users\Admin\Downloads\MrsMajor3.0_2.exe
"C:\Users\Admin\Downloads\MrsMajor3.0_2.exe"
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\MrsMajor3.0_2.exe
"C:\Users\Admin\Downloads\MrsMajor3.0_2.exe"
C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe
"C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe"
C:\windows\system32\takeown.exe
"C:\windows\system32\takeown.exe" /f C:\
C:\windows\system32\icacls.exe
"C:\windows\system32\icacls.exe" C:\ /granted "Admin":F
C:\Windows\System32\shutdown.exe
"C:\Windows\System32\shutdown.exe" /r /t 00
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3859055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.gimkit.com | udp |
| US | 54.91.6.89:443 | www.gimkit.com | tcp |
| US | 54.91.6.89:443 | www.gimkit.com | tcp |
| US | 54.91.6.89:443 | www.gimkit.com | tcp |
| US | 54.91.6.89:443 | www.gimkit.com | tcp |
| US | 8.8.8.8:53 | pro.fontawesome.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.18.40.68:443 | pro.fontawesome.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.6.91.54.in-addr.arpa | udp |
| US | 54.91.6.89:443 | www.gimkit.com | tcp |
| US | 54.91.6.89:443 | www.gimkit.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.40.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.187.250.142.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 2.18.66.83:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 83.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.18.66.163:443 | th.bing.com | tcp |
| GB | 2.18.66.73:443 | r.bing.com | tcp |
| GB | 2.18.66.73:443 | r.bing.com | tcp |
| GB | 2.18.66.163:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 163.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.143:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | 143.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.143:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.143:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 2.18.66.64:443 | www.bing.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 64.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.18.66.59:443 | r.bing.com | tcp |
| GB | 2.18.66.59:443 | r.bing.com | tcp |
| GB | 104.86.110.129:443 | th.bing.com | tcp |
| GB | 104.86.110.129:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 59.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:53959 | tcp | |
| NL | 178.62.199.226:443 | tcp | |
| NL | 194.109.206.212:443 | tcp | |
| FR | 212.47.240.10:443 | tcp | |
| HU | 91.219.237.244:443 | tcp | |
| US | 128.31.0.39:9101 | tcp | |
| US | 8.8.8.8:53 | 244.237.219.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.117.148:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 148.117.19.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.18.66.42:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 42.66.18.2.in-addr.arpa | udp |
| GB | 2.18.66.42:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| GB | 2.18.66.42:443 | r.bing.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 199.193.115.2:443 | tcp | |
| US | 8.8.8.8:53 | 2.115.193.199.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 61cef8e38cd95bf003f5fdd1dc37dae1 |
| SHA1 | 11f2f79ecb349344c143eea9a0fed41891a3467f |
| SHA256 | ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e |
| SHA512 | 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d |
\??\pipe\LOCAL\crashpad_4236_AVVNRONSIRXLRZFA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0a9dc42e4013fc47438e96d24beb8eff |
| SHA1 | 806ab26d7eae031a58484188a7eb1adab06457fc |
| SHA256 | 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151 |
| SHA512 | 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e12293d2e937eff6d6c372c00c23942b |
| SHA1 | 225049f0d5e959d4cab169c63912c6269dd55025 |
| SHA256 | afaf04368a0fec1a0bb3d456990547f631038ed3c15915de5063e05bbc2111b0 |
| SHA512 | 19138e1ee60d45f4202632c3b00d5b3d32972da9815ced90f57b94f89c8d55d66eebb739ba08395f5915d9367b0349727987e158983dc6809101569c4b8b6b08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 994aef0794122012fb79202e8f4d4fd9 |
| SHA1 | 8d20b5b0e6d0e44f40082520f91f9c71d3913b8c |
| SHA256 | bb12832efa7b35b38e65fc6a7df405c3cdb4f0c70aed6cf9837ae7d52662ae83 |
| SHA512 | 0a68b6e23e6e0a6a382b3cebf558b92ad3d820f0aeedab7bd430eb4ab23772d9fe8a3ce2a171b0e295ead5ccc18ba0aa3a09dc5fd588d82fc3a5108d454458b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1255c96a4bbfed67501f257cd739daf0 |
| SHA1 | 21cca81ec5b68fcd9c6f602672debd4d33452a01 |
| SHA256 | 00b9ca9487ccfc2bce4948ddac0c9374e40fb25eec86ee984400b39cadc0d5cd |
| SHA512 | 5bd6489131a9d89cde25013581a07fcab22ab8e068fa05546faef884ab4653b78de2fbde9c18bd0c370ed5b3e94ba5162aff1f4443822e31576ffb5bf1c0ab7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ea02.TMP
| MD5 | ef15c753a47facf8d66f571894f98481 |
| SHA1 | 24e0a477ff3fefd4dd870b997218a4cce4616663 |
| SHA256 | f12926624305f71d9c35c1a12fbdfe4ce619ec7021374100abd92afa99df1c28 |
