Malware Analysis Report

2025-06-15 23:41

Sample ID 241028-x2r1qsvhpl
Target sample
SHA256 f296a46d5015b4dbfd8cf4e915b39b3c8a7af38dd7486efaa41f0b8c7ff13f0b
Tags
discovery wannacry defense_evasion execution impact persistence privilege_escalation ransomware spyware stealer worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f296a46d5015b4dbfd8cf4e915b39b3c8a7af38dd7486efaa41f0b8c7ff13f0b

Threat Level: Known bad

The file sample was found to be: Known bad.

Malicious Activity Summary

discovery wannacry defense_evasion execution impact persistence privilege_escalation ransomware spyware stealer worm

Wannacry

Wannacry family

Deletes shadow copies

Drops file in Drivers directory

Downloads MZ/PE file

Impair Defenses: Safe Mode Boot

Modifies file permissions

Executes dropped EXE

Unexpected DNS network traffic destination

Loads dropped DLL

Drops startup file

Reads user/profile data of web browsers

Adds Run key to start application

Maps connected drives based on registry

Enumerates connected drives

Checks installed software on the system

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Sets desktop wallpaper using registry

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

Browser Information Discovery

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Modifies registry class

Suspicious behavior: LoadsDriver

Suspicious use of WriteProcessMemory

Views/modifies file attributes

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

NTFS ADS

Suspicious use of SendNotifyMessage

Modifies registry key

Modifies system certificate store

Enumerates system info in registry

Checks processor information in registry

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

Uses Volume Shadow Copy service COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-28 19:21

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-28 19:21

Reported

2024-10-28 19:28

Platform

win7-20240708-en

Max time kernel

361s

Max time network

362s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 101b54a76e29db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436305152" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4246d8e3e624a418bec64a023311ee20000000002000000000010660000000100002000000058e8e74940b6227ff1087884bb36bed35096e32570c00191582b84951091aaf8000000000e8000000002000020000000856d7a1b99a9ecef57ae02b7713f3d8e08af260e7ccfc680121c0cf422c5e43e9000000097011e04def61922e59e4ac69abe3cd2ad5d0917f66b1c87a116237a83e25d33572e114d294096752f978bba59e96fbceea9e753641b89f3d5319d241ff62e77d265972fb8ac5a3e9cc8361ab00100d653246367612c296713456e931c9c74f7485edbceeace40eddf2ccee4f4acd4b17ec74be941f6cb8da6f30ca6d5a287d94e3f77ac3291a75451421bc9cba30652400000003313d45adae392b26e090a5469e8e63d6834314aff53095bcfa8e3fe165aac66650890bb8d8bfc6810601acdb584bb46c59f94d1e722592e4ea9cd7690f43fb9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b4246d8e3e624a418bec64a023311ee20000000002000000000010660000000100002000000063c9ee71c444be5d701e45a125f2a2a0f6766f203f1a2472e701f75923f54bcf000000000e80000000020000200000009e3fac4ab904d597f84b66b8426c27f096f740b759f927a2254fd8d8a3c87bb920000000db4360611b7d26b87f7c1cf38f218c84a60af73f886b015cb6a351a2bcdbb994400000001d29a1f1024aac54596756596ff136194fdec68292f0915a539e22611aee8918465b3895c148a45b630a15e7081c9824eaaf30a9aca60084bfb13da5abfa4201 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D2D0C3B1-9561-11EF-81FA-CA26F3F7E98A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab789C.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar794B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7871b2637f8de70bda98ba9d25589db3
SHA1 ea8d5ea7218590fc3331ff7bd430d2d9e91c37b6
SHA256 b924c60ffbab58eefc8fd6405984d7d27b5474ab49a6da5527902d664eb8068e
SHA512 cc661d52843a3de712fd6c103cf1144f1132e0b30e6adec39090e4714c80602c4ac2bcfe2b2d277919b323be7928b1c5abde7559636060291372933021f47734

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb82f5570b7cf8c5cef5b8f696a94dd1
SHA1 9ee390975e1000a0d877499a4e4733dde01f7f79
SHA256 1adff4646829ce53a6de9b29621ee34979cd7255fdd19e0c27a28ef29c9b9f90
SHA512 289d90a86efaf9130df4014808784e1d24df4711aa659b7bb55fd00dcd5c15b6cae0b988c35416bce7158d6e3f1c2f5cd2cb79e9913ed4731774f23a57f4414d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cb14de93bd4865ac2e8338f4b5c2425
SHA1 99a5d1792f2f736896491998e66448d72b885e2c
SHA256 4bfbe84dd424cfd830ff36895bc307efca04f70e2c801ef5b3281e97f84c7fe7
SHA512 5209e7b514da2ff113d1e412f2b27639433b22ced3b4cc18a06c7ed5bbf0bab3906c018bfc6a9e6d0a58adddbbd8dc16b8a1d09d7297f9f32c48e059526a879d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63f2df5538ea3d8b277ceaca8bfd8a74
SHA1 218e0a707d3d7c1da68c7d0bc2e0ce6e61856e32
SHA256 2b0478938246ccc5ee648abcd688ad047850e67bf4f04ae7fcb5af211d73f0b3
SHA512 9010c6f7f3e9eddbe719a4017550be49e050dbe54963c2b2d7baf1eb63ac595de821855472abf57a65dba56917b015d148c0322928a73ee62803a7ad159f17a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e8f3f5b20f60ece579d5145ed7440f6
SHA1 c772efc7ed1f210c89c0767b06741fd9b100a0b6
SHA256 d0ceee7df466eba323f8232ae16a6fd66328e707d211c42e2531bc8d19f98070
SHA512 d71c874860a3a286433502d3b370ce245a6a65e6aa806331e67c3cc36649c2ea504566c220e9efacfa9b8d8754e71261fb66e45154be30b38fc83d9f3631a658