| SHA512 | de283a5b3e38507ac7945c9564a7cce18b5936fa8724e2f11f27acc3b2f42de89e7992379efa9099170e84c77bb17e5de3bb9d67b551e75bf7cd6ad043098b29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cfef4a620f8edd1118e45fbf94cf32fe |
| SHA1 | b7b5e7a96f6ca80886894f5f0201c541f370eb27 |
| SHA256 | eca26d7b58075df7b6f4f97a5d1586825fe0289ab9c3e35ba14b510ea0138e23 |
| SHA512 | cd0ed2160499a57d07096cf45795a0879c7605cf0e0f5e0c28c67924ac27f85de93f4a23cb6d619a3f99bf9dca995f20e590d34644c232cab65860834d0c65ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 222c19282ccd1076f967545266c333e0 |
| SHA1 | 6d74f4d7d48041496365d8de7adbda22b0f39a3b |
| SHA256 | f456bd2f3dbaac6c0fae19d22a4e92a7ff3b99307de2d2ffa48564962d5fd2be |
| SHA512 | 4372bf1c9a34025b8cba1bd1aab50007467faf425f20342a71f64be75b4156ee96226154a7d308bf87133794f771d0322732e755c669f64b647b0483aac56a99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5e4d00640b4b387be0259456c17084c1 |
| SHA1 | 586736c2f96120e2823a4750c508401c16d00635 |
| SHA256 | 4c0871e477243c7615973e435ce00d74f2df74358daccf47b671e566dcf5e0ca |
| SHA512 | 72fb39b07ed919334c643a3b45ecabeab449f36f3fc43aebb9b4d11a6cf60bad661692a71b4d229bb41f7098d55b16eedaaf30ed0b41e32816c97d9125ba4fc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ebeafe163c29335324172f62a8ab0ea7 |
| SHA1 | f4db948c1b13d4738b6b4f7f699e68bb906481d6 |
| SHA256 | 1c83bedceb75ae9cc2459c59a2009d290a343766d69bbb172155b1adc6bd7989 |
| SHA512 | fd05c853733de8579487e154333741fd4c3e8cabe32c79f1ed180a3060b1e096504ef6aeab8164f85a38ed41225b1543a517bd14aef78f45a7b68e475e35f9ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 450e13dfb27f561e95ce4dba65b73287 |
| SHA1 | 8483814e73d8c48426248a86419f5662d1ca0b72 |
| SHA256 | 9877ab8f6d898f031186c3032a9ae015953722faae0b1068724834e085f871b5 |
| SHA512 | ac5ce4241a486b784f89d8dc4d6c94c4123666208f6328743cc70f90a91245f7facd9a294a79a1f6c1d933fc12b6e6f5edea16344a56df3271403b0f60f44b33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4ffbc1ea0c5b90d8b7bcd0aea6bf49b4 |
| SHA1 | 51a0b5dc26fcbe96f33721efd9faffeae2ca863e |
| SHA256 | 655677d1ef82f3198b511687c12af80b66006c6da6c3936d7fc9ec66b568d34e |
| SHA512 | f8bb2c26de8833396f6c43465a6a92ef9533138d790d9e375e2c2458826ef93e9f70e06a945ac4474265592bf6b940a74a6b8ae3b4b3798e4cd0b83214155646 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4887c7a19b814684bef7ef013d4bd47f |
| SHA1 | d1db955a3fde5b92cf01e75f7ea511fe101def89 |
| SHA256 | e0e1adcf4de1ca81eb811ddcbf1367bd395e37981c1bd878483afe4bf882b52a |
| SHA512 | c66f7fe5f334303b6758ca297082f46ec0cc533f311c5d4a798a8ed25bc4a49d5805488c4ff798bd21af9ad3c57a37047728d1868eb9b55b7d92b79018dc658a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 779b988e342eda20ad0fcf280ddc6fad |
| SHA1 | cc0943a98b9e435152f0b9b2af935d023fc26c85 |
| SHA256 | 79284642b5219fa2915adb821b4c04f7a7fc891f3b6578d90d05a2982251a2df |
| SHA512 | 2333914cfa596d1f691c7b894435fe064d2d53f42e674803727571186b11e3fe31b82faf66cadc50cf79e8275440132aed29ea1253c2bd3f95b70a8da480f66a |
C:\Users\Admin\Downloads\Ransomware.WannaCry.zip
| MD5 | efe76bf09daba2c594d2bc173d9b5cf0 |
| SHA1 | ba5de52939cb809eae10fdbb7fac47095a9599a7 |
| SHA256 | 707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a |
| SHA512 | 4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 52e8cfede50a9a62381123406747e798 |
| SHA1 | cca60f6eb28aecee90e536c65aa381156f16aa19 |
| SHA256 | d42b5cfdfb54e5f2538e1ef8177da59f9e053e87a3a4f1e3a625139fa2650cf3 |
| SHA512 | 5805d2fc050187f97accf951f7dc3bc6c6d1d7dc9b819a2f652972415a04851723f175174dda1cc64837796182100214e173e3f36ecf89c8de71601f7a507c9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7536ffb823f3bc8ebecba293f33caa5f |
| SHA1 | 7d9b519a46b973a4a50c4bf9e5c66eeb370a66b1 |
| SHA256 | be0ae1c3e67f206205ba22cf93fa3d9b2629848c319284405329581e98da8472 |
| SHA512 | a4eb2f60ddfe27c0ab02ea8cc2a5db073de8143327cfb828567a0bdeb8147d0a03a72ae6670c04c74aba1d2aacfcb4bb525123d40d5308cc76c56faa9be3dfc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 58d3eaed0ab20c04c34be1e20729bdb8 |
| SHA1 | d5a3329912ce6c7e31e6cf02ac4c0af436897a25 |
| SHA256 | fb2f53c04949674c7b22cf7b44651119ddc82865dbd088354a3ee8d5289c4c8f |
| SHA512 | a0017f26f889d80b44e63aec46b0a6dc77522acb55a9760b56fbf2eea8e162d124d7ca3a3cf9d9935d64070fcfcbb84324707f955e987452e24b19bbfe3bac08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4bd02a31c04e8c40b3267a476f68ba48 |
| SHA1 | a78c11192e1b5f593c6a28e08ebf21585599f5d2 |
| SHA256 | cb45f3155a63c9100df57025aaface22b29dee6f718f2e00b930233cfe7e32eb |
| SHA512 | 9e948e82f9afb018c00403516e183990aa08887134e24cd966458031812cedfc8f22791bb49d7ebbf13bbb90287e65b8699983b5526a506d1a0b640bf9a28a54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a164081bf87cf34fd8fadf6486d5f158 |
| SHA1 | 7c2b7fe14ea958a9b6075c107fe049b77a421f34 |
| SHA256 | 5a0d157a2165db6194c0154e8471323e46b36e4b00099321901da6096dd5acf1 |
| SHA512 | 64d9cec6c152d9717a6d075a7ef23ef79da85a990e081c7d2bdf56cb3a78fe0e601f46e7116fa5401b23a3efc5c2b7e08fe574d46f2fddeedf72e72229b1d879 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6fc0540e3d52d153eba439c342a68634 |
| SHA1 | dfb51db03e3d839fb06860edd5217cef735599c0 |
| SHA256 | c0ed051a76c3d290764aca5e52d4c40c287d69949a184f9cb7eeaae3d76c4582 |
| SHA512 | fa67412239dc8b9ee2e1e42eccef0d77866953dd3905b7036a125d23a9558723fe6a269561b18df011cc553823d40865507d9770b552c59e07668f93d655d0da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 478445ff58ebdbd0d181501a92cbd645 |
| SHA1 | 4ea24b939846365864d92dcd314e48880e15f5f0 |
| SHA256 | 182cafc0fab851aa2b3e3b8beac3ad3810ec11c0eb61c40560a892d6b67131b5 |
| SHA512 | 69bff98546b193a20ff0145b37272508156d8123e9be586c8404ab85ef90ca3374b6a76d87a7fc78bf0010d009f09a632310d50e72795d8740c17ba93f977566 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1ec3a09dfe1ff9049b5856ff83a0bb1a |
| SHA1 | d5a671f8fec09b2efa915c803f22dd8f724a0c96 |
| SHA256 | d222b4b8e4bbd36c52d34e5a039251eef2f57893f248c04d732b331cc94522cd |
| SHA512 | 2f9bd6183d59ed747bb32f7a7a95ead5f422a3982aa975ecbf32b999e406306346d2b7b5fe7617c0c3cd35353d3811d28baa0c6c14bbcfff049fe6144befa3f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 4308671e9d218f479c8810d2c04ea6c6 |
| SHA1 | dd3686818bc62f93c6ab0190ed611031f97fdfcf |
| SHA256 | 5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a |
| SHA512 | 5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 7eab02c9122098646914e18bd7324a42 |
| SHA1 | 5e2044e849182f1d3c8bcf7aa91d413b970fc52f |
| SHA256 | d58d66c51a1feb9af55ba4a2dcf2c339b7976dd011fbd5d071ca86b9d7f58a42 |
| SHA512 | dbb0f94de62d7d77d4bfe6c298043c559a0d4bc117bd7dc1d627caabffa8e712cec5e3adb4a737b350429493ac0ebfb81c8759aebed41b30218d0e7ff6f3196f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | 54c5cfa21b9a69038a2f0c3631c289af |
| SHA1 | a4abe737b3994842c63a4ccb9b61ee35900ed5d8 |
| SHA256 | 06ae0f8e14703a48f12c136b395b58bc0a7e71b745d697851e041c2d1d901336 |
| SHA512 | 4236bd5fabb880691e090e44c6847aaa206280d837e6572dbc9d23faf28fed5d914e9e8be3cdc4f3583fe6bcf85369a56aaa4a8744233af98baab96692f3d64c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 2e23d6e099f830cf0b14356b3c3443ce |
| SHA1 | 027db4ff48118566db039d6b5f574a8ac73002bc |
| SHA256 | 7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885 |
| SHA512 | 165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 4859fe9009aa573b872b59deb7b4b71a |
| SHA1 | 77c61cbe43af355b89e81ecc18567f32acf8e770 |
| SHA256 | 902bb25ea8a4d552bc99dea857df6518eb54f14ffa694f2618300212a8ce0baa |
| SHA512 | 6f12570d2db894f08321fdb71b076f0a1abe2dba9dca6c2fbe5b1275de09d0a5e199992cc722d5fc28dad49082ee46ea32a5a4c9b62ad045d8c51f2b339348be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | a6f79c766b869e079daa91e038bff5c0 |
| SHA1 | 45a9a1e2a7898ed47fc3a2dc1d674ca87980451b |
| SHA256 | d27842b8823f69f4748bc26e91cf865eceb2a4ec60258cbca23899a9aef8c35a |
| SHA512 | ed56aaa8229e56142ffa5eb926e4cfa87ac2a500bfa70b93001d55b08922800fe267208f6bd580a16aed7021a56b56ae70dae868c7376a77b08f1c3c23d14ab7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | fed3d674a2f247d846667fb6430e60a7 |
| SHA1 | 5983d3f704afd0c03e7858da2888fcc94b4454fb |
| SHA256 | 001c91272600648126ab2fd51263117c17f14d1447a194b318394d8bb9b96c5d |
| SHA512 | f2b9d820ac40a113d1ab3ed152dfed87322318cd38ba25eb5c5e71107df955b37448ab14a2779b29fce7ebd49cc0bbafbd505748786bc00cd47c3a138aefdddc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | a214ee4c8729f2e26a7225bbe67b3bb9 |
| SHA1 | 5296f880ab69325a578e7ec793e75ee0851215a4 |
| SHA256 | bde9dc60456aa92499092be020668a84fc5a8ffab28cd98cbe8b5fb66bb089c0 |
| SHA512 | 1343ffe9a0d1193c953143eec6d6a3b23c3e7d88aaf0acc124a9360b1cc1ae34c69070ee7eb6bdb9c2b7326e79c40888cde6067c8a6b9376f2a2911999f86175 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | cfff8fc00d16fc868cf319409948c243 |
| SHA1 | b7e2e2a6656c77a19d9819a7d782a981d9e16d44 |
| SHA256 | 51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a |
| SHA512 | 9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | b6b2fb3562093661d9091ba03cd38b7b |
| SHA1 | 39f80671c735180266fa0845a4e4689b7d51e550 |
| SHA256 | 530eb1f6d30ce52b11c3844741721eed669decc69060854ddb6666012c6e9e20 |
| SHA512 | 7c3f88910bb87eb58078104290d0a6fc96bb34705974bf93e6dffd928160a9f28e34d879f015f0a05754f56aeacc462e27ba3f332e9dddd6e3879c5d97db5089 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | 76d82c7d8c864c474936304e74ce3f4c |
| SHA1 | 8447bf273d15b973b48937326a90c60baa2903bf |
| SHA256 | 3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8 |
| SHA512 | a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 1b6703b594119e2ef0f09a829876ae73 |
| SHA1 | d324911ee56f7b031f0375192e4124b0b450395e |
| SHA256 | 0a8d23eceec4035c56dcfea9505de12a3b222bac422d3de5c15148952fec38a0 |