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f084b11128182c3b9fd736a98273aec
SHA1 04bf67b1e2d3df3524b199b00252a8df1c846220
SHA256 3c1e62919197e812f64411c8c42cdf5797871e5a4c5269405d4eb7571a9aca10
SHA512 6b647416b5d86dbc44ad0745519d9ccdcaf6000471dfbb4878cd57330571fa79551417f27aec3c9ad28bfabcd0b87687c632ef77f9dce479455578238d4eb2a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fc107c02225b16a8bafe3bc8a5abac2
SHA1 9fc29dc7f05c40913e3a4cee8c00f623e185cbc0
SHA256 4f1100411a18ac259141a701d270c3419e103b52f8431a06dcd6501050b0e315
SHA512 cab1e1674beb08b01d26b92d8f1a23e2df6b3d0e40786cbcaba790fbfcb8dffd2ad26c85e4e7a167388ed7497336e5a8ca0935314bb6513cf654a646cbe4f50e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98847e75d9edfbf650a2e3e7b88a7b7d
SHA1 b502e72ee6b5dbd646e81c1bbe1e2668332f1843
SHA256 8058668de277e4df45434fd6af5fdafbd469614157689f6d8f000db1fa838679
SHA512 6d94d9b603476dde19b620c02db83150067df121393f2baea1a19933819f5943f768751cccc4ab7aa1b061f9a3c44890d3ad1a2e69dd5fb8131ec11d9f97fc2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6794d90d0a6c118ac4838504b13084f8
SHA1 1182e223a5919907547bfa74a9bf9e5936cb65fb
SHA256 81d1e77dcbefec77623cf054ea25520c8e3b6a9a1a317a14fc8cccc1edfb41f7
SHA512 3051216756e77d794a782a50b6431bd99424a23147c78a183ed0b3dacda5de2357b46ae9c8efdaf1338188bc525b5e90af47757c2c9c3857ea4ca3b3911c4017

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a833b5185c5238d5ec00733b98ef47cd
SHA1 c469c9b1cf23a6f949f7f8d1c49ae349f816f208
SHA256 f1e65fb6243aa6e5148d569bda78fd027dfeefa09b96e33fbeff14c4b1184564
SHA512 c8812f11ceabccbe10cf1604362869e1b6670acc18570dcea0cd66e050e27c73ec7c93c97559b43e5fa723cbf40b5987ae029b1bfdd5246767267e836f34b5eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc789527f5bb46ace4ac7b0d6cd8ce52
SHA1 8a05721d83d086e51caaae055bba70a5a3037544
SHA256 f671173ed6548dfdcf38b44f64c2c506897257a3c0987ee9384f7cd3e7fdfba0
SHA512 abff52c82f8cd23be049a940a2b3e6c4bd07d5ece3299f19ae5035444846640ae22b75d953c27ffda31f75d05e0a39334daab91d1d7484b1b9a85d4e5ef11963

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ec57c25804eeddb23da76d51a43ba09
SHA1 4b010bb39f0d4270245cd67aadbf60cc23aef4a8
SHA256 ef00195722c8e660cfb817d884fcfa379ab42bba3edccb73380e6f59abb77f8c
SHA512 dbc072bdf49c03e651f1a5bcab3d6826183eda03d0044a2c9fd582665a8a06abdfb544b3ed5812a4aa3be7288029fdbc27973b89da30af4abdcbfb75e7d16537

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56138fdf9bc59f2720efafdf4cf06205
SHA1 7a16349bad5aaa4dc148088d7c958c501b44a846
SHA256 8cde7112624448665c1257034a9d4b9b8860ea65f1db8f824b97cbdda2fc4118
SHA512 65be761308e106162b370997d54e87732f57979b31ef0b355a78c8457d5f772bdef8b4b2ba6511993182ef5d024aeb32a7c07ad47a90688d511f6b646c032553

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c4c2a09512ad4d73a87f8e9fdfc68a0
SHA1 2c8a68cf551bfa3d602b0c92a49587c20230eb6b
SHA256 15565220e057d161811d0bf442e0f04c4b5fffc9a2de3ab503a051722bdfc03f
SHA512 9ce476909db45dff2441f94a54203ca4ba064c7d62f722fc43c75e5d6fa5ef31b5e57978b214af1b996b21590fc47b781e17a458bfd0fe00c9623adc480a52b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b31c3e1c7dc7484a6bc339ea6274ec0
SHA1 4d9383201e3e8f4dca00ee9f66d6bbd873a9f2b1
SHA256 3b841cc934735b8d008078c36509ff4c8d6dd206af5760c726cafcf1a79b50b3
SHA512 278ab2ad13927b07a708c1d41f1cf06c61ac84e2a775476548fa35d6254e3b02c5653883eabf53139e4807c52d50556a0842908d6779183f0740b387d29fa914

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ba4bfdfcbfb33ad7d6bc515e2d0268b
SHA1 74217b94c4a24575ca2c511a3325fdfc658488c1
SHA256 324b4a76a40ad3aff050d8a4051f3e1f36980a8ed170840efa24659ed0ed2757
SHA512 c7d685f44a18a3590418ae479171aa98a43c19be9596ed34e9dc693e56be6469b6c33105574808b226828be4e1ec9238d121f211cb63061b56df5e4f93db7605

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f9c307fa08d34c14c3c90d048770bce
SHA1 63d14935ac9a1383d9bfcba892316b50de998056
SHA256 875b1ecb1fe75036bfa9a8b3aa701f5bc797ec6e278b512ca3c7c3103394189f
SHA512 b9022d146e8c1717fcc43192da59009fbd47be83717560f420abc800b00bd7a6e90a6e1bbc24e389561dccd525d3150eea7ba87b96b74658edc886abfd318f83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea128e800a3c1ffbd6e19ee230a6404a
SHA1 01d85e674994ccfc43abc8db73770697403d00d7
SHA256 6352ec172d7835c8c4e876e1fb3add4198e4cc9b56a3fb5112094541334d37fb
SHA512 04e26675d69fa61c59ed5fa6f280225892d66109371e6259c9aebf04d3271906141c7dfd516cd18bfc8589078073319839dee927f2d57e633af5e656759b579a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0495e222ce2fbb64b117dd1c95be59de
SHA1 0b4f8ee697b847e3b91baf76d465806dbc99ad4e
SHA256 518499ef18b7071c6fdcf017eb4b0f146ed7cdc131d983de1727f40d57ec033f
SHA512 a1189a571d586110666d912d3828ba95cffd23d62a8aaa9dd55c77eec618a593a6a1905f9d9b272adb748d9a5b89cd4d5fad34d1986a854412418f911610a298

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-28 19:21

Reported

2024-10-28 19:28

Platform

win10v2004-20241007-en

Max time kernel

265s

Max time network

379s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Wannacry

ransomware worm wannacry

Wannacry family

wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\hitmanpro37.sys C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
File opened for modification C:\Windows\system32\drivers\hitmanpro37.sys C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD141B.tmp C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD1422.tmp C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\hitmanpro37 C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\hitmanpro37.sys C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 185.228.168.9 N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\muueckti936 = "\"C:\\Users\\Admin\\Downloads\\RANSOMWARE-WANNACRY-2.0-master\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Maps connected drives based on registry

Description Indicator Process Target
Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\@[email protected] N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected] N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\HitmanPro\HitmanPro.exe C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
File created C:\Program Files\HitmanPro\hmpsched.exe C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
File created C:\Program Files\HitmanPro\HitmanPro.exe C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File created C:\Users\Admin\Downloads\HitmanPro_x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\attrib.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\TaskData\Tor\taskhsvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\@[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskse.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskdl.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\reg.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected] N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters\Storport\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Storport\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Storport C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\Storport\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\Storport C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters\Storport C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters\Storport C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\Storport\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\ C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\Storport C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Storport C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Device Parameters\Storport C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Device Parameters\Storport C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4 C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 0f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070301620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee420000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 19000000010000001000000063664b080559a094d10f0a3c5f4f62900300000001000000140000002796bae63f1801e277261ba0d77770028f20eee41d000000010000001000000099949d2179811f6b30a8c99c4f6b4226140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e3620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae409000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec537261877620000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\HitmanPro_x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\TaskData\Tor\taskhsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\TaskData\Tor\taskhsvc.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskse.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2288 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 1160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 4016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2288 wrote to memory of 3592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,1706379914336094933,14425651447286584702,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,1706379914336094933,14425651447286584702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,1706379914336094933,14425651447286584702,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1706379914336094933,14425651447286584702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1706379914336094933,14425651447286584702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,1706379914336094933,14425651447286584702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,1706379914336094933,14425651447286584702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1706379914336094933,14425651447286584702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1706379914336094933,14425651447286584702,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1706379914336094933,14425651447286584702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,1706379914336094933,14425651447286584702,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e57cd47-76d9-4c1e-9b7c-d3250b518ed6} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2440 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9431674-b91b-4163-aba1-c5e3a8a39493} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2888 -childID 1 -isForBrowser -prefsHandle 3064 -prefMapHandle 1576 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6971f2b7-10ea-4eaa-aa39-6a34e866c1c1} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3688 -childID 2 -isForBrowser -prefsHandle 1452 -prefMapHandle 2644 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {676031f5-51a2-4db4-a812-036046bc766f} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5036 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5024 -prefMapHandle 5028 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8864cd95-62f0-4b7e-9448-4bc989dd94b8} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 3 -isForBrowser -prefsHandle 5384 -prefMapHandle 1384 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {544699eb-87f5-4165-a717-0b84494a58d1} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5412 -childID 4 -isForBrowser -prefsHandle 5404 -prefMapHandle 5400 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb5a48eb-62b0-4be3-9a2f-c01912003cc4} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 5 -isForBrowser -prefsHandle 5808 -prefMapHandle 5804 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16888095-84bb-422d-9242-2eb39765fe6d} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6048 -childID 6 -isForBrowser -prefsHandle 6060 -prefMapHandle 6056 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {277f8d2d-0973-4515-aac3-e1a659041f0d} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3716 -childID 7 -isForBrowser -prefsHandle 6200 -prefMapHandle 4312 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {806ea6a4-d1d1-40e0-a919-1ca15ca96191} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5480 -childID 8 -isForBrowser -prefsHandle 5668 -prefMapHandle 5504 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {faf1a095-9703-44bc-a0ba-1fb5cdf34fca} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 9 -isForBrowser -prefsHandle 5500 -prefMapHandle 5588 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1966c15-9569-402d-be90-b4d4c33fd622} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7532 -childID 10 -isForBrowser -prefsHandle 7524 -prefMapHandle 7444 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20a79b01-06d4-4f21-8952-685de56ceac9} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7668 -childID 11 -isForBrowser -prefsHandle 7676 -prefMapHandle 7680 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7de6df3-9e71-49c6-adfb-a3d8a806272f} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6540 -childID 12 -isForBrowser -prefsHandle 5244 -prefMapHandle 5944 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2facaa1e-316e-4cea-a560-6aa3e211d529} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8028 -childID 13 -isForBrowser -prefsHandle 8040 -prefMapHandle 8036 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5dc5def6-d01c-4742-97da-5f1f23f55fcf} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap11992:122:7zEvent7277