| SHA512 | 62b38dd0c1cfb92daffd30d2961994aef66decf55a5c286f2274b725e72e990fa05cae0494dc6ad1565e4fbc88a6ddd9685bd6bc4da9100763ef268305f3afe2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | ca39c956585ff3441ed99f219a95908e |
| SHA1 | c17d8ac3a1fa156abb4d7d6f4799bbabc09966b1 |
| SHA256 | c23e03e141a70b1967f6d62a272ecbc588655211752e250f9173bebcc61127df |
| SHA512 | 57b5cbce513d2f1c698e4ca82cb9b2ba1c26d7b80f21e4efa77493d0053943bd5a8eaedc3dccb23192c0145dc411a99a86356777e95afa78ac616ce3f5189a5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6bc6ca23f2832b8bbca8069ed416cf06 |
| SHA1 | 75f00b7fc407b294fe46c206fa790638ebc5f8b0 |
| SHA256 | f73dad2df032a311686efb0348fd8a96e74d2249341114a86ed8f045584085aa |
| SHA512 | a2de7f444fc4ae25376b8cca77104b4963cd046cb9ec9aef744c184d4699612f83764dfd7af53cefaf31ca0810e1cb098f51d860e3979d2a2d6e06e6151524db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4739c7ac888582f14c770640f8c2bae5 |
| SHA1 | 4623ed4ca51d3bb7a1bda4c315ae79b025d19e3c |
| SHA256 | 800bb5966be54ffd74a3a143a3cc1f936a06dd0805407590d442dc001ceba380 |
| SHA512 | 88ebc88b062e9ece2e39dd5d7fab5a6e18574f446bc1e22a2285da90dc72bf72fd43c1b759076670a95e31a6ac980c97669b2c0a8f2b0a3eda90329eb99f60ac |
C:\Users\Admin\Downloads\Unconfirmed 18083.crdownload
| MD5 | 84c82835a5d21bbcf75a61706d8ab549 |
| SHA1 | 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467 |
| SHA256 | ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa |
| SHA512 | 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f656e000a1489eb5765dfb4664677a08 |
| SHA1 | 191d82584e7ad19c56eb78472889543bfea95d0b |
| SHA256 | ac386b100143368aea6b50555f15cf144d3d0d1d9519d1ff4946fefd216897d8 |
| SHA512 | 07febcb62b92cb76505b698e6e82f7dfa91ca944f5bc0bff4f955a5ef6ce5f280c465feafc40d26d25143a9c2837221f37d8aa6eb18c1eb4a914c98ccd1628b1 |
C:\Users\Admin\Downloads\msg\m_english.wnry
| MD5 | fe68c2dc0d2419b38f44d83f2fcf232e |
| SHA1 | 6c6e49949957215aa2f3dfb72207d249adf36283 |
| SHA256 | 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5 |
| SHA512 | 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810 |
C:\Users\Admin\Downloads\msg\m_italian.wnry
| MD5 | 30a200f78498990095b36f574b6e8690 |
| SHA1 | c4b1b3c087bd12b063e98bca464cd05f3f7b7882 |
| SHA256 | 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07 |
| SHA512 | c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511 |
C:\Users\Admin\Downloads\msg\m_indonesian.wnry
| MD5 | 3788f91c694dfc48e12417ce93356b0f |
| SHA1 | eb3b87f7f654b604daf3484da9e02ca6c4ea98b7 |
| SHA256 | 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4 |
| SHA512 | b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd |
C:\Users\Admin\Downloads\msg\m_german.wnry
| MD5 | 3d59bbb5553fe03a89f817819540f469 |
| SHA1 | 26781d4b06ff704800b463d0f1fca3afd923a9fe |
| SHA256 | 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61 |
| SHA512 | 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac |
C:\Users\Admin\Downloads\msg\m_french.wnry
| MD5 | 4e57113a6bf6b88fdd32782a4a381274 |
| SHA1 | 0fccbc91f0f94453d91670c6794f71348711061d |
| SHA256 | 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc |
| SHA512 | 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9 |
C:\Users\Admin\Downloads\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
C:\Users\Admin\Downloads\msg\m_filipino.wnry
| MD5 | 08b9e69b57e4c9b966664f8e1c27ab09 |
| SHA1 | 2da1025bbbfb3cd308070765fc0893a48e5a85fa |
| SHA256 | d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324 |
| SHA512 | 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4 |
C:\Users\Admin\Downloads\msg\m_dutch.wnry
| MD5 | 7a8d499407c6a647c03c4471a67eaad7 |
| SHA1 | d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b |
| SHA256 | 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c |
| SHA512 | 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12 |
C:\Users\Admin\Downloads\msg\m_danish.wnry
| MD5 | 2c5a3b81d5c4715b7bea01033367fcb5 |
| SHA1 | b548b45da8463e17199daafd34c23591f94e82cd |
| SHA256 | a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6 |
| SHA512 | 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3 |
C:\Users\Admin\Downloads\msg\m_czech.wnry
| MD5 | 537efeecdfa94cc421e58fd82a58ba9e |
| SHA1 | 3609456e16bc16ba447979f3aa69221290ec17d0 |
| SHA256 | 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150 |
| SHA512 | e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b |
C:\Users\Admin\Downloads\msg\m_croatian.wnry
| MD5 | 17194003fa70ce477326ce2f6deeb270 |
| SHA1 | e325988f68d327743926ea317abb9882f347fa73 |
| SHA256 | 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171 |
| SHA512 | dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c |
C:\Users\Admin\Downloads\msg\m_chinese (traditional).wnry
| MD5 | 2efc3690d67cd073a9406a25005f7cea |
| SHA1 | 52c07f98870eabace6ec370b7eb562751e8067e9 |
| SHA256 | 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a |
| SHA512 | 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c |