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\" -an -ai#7zMap19992:162:7zEvent5422

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\" -an -ai#7zMap11247:162:7zEvent22285

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 56751730143505.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\SysWOW64\attrib.exe

attrib +h +s F:\$RECYCLE

C:\Users\Admin\Downloads\HitmanPro_x64.exe

"C:\Users\Admin\Downloads\HitmanPro_x64.exe"

C:\Program Files\HitmanPro\hmpsched.exe

"C:\Program Files\HitmanPro\hmpsched.exe"

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

@[email protected] co

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

@[email protected] vs

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\TaskData\Tor\taskhsvc.exe

TaskData\Tor\taskhsvc.exe

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\Downloads\@[email protected]

"C:\Users\Admin\Downloads\@[email protected]"

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "muueckti936" /t REG_SZ /d "\"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\tasksche.exe\"" /f

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "muueckti936" /t REG_SZ /d "\"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\tasksche.exe\"" /f

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

@[email protected]

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf4,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8448 /prefetch:1

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

@[email protected]

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x134,0x138,0x13c,0x110,0x140,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x94,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x40,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0xf8,0xfc,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xbc,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf4,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3712223240072407324,8982456153704531658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xd4,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x74,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.hitmanpro.com/en-us/buy-now.aspx?cmp=701j0000001noQUAAY

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdcf3146f8,0x7ffdcf314708,0x7ffdcf314718

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskse.exe

taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskdl.exe

taskdl.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:57840 tcp
US 8.8.8.8:53 209.181.211.34.in-addr.arpa udp
N/A 127.0.0.1:57847 tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 67.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
IT 92.122.225.216:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-5hne6nzy.gvt1.com udp
NL 172.217.132.167:443 r2---sn-5hne6nzy.gvt1.com tcp
US 8.8.8.8:53 r2.sn-5hne6nzy.gvt1.com udp
US 8.8.8.8:53 r2.sn-5hne6nzy.gvt1.com udp
NL 172.217.132.167:443 r2.sn-5hne6nzy.gvt1.com udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 216.225.122.92.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 167.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 142.250.200.17:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 17.200.250.142.in-addr.arpa udp
GB 142.250.200.17:443 csp.withgoogle.com udp
GB 216.58.212.202:443 ogads-pa.googleapis.com tcp
GB 216.58.212.202:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.212.202:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.14:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.14:443 play.google.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.206:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.206:443 consent.google.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.hitmanpro.com udp
GB 2.18.27.161:443 www.hitmanpro.com tcp
US 8.8.8.8:53 e131187.b.akamaiedge.net udp
US 8.8.8.8:53 e131187.b.akamaiedge.net udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 161.27.18.2.in-addr.arpa udp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 pricingapi.cleverbridge.com udp
US 104.16.242.229:443 pricingapi.cleverbridge.com tcp
US 8.8.8.8:53 pricingapi.cleverbridge.com udp
US 8.8.8.8:53 pricingapi.cleverbridge.com udp
US 8.8.8.8:53 42.87.18.104.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 229.242.16.104.in-addr.arpa udp
US 8.8.8.8:53 sophos-privacy.my.onetrust.com udp
US 172.64.155.119:443 sophos-privacy.my.onetrust.com tcp
US 172.64.155.119:443 sophos-privacy.my.onetrust.com tcp
US 8.8.8.8:53 sophos-privacy.my.onetrust.com udp
US 8.8.8.8:53 sophos-privacy.my.onetrust.com udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 e131187.b.akamaiedge.net udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 download.sophos.com udp
GB 184.26.189.236:443 download.sophos.com tcp
US 8.8.8.8:53 e13687.d.akamaiedge.net udp
US 8.8.8.8:53 e13687.d.akamaiedge.net udp
US 8.8.8.8:53 236.189.26.184.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 www.mozilla.org udp
GB 13.224.77.115:443 www.mozilla.org tcp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 115.77.224.13.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
OM 192.178.24.131:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
GB 142.250.200.17:443 csp.withgoogle.com udp
US 8.8.8.8:53 id.google.com udp
GB 216.58.212.202:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 131.24.178.192.in-addr.arpa udp
OM 192.178.24.131:443 id.google.com udp
GB 142.250.178.14:443 play.google.com udp
US 8.8.8.8:53 www.kaspersky.com udp
DE 185.85.15.47:443 www.kaspersky.com tcp
US 8.8.8.8:53 multisite3.geo.kaspersky.com udp
US 8.8.8.8:53 multisite3.geo.kaspersky.com udp
US 8.8.8.8:53 47.15.85.185.in-addr.arpa udp
US 8.8.8.8:53 sgtm.kaspersky.de udp
US 8.8.8.8:53 content.kaspersky-labs.com udp
US 216.239.38.21:443 sgtm.kaspersky.de tcp
US 8.8.8.8:53 sgtm.kaspersky.de udp
US 8.8.8.8:53 media.kaspersky.com udp
RU 77.74.178.40:443 content.kaspersky-labs.com tcp
RU 77.74.178.40:443 content.kaspersky-labs.com tcp
RU 77.74.178.40:443 content.kaspersky-labs.com tcp
RU 77.74.178.40:443 content.kaspersky-labs.com tcp
RU 77.74.178.40:443 content.kaspersky-labs.com tcp
US 8.8.8.8:53 multisite2.geo.kaspersky.com udp
US 8.8.8.8:53 sgtm.kaspersky.de udp
DE 185.85.15.31:443 media.kaspersky.com tcp
US 8.8.8.8:53 multisite-support.geo.kaspersky.com udp
US 8.8.8.8:53 multisite2.geo.kaspersky.com udp
US 8.8.8.8:53 multisite-support.geo.kaspersky.com udp
DE 185.85.15.31:443 multisite-support.geo.kaspersky.com udp
US 8.8.8.8:53 dpm.demdex.net udp
IE 52.50.97.18:443 dpm.demdex.net tcp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 21.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 40.178.74.77.in-addr.arpa udp
US 8.8.8.8:53 31.15.85.185.in-addr.arpa udp
US 8.8.8.8:53 18.97.50.52.in-addr.arpa udp
US 8.8.8.8:53 api-router.kaspersky-labs.com udp
RU 77.74.178.40:443 api-router.kaspersky-labs.com tcp
RU 77.74.178.40:443 api-router.kaspersky-labs.com tcp
RU 77.74.178.40:443 api-router.kaspersky-labs.com tcp
US 8.8.8.8:53 kaspersky.demdex.net udp
US 8.8.8.8:53 cm.everesttech.net udp
US 8.8.8.8:53 otr.kaspersky.com udp
IE 66.235.152.221:443 otr.kaspersky.com tcp
US 8.8.8.8:53 kaspersky.com.data.adobedc.net udp
IE 63.32.87.126:443 kaspersky.demdex.net tcp
US 8.8.8.8:53 cm.everesttech.net.akadns.net udp
US 8.8.8.8:53 kaspersky.com.data.adobedc.net udp
US 8.8.8.8:53 cm.everesttech.net.akadns.net udp
IE 54.154.185.216:443 cm.everesttech.net.akadns.net tcp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 221.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 216.185.154.54.in-addr.arpa udp
US 8.8.8.8:53 126.87.32.63.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.com udp
RU 87.250.250.119:443 mc.yandex.com tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 cdn.gbqofs.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 www.redditstatic.com udp
US 8.8.8.8:53 track.omguk.com udp
US 8.8.8.8:53 resources.xg4ken.com udp
US 104.18.18.104:443 cdn.gbqofs.com tcp
US 8.8.8.8:53 cdn.gbqofs.com udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 dualstack.reddit.map.fastly.net udp
US 8.8.8.8:53 a1916.dscg2.akamai.net udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
IE 52.48.117.91:443 track.omguk.com tcp
US 8.8.8.8:53 track.omguk.com udp
US 8.8.8.8:53 www.dwin1.com udp
US 8.8.8.8:53 js.go2sdk.com udp
US 8.8.8.8:53 alb-ireland-ext-ingress-group-474278744.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 cdn.gbqofs.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 kasperskycom.push4site.com udp
US 8.8.8.8:53 s.retargeted.co udp
US 8.8.8.8:53 dualstack.reddit.map.fastly.net udp