C:\Users\Admin\Downloads\msg\m_chinese (simplified).wnry
| MD5 | 0252d45ca21c8e43c9742285c48e91ad |
| SHA1 | 5c14551d2736eef3a1c1970cc492206e531703c1 |
| SHA256 | 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a |
| SHA512 | 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755 |
C:\Users\Admin\Downloads\msg\m_bulgarian.wnry
| MD5 | 95673b0f968c0f55b32204361940d184 |
| SHA1 | 81e427d15a1a826b93e91c3d2fa65221c8ca9cff |
| SHA256 | 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd |
| SHA512 | 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92 |
C:\Users\Admin\Downloads\msg\m_turkish.wnry
| MD5 | 531ba6b1a5460fc9446946f91cc8c94b |
| SHA1 | cc56978681bd546fd82d87926b5d9905c92a5803 |
| SHA256 | 6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415 |
| SHA512 | ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9 |
C:\Users\Admin\Downloads\c.wnry
| MD5 | 8124a611153cd3aceb85a7ac58eaa25d |
| SHA1 | c1d5cd8774261d810dca9b6a8e478d01cd4995d6 |
| SHA256 | 0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e |
| SHA512 | b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17 |
C:\Users\Admin\Downloads\r.wnry
| MD5 | 3e0020fc529b1c2a061016dd2469ba96 |
| SHA1 | c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade |
| SHA256 | 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c |
| SHA512 | 5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf |
C:\Users\Admin\Downloads\msg\m_vietnamese.wnry
| MD5 | 8419be28a0dcec3f55823620922b00fa |
| SHA1 | 2e4791f9cdfca8abf345d606f313d22b36c46b92 |
| SHA256 | 1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8 |
| SHA512 | 8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386 |
memory/2088-1165-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\Downloads\u.wnry
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Downloads\taskse.exe
| MD5 | 8495400f199ac77853c53b5a3f278f3e |
| SHA1 | be5d6279874da315e3080b06083757aad9b32c23 |
| SHA256 | 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d |
| SHA512 | 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4 |
C:\Users\Admin\Downloads\b.wnry
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Downloads\taskdl.exe
| MD5 | 4fef5e34143e646dbf9907c4374276f5 |
| SHA1 | 47a9ad4125b6bd7c55e4e7da251e23f089407b8f |
| SHA256 | 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79 |
| SHA512 | 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5 |
C:\Users\Admin\Downloads\t.wnry
| MD5 | 5dcaac857e695a65f5c3ef1441a73a8f |
| SHA1 | 7b10aaeee05e7a1efb43d9f837e9356ad55c07dd |
| SHA256 | 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6 |
| SHA512 | 06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2 |
C:\Users\Admin\Downloads\@[email protected]
| MD5 | 7a2726bb6e6a79fb1d092b7f2b688af0 |
| SHA1 | b3effadce8b76aee8cd6ce2eccbb8701797468a2 |
| SHA256 | 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5 |
| SHA512 | 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54 |
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
| MD5 | 0acc415c0de2c9e3ae44bef2116f3739 |
| SHA1 | 4775c7255ad00125b311952f6e95e826386dfc1a |
| SHA256 | 3b6867ad5cf21b8171996d5c8daf6c4c51e7c5eec504bcf8f056aff782f8a851 |
| SHA512 | 93aaeab66a6f46661a5224392ddc286e39d897b729d7e0b90091e3579ab863b574dac0bcd68f573fc628763c7af6a1163aee4bc5ee197d8d2e049c090681dbf9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a9f111c651c01b739cb2ae898ebdbcf8 |
| SHA1 | 6dc98d3978a3de05fa09321f685884ef50a6179d |
| SHA256 | a416a2098a96f8b74e56bf49837f16942891150502b77a01205c0c45a85b2c79 |
| SHA512 | 1b51754cc91d9a025537a5a5253b70171e48d2e657e4e4952cf63efed3fbd2665d8f900f66e50126796028336c19613fce5fe0aace8f06db509c4429f96743b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7d8c4cc4d92257e949bb181381755c81 |
| SHA1 | e05e2c2d6640e4e69932a5c6e45dcb3eecc531ca |
| SHA256 | 399fa9adf21aaee840d427c0c9e499c9ddf8e5482849607ea552117bccf96da9 |
| SHA512 | 0e919604166be35d3b4b5306701587da5ad891eeeea05eac80f6200eb0d7dc070f88e992ae417415f641d76ece015fa7c59c505f13426c65a1ba388ec52d3f8e |
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/3732-2718-0x00000000744B0000-0x0000000074532000-memory.dmp
memory/3732-2721-0x0000000074480000-0x00000000744A2000-memory.dmp
memory/3732-2722-0x0000000000CE0000-0x0000000000FDE000-memory.dmp
memory/3732-2720-0x00000000741D0000-0x0000000074252000-memory.dmp
memory/3732-2719-0x0000000074260000-0x000000007447C000-memory.dmp
C:\Users\Admin\Downloads\msg\m_japanese.wnry
| MD5 | b77e1221f7ecd0b5d696cb66cda1609e |
| SHA1 | 51eb7a254a33d05edf188ded653005dc82de8a46 |
| SHA256 | 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e |
| SHA512 | f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc |
C:\Users\Admin\Downloads\s.wnry
| MD5 | e9d704af8c031469bc8f64f4072e6666 |
| SHA1 | d9996b97d77033e58c47356368d899d38c777b8f |
| SHA256 | 5732a37492cde541caea672d8cf5ef842020c0042d32e90b59e1eb5c67c2d5ae |