US 8.8.8.8:53 a1916.dscg2.akamai.net udp
US 8.8.8.8:53 track.omguk.com udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 d2pbcviywxotf2.cloudfront.net udp
US 8.8.8.8:53 alb-ireland-ext-ingress-group-474278744.eu-west-1.elb.amazonaws.com udp
NL 18.239.83.66:443 js.go2sdk.com tcp
US 8.8.8.8:53 js.go2sdk.com udp
US 172.67.206.65:443 s.retargeted.co tcp
US 8.8.8.8:53 s.retargeted.co udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 d2pbcviywxotf2.cloudfront.net udp
US 104.26.4.117:443 kasperskycom.push4site.com tcp
US 8.8.8.8:53 kasperskycom.push4site.com udp
US 8.8.8.8:53 js.go2sdk.com udp
US 8.8.8.8:53 s.retargeted.co udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 kasperskycom.push4site.com udp
US 8.8.8.8:53 sgtm.kaspersky.com udp
US 216.239.32.21:443 sgtm.kaspersky.com tcp
US 8.8.8.8:53 sgtm.kaspersky.com udp
US 172.67.206.65:443 s.retargeted.co udp
US 8.8.8.8:53 12346775.fls.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 172.217.16.230:443 12346775.fls.doubleclick.net tcp
GB 172.217.16.230:443 12346775.fls.doubleclick.net tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 push4site.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 104.26.5.117:443 push4site.com tcp
US 8.8.8.8:53 push4site.com udp
US 8.8.8.8:53 c1001.report.gbss.io udp
GB 142.250.200.3:443 www.google.co.uk tcp
IE 52.16.94.111:443 c1001.report.gbss.io tcp
US 8.8.8.8:53 push4site.com udp
US 8.8.8.8:53 mt-eu-1-report-1424566446.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 mt-eu-1-report-1424566446.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 2.18.190.136:443 a1916.dscg2.akamai.net tcp
US 151.101.65.140:443 dualstack.reddit.map.fastly.net tcp
US 150.171.28.10:443 ax-0001.ax-msedge.net tcp
IE 54.73.203.83:443 alb-ireland-ext-ingress-group-474278744.eu-west-1.elb.amazonaws.com tcp
NL 18.238.243.92:443 d2pbcviywxotf2.cloudfront.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
BE 74.125.133.157:443 stats.g.doubleclick.net tcp
GB 172.217.169.36:443 www.google.com tcp
US 8.8.8.8:53 104.18.18.104.in-addr.arpa udp
US 8.8.8.8:53 91.117.48.52.in-addr.arpa udp
US 8.8.8.8:53 65.206.67.172.in-addr.arpa udp
US 8.8.8.8:53 119.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 66.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 117.4.26.104.in-addr.arpa udp
US 8.8.8.8:53 21.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 230.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 117.5.26.104.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 111.94.16.52.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 pixel-config.reddit.com udp
US 8.8.8.8:53 alb.reddit.com udp
US 151.101.65.140:443 alb.reddit.com tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 reddit.map.fastly.net udp
US 151.101.1.140:443 reddit.map.fastly.net tcp
BE 74.125.133.157:443 stats.g.doubleclick.net udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 reddit.map.fastly.net udp
US 8.8.8.8:53 l-0005.l-msedge.net udp
US 151.101.193.140:443 reddit.map.fastly.net tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 13.107.246.64:443 s-part-0036.t-0009.t-msedge.net tcp
US 8.8.8.8:53 c.clarity.ms udp
US 8.8.8.8:53 c-msn-com-nsatc.trafficmanager.net udp
US 8.8.8.8:53 c-msn-com-nsatc.trafficmanager.net udp
IE 13.74.129.1:443 c-msn-com-nsatc.trafficmanager.net tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 star-mini.c10r.facebook.com tcp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.237:443 c.bing.com tcp
US 8.8.8.8:53 dual-a-0034.a-msedge.net udp
US 8.8.8.8:53 b.clarity.ms udp
US 8.8.8.8:53 dual-a-0034.a-msedge.net udp
US 4.153.129.168:443 b.clarity.ms tcp
US 8.8.8.8:53 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com udp
GB 163.70.151.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 136.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 140.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 92.243.238.18.in-addr.arpa udp
US 8.8.8.8:53 157.133.125.74.in-addr.arpa udp
US 8.8.8.8:53 83.203.73.54.in-addr.arpa udp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 140.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 168.129.153.4.in-addr.arpa udp
US 8.8.8.8:53 archive.org udp
US 8.8.8.8:53 archive.org udp
US 207.241.224.2:80 archive.org tcp
US 207.241.224.2:80 archive.org tcp
US 8.8.8.8:53 archive.org udp
US 207.241.224.2:80 archive.org tcp
US 8.8.8.8:53 2.224.241.207.in-addr.arpa udp
US 8.8.8.8:53 analytics.archive.org udp
US 207.241.225.195:443 analytics.archive.org tcp
US 8.8.8.8:53 analytics2.us.archive.org udp
US 8.8.8.8:53 analytics2.us.archive.org udp
US 207.241.224.2:80 archive.org tcp
US 8.8.8.8:53 195.225.241.207.in-addr.arpa udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.22:443 glb-db52c2cf8be544.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 scan.hitmanpro.com udp
US 8.8.8.8:53 files.surfright.nl udp
NL 185.105.204.28:443 files.surfright.nl tcp
NL 52.174.35.5:80 scan.hitmanpro.com tcp
US 8.8.8.8:53 28.204.105.185.in-addr.arpa udp
US 8.8.8.8:53 5.35.174.52.in-addr.arpa udp
US 8.8.8.8:53 remnants.hitmanpro.com udp
NL 23.97.160.56:443 remnants.hitmanpro.com tcp
US 185.228.168.9:53 8.8.8.8.zen.spamhaus.org udp
US 8.8.8.8:53 9.168.228.185.in-addr.arpa udp
FR 163.172.139.104:443 tcp
NL 194.109.206.212:443 tcp
CZ 37.157.195.87:443 tcp
US 8.8.8.8:53 hash.hitmanpro.com udp
NL 23.97.160.56:443 hash.hitmanpro.com tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:60827 tcp
FR 5.35.251.247:9001 tcp
US 199.254.238.52:443 tcp
CZ 31.31.78.49:443 tcp
NL 52.174.35.5:443 scan.hitmanpro.com tcp
US 8.8.8.8:53 49.78.31.31.in-addr.arpa udp
US 128.31.0.39:9101 tcp
US 8.8.8.8:53 200.79.70.13.in-addr.arpa udp
SE 109.105.109.162:60784 tcp
DE 46.20.35.116:443 tcp
US 8.8.8.8:53 162.109.105.109.in-addr.arpa udp
US 8.8.8.8:53 116.35.20.46.in-addr.arpa udp
US 8.8.8.8:53 167.57.26.184.in-addr.arpa udp
US 8.8.8.8:53 www.hitmanpro.com udp
GB 2.18.27.157:443 www.hitmanpro.com tcp
GB 2.18.27.157:443 www.hitmanpro.com tcp
US 8.8.8.8:53 157.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.16.243.229:443 pricingapi.cleverbridge.com tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 229.243.16.104.in-addr.arpa udp
GB 2.18.27.157:443 www.hitmanpro.com tcp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

\??\pipe\LOCAL\crashpad_2288_INYTFZGOBKQFPDIB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f4e9c0b33d58a45e9f194d0857139fff
SHA1 2e90fdad912c618896376a65748003c4d495b32a
SHA256 65bf21afa547d8f55187f38478366f6705e27c44f181f05dc43bc49f4392072a
SHA512 f6bdeb61404983640628e1ecc48f4132d3fe356055a1af6df825582e129a09a7b9953cad20ed571e1a07c900d32d11873cb0e62bde42972cebbb39e1aab7ff81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 08b349649c65dd4158b7a64659048104
SHA1 d0b090bafff3278bdddc7da05c1831110b3c01c9
SHA256 a6851f963edc304608e81421e7873146e756ee814838ddc32104a1caf9360f5b
SHA512 ae556266cd52830f714d28540b0c017ac56ab27367ba08e1e8d2d474eaa570ffa16e90dc7facce3cdbc20598744f97ba8da220d263475db83533a670f4acf416

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5cc11a65be65e0be352347bebd9f8170
SHA1 4d006076033e325516b2407f1f416c594109a998
SHA256 3dd5b6741cd6c904a2b21d91a3682c6c47a938edaf80ec23348c2e9ed78aa257
SHA512 e23c418fa8d4eb27ffad2dc10bfa77b115e4b890d7b104cad393fad11628cc6305cfa38d2a9edebb9951bfd0e00f6157fff8275a6608852ad293d1c9bef28271

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2a0218a82ad5cce8d9919b7d1822394f
SHA1 f1c0cdb9a362d7a18516ba91e32082159dfdf909
SHA256 1a0c4389f5b3512b34fa29f68f07f7f5eb55a686d2a620c5cbbacbe984bb5ba9
SHA512 474e8978c9af497ee8d620f8ae98a2ddf345a9e96e3323db64f587f3b8af4b169f58d39e1eb9ba93d549318f71df5ff880b12405405b9b9058e27ddbd689f33b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2a64f64e6cdc21691e6d05a1c6ac2603
SHA1 91fce7b4c4e427b73515adb5184bc4c2855a5667
SHA256 146dce90725b669210a33f9af222c2e784e997fbf603e9794205ab7f58da9abb
SHA512 149feac924b73224f500cc348f4b57907dabfde6f8218cad83df325c8ba786d55f92a346184058ca240781e1b4ecffa3f665c6053ed202c901b21b0c3b6893bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\f62368e9-0589-468d-938c-f5f84981dd3a

MD5 facc5cb14ed1331eb855d1a51754a5be
SHA1 f8cb09967ac53c209770202ca8830f9151a7236a
SHA256 8510f53ce64aacb81d187657b8679c5eaf1967f4f079212be20fce135bcb6d0c
SHA512 07363d0034deb0ef90ba82e315b06c8c22fef14f15ff5b9c6d4c7641bb691e34ba25a99ccea9411c412519fddcba42750cf588d69578ae4e7b8ffade8a553103

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\edb12a0c-9e95-48fc-a136-c491bf165d0e

MD5 e201dda278617c31684d290f0940e54b
SHA1 65a34e37cd78029e1130f6d767280ca20cab8b8c
SHA256 02e31aae849ab4995c1fe185012fba3fb66d8db99c46161ad38965758a5fff79
SHA512 28b3ca75bb3a6f338c67591fe2819b6222420b4a730af787e47d690d2938979ae915230641c22ec7614c6c5e7b0ce77cbfd9db3bdd54da4d1117c38e4b446615

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\3969ea6e-b843-4665-a52c-ed9844a7307c

MD5 562876f222976bf0369136eb242e4995
SHA1 24eb2233364620b8bf5939dc4a522026551f8ae4
SHA256 adf4afd3d71684330ccc78a27fd75248b4053ce7769af24af647ab6fbe4d28bc
SHA512 44d65c67a696f902aa4a63b66ac386b95fc61195d213598d6787544528fb68c48c100eee3be18498e5abaa3ea6a958b27e105fd0edeffe6bd4bef6b9704f279a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

MD5 863932e924535e03f94fae5f04da47b2
SHA1 89886fe9873415d102e5a1d1d2676986082d9dea
SHA256 1f1e65797a6797f464692bf6417d6fe2c463e8afb016048edf9d24e897ba86c9
SHA512 7bef590aeb6b29b4f89ee8429c83d29c80f144768d8ca23c3f625695c37c2de57333c0d933a24c67589930414bd96d2dc8f489574e2b34f6f048c526aaf844d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin

MD5 2360eb8824fe91b2a0251339e696b45f
SHA1 5f551853804afaab3c644a8ee344edf4316f4d64
SHA256 4db349c605e2596c96d33fce81c7ad898b3cce0f8c46f304fdfb0928d8a53475
SHA512 87d926dc73ce6ca48b5436028ba65a850194ee45fa0b146da7edc350b8ff55ca210da106bb8eb3bc66238bfebd4b24de81d467d5e6d5cc36da4ad5dbea355f8a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\activity-stream.discovery_stream.json