| SHA512 | 82db1130b872965b0037d10b43dd73c4ce17d2cdfbc418fdb27f5c7333bf4fa2dd8d49953009f4946a6ab7987f2301961bf735458fcf859d4c71d2b8f7c50472 |
memory/3732-2854-0x0000000074260000-0x000000007447C000-memory.dmp
memory/3732-2853-0x0000000074150000-0x00000000741C7000-memory.dmp
memory/3732-2852-0x00000000741D0000-0x0000000074252000-memory.dmp
memory/3732-2851-0x0000000074480000-0x00000000744A2000-memory.dmp
memory/3732-2850-0x00000000744B0000-0x0000000074532000-memory.dmp
memory/3732-2849-0x0000000074540000-0x000000007455C000-memory.dmp
memory/3732-2848-0x0000000000CE0000-0x0000000000FDE000-memory.dmp
memory/3732-2858-0x0000000000CE0000-0x0000000000FDE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e27d2656536b4a0bfaf1e4e3d8f381d4 |
| SHA1 | 79523f0b4da1fe0cfb09637d5a26f6a2cd6a1ab5 |
| SHA256 | 9459bf93aed86495e3a9879572ff3436f669f66dfc84370bf80b41b6c2692b8a |
| SHA512 | 2004057b36c65555b8780848c66078fde19247633251af14ca6b4a614eba0319c73241d8689f9981e4a10259c30c22a8ca657951e525ebb8d94929a1e27aafb2 |
memory/3732-2874-0x0000000000CE0000-0x0000000000FDE000-memory.dmp
memory/3732-2880-0x0000000074260000-0x000000007447C000-memory.dmp
memory/3732-2886-0x0000000000CE0000-0x0000000000FDE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | db04e085610fd4e220af649d685c1d86 |
| SHA1 | b1dcb92cb4879bc53058d81cd2565c6526b612ea |
| SHA256 | 11d0ae2a16cb5e8d90342eda2e538c835ad0eda14725d7aa41ce900d488a618a |
| SHA512 | a1752dcb45280d1b9aa0c6bc05af5f4b614cbe80c07f6e99facd3e6c6d392ea74a57b301b87ae5832e20649988933a2a97d936974359540ce599c981d5419af9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 584710ce0b36f4e88bc8ff018722b255 |
| SHA1 | e1dc51909a2256f7e668eb952eaddf67b978aad5 |
| SHA256 | 7cfbd745faa4bbcc0a669d7cf885c36b43558a13a79b3a7c3eb166b3efad7fad |
| SHA512 | 657f9c44f505d2c299b8dca5ac6f49fdc348dbfffda13cc39e70d560ae316f060e1250e51663a22c524ebce79f29e7ee12589097c0948be0efdf6462ac815a92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 17b6743977bcc7a7bb29fafc37f142d5 |
| SHA1 | a06d514d3d380b8c28696bba059c62cfc54deaa2 |
| SHA256 | 7475e9358cc8ec5ae95b1b485ae0f5dfea9f22c375f9ccd1107b53025f71e3e3 |
| SHA512 | 1696cb3834251d9f4c1a2bd5d884d06a5efe2b53e15834f9f78d60bfb186977abedb007a37eedf3a23b9347ee44853c1c715fa50faee04b9bc8cf0d3e712b5e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8dfda389b0560ceed34a757c32b7b4c3 |
| SHA1 | aea247afdf831ffdc5cc99503a3918975bbc6129 |
| SHA256 | a8000311835516a6b500b7a7c2a838d500dcdb1e1237eb01327429dae71c1dd1 |
| SHA512 | 6690ee8c70065abdca5484ae46e294c26685dfe14723e698b89f76d062f500b66574fb83bf07ef862e0aefcc6264665087c7998066b9d1c4e861815a44d72640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2cc273a8eed59f51842f55c5aa58c27f |
| SHA1 | 0a674f644c87bb4e0dd304f1097b2fec697c60d9 |
| SHA256 | 78608879e046d57f2bc10616a23dcec39f4485e4ac42071c7428c4163a622b28 |
| SHA512 | 9bcb1a79e2b07ea96f35a068b11d2faa1742147e6443820b44bec1c84ba6a2f463c56ce9572dc7e8fa154477e6df12ae905030d3ba6b8b33bedee692fc6fe16b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 73d4daf24e00d987f7fca6df5d5f7fa3 |
| SHA1 | 5acf49ae2b5848d6d665898ab7e9eebd6982a3c8 |
| SHA256 | 394d2f684f0d2eabf9416eb116615d122e6b425c54b7250d6c6ab5dcdfdd7a36 |
| SHA512 | 8e9856502e4b06d2449a43c46769d0bba214bea232ae6390f22ba2fa474db32b6e6e8345efd215afc35b337f9a1e89793ec07105cd590bb71bf2ac40f3ccfed8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fc7c5187536c7d9e3ed03b4187affb3a |
| SHA1 | 1f94bb88f903ef152fb66f41aca05008dd5bcd65 |
| SHA256 | 4ae71dc72a444b927f5d3e36c3590b2ec03d4701fcaefd5001b8c496de64a42c |
| SHA512 | 1a11b6628c6072211edbc84c2723973e7f5d1d6c7ed7bfc4b4ade1ebce68dec9507f4f6655639e409d2997ae19691f2725c5b35aa91c8e83850b72d610ecbfa9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0bbefd80df1a963f70fe4d87da8b5c8b |
| SHA1 | c67a9b865379b3ba3122888a15d5654176f5884e |
| SHA256 | 36b2c6221a0ad625345f4bfcd3580f937644b4de70bb4f31a66a5d98f4673816 |
| SHA512 | 303bacd3a3126a4cae10c79792d6487c0be11d869d7ade7c6899a00b60ec72d4723b7cd52ee697ad13cc78fde73424f409f6aad750b5700d4da6225131882ee9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\13a571fe3e7dca73_0
| MD5 | b9614cb6642e6b98d6c0d6b58caf6e12 |
| SHA1 | d643d70cd84182e56e8cb03de4790e1cc18549d9 |
| SHA256 | de59b145fbe68d7fc334168f2cc9155b7f80f51a53e05834a99368ee6f18defd |
| SHA512 | c2d0a3c97fee981a9f98439cb786df6f5ab7ca733f7b4e1e19f91ed51191e55ee9e8f01dc8bd825eba90ba0d399ca49aa0aabd64e590e71c196a81ee24a73a06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\719a37e8355bea4c_0
| MD5 | 4cbb7934e3c628b8705b9965c078960b |
| SHA1 | 1f3a4f8f726e6cd75f00a7f5437e0810256a8da7 |
| SHA256 | b79d9cccb7d3d5469cef7286538d385bcff65b0f9e76e3fb2bc483217d6a1e30 |
| SHA512 | 8d14a038b2ca3955af21211a6a5b9647a2c4b37c7fde198f6fa10dfa22de0312aa36548b575474e7d6883bf9c1cfa3ff7606664fac68b93826d4d4a03e45ef23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9be154965f9c63741b4e3645cdbcae96 |
| SHA1 | b8b5bbbbf1a6b43c98bb4f4a1e20a5a280c54a4f |
| SHA256 | 181508f1ef4f13f4d79f35a3b84c60a0f76cd2035b31434853698c37dc38d3de |
| SHA512 | d61f02f49f3a57d15dff28af6ccd3be5dc6cb2e0f61e9fb3d1a5cc49353de9ebd395bbe021fedcc8b12eb72b5b488fae2635f5330226fa8569d56c115527f875 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b77ccdeada8f20bcdeaea3202b852175 |
| SHA1 | 7d807b366a3dc31fdf636331da293c6d79e55a27 |
| SHA256 | 4ffea818078420ee845c752993e0b04f9ad0eb0e416bcc745f1761e43f1e761f |
| SHA512 | c4fabeb7c2f108907b20a48545a6fbfd54d296711a5f0eacf588162060c162c0a64e08f82d0f12a2fc51fc8cbaa28ec92d2acbb4236353bc093a9404160d6cad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0
| MD5 | 032a4f9ba01f4bb4e791bd832388b949 |
| SHA1 | ff08d94473891fe7b414c32d92d7cad3e921c97a |
| SHA256 | 1114c0c767c10591b752c0b015487f79af287367f8bff1f3a808dd11acb05823 |
| SHA512 | ae2bcbf36033cfa84316440ffe9afa3a032e4f4330fef125f436571ac3509b91604038951512be573de70810aaecc19daf54788d20942d10341f1b15611441e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0
| MD5 | b0eb28c740158d3b8843d5e90c90fa65 |
| SHA1 | f919c2344e6f97e372e92cd0b2bac8bb1f4246e3 |
| SHA256 | 2ac45c1f82411834af860fead7e156fea61de197a57296b30375ba53c0423072 |
| SHA512 | 3ca8008e5f6b2190de62b23ef5f3f243600e7a99c7292d9aef8bffb1c554257188a62bb6bc84ed0ecc25fc84e81aee4905a33544599ef554dd955e0473d58ee3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0
| MD5 | 93b69318ea029f869ec49d0b444e61c9 |
| SHA1 | adb5a2581e12874b4395a3a66a2fff946936b120 |
| SHA256 | e97fbe4c8ecbe9aa5a21ddf4e600dd7af74f182b1cab3822d43add458b4d66f3 |
| SHA512 | 2514329eac1b05faf3d0b5d1bba6d62a1b403afce9e059c32724eb5e80ee38cb5e64c33006e5f19da0a65fdc34e1465d93434bf4fb205716ba4edbe19b831251 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0
| MD5 | fdf6c71bd905b540ed7abc3cfb9fe73b |
| SHA1 | b91319473a11c996de51e9c301f8e8569d0f166b |
| SHA256 | 15e5ae140f674439088fe3083d15cf221b51993ee95c55fdfe1afa62f8272a7b |
| SHA512 | 2ff1bdf94877977b1d05ae8a8fe62e14ab3f101a0ebe029797dd9ae757f13813eaca882c6ece3e6b934d2e342852fb4e5ba966714b11f322572c509b03f95da5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0
| MD5 | 4ed5e11fa43eb5fedaa2bdd171289687 |
| SHA1 | 51c17ab06150b4b8cf6f70748d5b15c0760e388f |
| SHA256 | 666c1bedb6ad789b215a8d3597f9864b447ca12625ace95b033b2c79dc7354cf |
| SHA512 | 2012115ebafc49fcf4fb8df20df4a2b7a9c5cb2b18a68ad715dcc0fbf77e34d6481b3b7c25b3761116a40549ec001f588462ffa6358fc663c3fb874202a698fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c28ca9baabbadb00_0
| MD5 | a5bc8a4bf24f50ada2070309dcb5dd59 |
| SHA1 | c20e234fde0dc943397fbaffa4103d0dfe7076fe |
| SHA256 | 40a416e9049224d5cca85236ddc353df4b9c089c371e41147e67fef672712409 |
| SHA512 | ab489d5eeec71d9fb2974ff30ac4bc6bfb3a0b46f1c440b7980d6c3cd2f0b2e5331120d4e262cbe46acc90efe37c147b19d4d3e83e13a6c612b8bf7b76622033 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 81f7096565c58a8bcdc3b768ebd7d7b3 |
| SHA1 | d1e86391675a2912efb551b50e61ada853108869 |
| SHA256 | 60a7fc134bc272029c20dc2904aaa145ef715b743c49ece57ba9f2688dab0ba0 |
| SHA512 | ad07f83a83d7bbc3e44e58fb5f260b517173119bb13804d1e80d1b4c8aa971ed23c97c3229aaa5a76c5b41c5b617bcfa3c21fbb334c0f0cae09aae30555c6bad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a09126988388e707d41c2f03817cb372 |
| SHA1 | ca0cdfb187785c617a1c4172a021aada3788fa35 |
| SHA256 | 6fe6b715b9db6136a986cc0c26bc50de5bee2aeae8480275a3a0060035cbbd92 |
| SHA512 | e22dfed49d62215f67ef7c581308c4e4e15a27dc20239bd1d6edc178de61347e659591f09f45b629cc3df1d177d18f9d9b160d5b68a011cd56d664658abdc431 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f2722aeee4cba2d1893e7e1b424ef9cf |
| SHA1 | f5d8ec3dbbc4fc472a0309a2b98b7f74a82ddab2 |
| SHA256 | ea2a245466f6dcc2beeb6a1bafc5abc22f9f770d8667730414539005eb61cad5 |
| SHA512 | 4a19ccd9c92f3fe9264bb98ad40ff282e1691ebfb26aba23ed0ce328cfcb8a1ffc24939d3b73a40a69735be6aa80990946abb9016336e32c1e3bb620dc33fb51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4016bbb98c8c6409_0
| MD5 | cde433a0ad69f393109c7457cfe9fc70 |
| SHA1 | 91925174529eb7e4968acecffd6742de54b67a6e |
| SHA256 | f5faf4f947051fb0e3f0b483e605444115209a721de39ad22c9d27ddf10cc072 |
| SHA512 | 8e7d1aaa76704da37b2c80d2ea9e3f4cadd559d7ad4211403740b6fc04eb7caed56308a6c07f962a4073aabac636ac1c950258d22e6fe19e37a38eb61a7ee502 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\013c30e87d4d8da4_0
| MD5 | 5c48aca761b1fe0aae6e742fe3169492 |
| SHA1 | 5b4bd251ea15726032f18bd073cb185550aa3bed |
| SHA256 | fdbee45249ecd3402f77833c3086488585d05b7023928bee1644bf578bac407f |
| SHA512 | 5f67129ea046976ebf91cda81f5a67c1b367728af1b8b9d524af6ace010c721adae59f15fd864d70dabf93dda21fb9852c3c3dede3a469e054a940b43b036ca5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\31d3611f0e13cd20_0
| MD5 | 4a87b357c964dfce45b6fd911f0c33b4 |
| SHA1 | 46350398944bd70cb86e70872d0c5ad9db56e8c8 |
| SHA256 | 759ff8d2c6304b37ed7a39b36d3bccfec3fc3a06fd6a0e78736b795fa41cf2db |
| SHA512 | e9c06204b2e2a0edf48ed14ad5db91ea470927af4532d1643a0475cb04b0be35355c109bd721349e3bbbbbe203d06ef911f5e2fbcb9602349b9f0914d8b3e0a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f5c5b9cbc406ca3f_0
| MD5 | 20f8eefd9b499d8283628c4d3ae4ac33 |
| SHA1 | 1aff4fe9b2552d85b4b0f56ab3b8bb6d512ea375 |
| SHA256 | 0084eca113a83a2feff77b6555a9b52a619dd11026850b63c3417e986a4467f9 |
| SHA512 | bb3a3414f83bc8406d52eb1221be0ff0b896bfce97ffbbb101e5bc4b1bb2a5c263983ca27b05bf6e9214592150439fc5a1606d7aeb76940b035b152405a08cd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\de80f765640cda66_0
| MD5 | 7636f1ef52d67e4f3222e50c955cf369 |
| SHA1 | f404e4a18a01893630989c7b237b1eb02ed285c2 |
| SHA256 | b24cc8e8e3c2163b70c2e54d513c96021af5404ff1ee8ea932bfcbbfbf800e58 |
| SHA512 | 589c19e7360b4ae694e172da2ae2a249f2c96af8fbf9e35b5724014880f30bb85de72c42622d191f6cb00d6095b4be8152abba13e132c6e354ddfe47a7a06641 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a02df7c313f59d27_0
| MD5 | 5e8921ed07f8033a87a0b5292a53ca42 |
| SHA1 | 32ca2ac0df71824fe5887a00b9a824857e021781 |
| SHA256 | 4d9c2c0afd7e577d99b624e961da3c04055452b311d32c6c19e07498431331c4 |
| SHA512 | abf47a2ce49fdee7f92bc05d89b59f6cbd6fc4c13fe17069e008f2c2e6764f96674914a9be9fcae5a749792f817c9fffa8ae64dc5682597632fd2222e0d2c2a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2df3859e65f6171363edc21dd5a30edc |
| SHA1 | 2ce940e33fb2e968a3abb03b3de903929fd63ee5 |
| SHA256 | 351f637e6d8c1f6f4f03ef7da22e8bedf672e5c5b3a675e2bae00a5a56d0cd3c |
| SHA512 | b9220eb1c17071db7c8327c6815618088bed18b856a98a5345cbf03cbf3bbf44a6e0d14447593b3b36544b82975259fa6fc8794ea5c6237c40453b390bccd694 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3dea748200e86ebd6cb8dc2828bb745e |
| SHA1 | 72122aeee661e808e39e57c9e365045aad6f50b2 |
| SHA256 | d7aba137e75455f75d0335dcec9bcba548350371b4d2c60af77768efa4203198 |
| SHA512 | fbddbc76bf3dccb8c6a727ab27ad499c70854ae48d1aac4052046720083dd9cd761dfa16bcf551c5d5014342e0240ae5177947162f4f4653b8b849a2b93660f0 |
C:\Users\Admin\Downloads\9b71dc00-fd0e-4b75-ba3d-8761753b2af7.tmp
| MD5 | f2fe1f7dc11f7c2b0e9fec2330b7aaee |
| SHA1 | 8c2aa931e4bdc36d9e8885794525d3e12910580d |
| SHA256 | 074d2a88cc8e779f9ef59a545d37211208c1cf326fdab227dba61b6d8a98bda0 |
| SHA512 | 8f72c7c68a68e2cc3ef2361b2fa3b4639cad741c4614d21b1188b2a4c3df90e53826749f6435fd58b84b9378761caab6815db3451753219f58c1f0780d7b49c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f509b8e37d4eb78706461495e2304a9f |
| SHA1 | cf2af5155fbd71a28dd31cc79fcdbc2a969f0d27 |
| SHA256 | 5e3a5b24e0239bace6daba845880c8cb231f38f3a29dcd1bf74f95996b00a1e5 |
| SHA512 | 1a38eb12ccdfc011f1639b9288fa1e5f6c5e54ff56642e2997ba75827be7ffdbf1da6aa8ddb1a4798e66597271e8ed624d965bfb4d023f7589789246628feb2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f9836fc91b0fe627c55feefd99a2d905 |
| SHA1 | 1655ae12f49917063f1694152fa028ef1fec0a95 |
| SHA256 | 5258df49d7d3e4ee1291964e7422733d3ec09980274258356a32b2e5eda89532 |
| SHA512 | 3c555195bc2a608fcf9ecb9b505e7990cbfa6024f1bfa162afdf0610b62a5bbf0708c130b32c50abd50ba8f45b9c6247135bdf0ecaa84cecea1938107c580211 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1d4f0a07ad8c3f59d66c448eab82ced4 |
| SHA1 | de1c5b8542e6a63ccb04aaa15e432dcbd115f0e5 |
| SHA256 | 542ac1c7a7cd3de10e19b15124e8a10a5d50633b429d1551c72ed8f10e7b5c85 |
| SHA512 | a28d5e97f77edd86048554d59d4b6923cf12cbc2b4cd3e3973c1194b2c0c1f3d1bd747725475ff31ce9653f1052f63ad1eed5f77e588df4e7ce536e0c817eae8 |
memory/3856-3684-0x0000000000550000-0x0000000001B7A000-memory.dmp
memory/3856-3685-0x0000000006AC0000-0x0000000007064000-memory.dmp
memory/3856-3686-0x00000000065B0000-0x0000000006642000-memory.dmp
memory/3856-3687-0x0000000006590000-0x000000000659A000-memory.dmp
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | 5bd9cc671e33cf382823b0cb9f0e65b4 |
| SHA1 | ad4e276334fe232ef4f747177bc3b6ddb05e4ee4 |
| SHA256 | e7167a1576cb16f67613a9d3b5dcb28d42b3ae520ed2eb211e5be2c12e8860be |
| SHA512 | 242a98ea1c96eb1a316e291851745bbc33a27a3756eb4d59012aecd9e35659be175e7e95572624de168fdf42503b53dd2a485ec616aff0c2b6f8ea03b3ba20c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 94badc573ce7fa93ed9facb3525e6f4e |
| SHA1 | 4a54270f7736d6a0234b7e6aaf4c9e44a66af796 |
| SHA256 | 3779ec6ba2ed2765015b9eff58351e97ea75e6c26e5afe8e5098d15d0c578a49 |
| SHA512 | c53c8a13d204735240f2d6e8a38cc928072f3e871d8e8545b281b666c8250e3ce136813cabe91a2dc82a84fcb7d15a4d608b0abfe8c8781bc38dc0bbaf032949 |
C:\Users\Admin\AppData\Local\Temp\MrsMajor3.0.exe
| MD5 | 44758e777110e8f80f7a31e802716f23 |
| SHA1 | 06e6a9745572fa6e0ce7a93c1d3f564ffc95c365 |
| SHA256 | 45d64586e97e7200705db1072e92a376495d74f6c364763f3eb98dc3df6ce45f |
| SHA512 | 3a828f5a789cbe78ece5a4d21be30bce677b54e521f013df5f2bd02eede5a28f935710c04bd8e77de8ab2e172148187e10c7d667ea60f5190ad2b91e9e04624e |
memory/2952-3839-0x000001FA77350000-0x000001FA78954000-memory.dmp