MD5 307f7072d730070ac4832d0003e47473
SHA1 d793dd3e3f8e45945555d8f7901a482d347cd26f
SHA256 e4b44247bb70653a84074c4d89dbab767370152948d607b4a6aece6712b26bd1
SHA512 900574003cada0c19c4f9ec46cde30a5417292a8cfe6f30e2a6e47e9734e43d1aba3ed5407aeb927edfc06feaf68753533150a8c1716d99bce34efc9214779c2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

MD5 f5e5b4fe9a404e638473c9fb9012d255
SHA1 8c0c616683b1904c70ef122e49cd800fd0c9aea1
SHA256 c6707ec0ce277ed08fbc42a46a853251113c75a3561d2dd5a3daa01fbbc9b86b
SHA512 b0156e880b23d7541fdbb4b9af3c2d2ea0162e9fa2e8c99353b95a2a7f849fd89d73b816c272c7f71f7097a96086775ab3a12e618a479b733d0028de453c1ab5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

MD5 b6b97ed934b577b2002f3b6537387565
SHA1 f8213c842d41cf5aeb79ebc794d3b482b404c8a2
SHA256 0fe55a1cc703bb822b315623c56d7c3d4ffe1000ab65acbb62354fa28435baaa
SHA512 c6c9de974328654d7d11c7f750b04cb828005ab3cd47cdbec5110725232108804de268588240cad8026c1e574c85ad8cdfb0de45d67feacce09e4726a569d56f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

MD5 48fea7f1ac9a4f9a9dbb4225a1e9758e
SHA1 b2d040cb67476e8cb55dd25c07bbc1a20dcd8ecd
SHA256 5d0fca1bf5d4154f94591ca1dc22cd9f255bdc150b8151bc4521b7f755dcb22f
SHA512 811463fb931402d0c9c8ef4a87add8c47298036a45d498d6800a7b57a8276d26c7f0aac56c537baf962ec06e3b351d6a45bf34ae42a8d9be7c0e58e29fdb1bbc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

MD5 945ffa7934330e343118ec2247346bf7
SHA1 a6defc98d1889d89da4abeaa2ed4017158634700
SHA256 ca00c97cd9279f1195b506be2c1cadd4b7935b91ea260aecd4e5685a6b659be0
SHA512 2f058ebb169c688274ce98fa8ff303d53e675cf335215a7af995388a38a49c0dc64c59d694011377de9be3c4c5940bedc20d1288ab3c132cdc175b3d4d9a9585

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin

MD5 87956f2f3c698e9cec88140fb4e995d8
SHA1 5fe3df53ca24b08375851ee8feb6246e91567cce
SHA256 2a7c6e14c4ab1c528270d85ae27c6ab62bbd098b80dd4ee370ba393b52bd729f
SHA512 6a4ef87014f2c75026d9c5ee431df6129e9a36cd6a60518d35ef835dd79d0a997a71aa4e4628570fa9425403b315eb8f7f5fb84f69c7a782d52432acc1a75cc0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js

MD5 8ad2cb17fec4b5574b3ea891e1f6b241
SHA1 5744375b85024fd74d760e4a6a87ddc3965175fb
SHA256 6160b7e3f62e17beb2ef99db34e7f1b75c11042450336365007a7c0bd1f53a39
SHA512 a2c0be4c6bd4c0db731d971a8364fe358b63eec62a495e3c37b0ab08b54fcec472dc859c38524311ce9a2d3ad9dbd4cb7525d37278bd99e85bd335c48f77ed2b

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

MD5 d6027b3758678dafadc4f375e0a16bd5
SHA1 80a17f7b3528fceda980b56345b69749c59c61ec
SHA256 c841481d84daf0475f68bd63adb97b3e3441581a0ae2c931e682b861872c294d
SHA512 36ac504a6c2b178a355c524aab46ff8d6eb434d39188af9b7b1ab813fac24005735ddb682c86a9b4813ea830a02ccb6955b8f80631a9a55faab1dd210012d7f2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

MD5 7d87df84c14debc99a13f4b1a0b166aa
SHA1 646edc8180de3dc7c187445996af51aba686504e
SHA256 667461ca96ae3a44df4679f74257aaff7ae39ca36a1ca0a274157e8234dcd3ce
SHA512 162b0f2f63d4385bb3c7499726a15f44ef3a72ccf9e05fc0c262dcb96304a6a064650706168e295e7fa36401fc848f1c0c31965e398975ed6e8aaf0aadfc41da

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

MD5 ec661deb9028295d3b218bbad6532ad3
SHA1 4da95db0ff86b06c67068d36a7ac928f363af3be
SHA256 975868b152c8411fc663ab3deee8b4bdbc10d80a6043ea0df14695850fe58e6a
SHA512 b4dce0ca348171003c8bdfa5bd6b53b59dc54278a077c391ac5aaac5f62d73c3e1c3c87f46ab11c9c2b35577a4450d406853a4491f9177a585f3cdd625b21c3e

C:\Users\Admin\Downloads\HitmanPro_x64.jn7ZNigE.exe.part

MD5 10dc710dd495e9078ce79b26e18591e0
SHA1 aef434d6b77158dd2accd746bbc727bbc3367adc
SHA256 be5389a28e952d7ab2d9447c1bdb8eb7d11b24cb02e4b18da367715c2acfdd15
SHA512 959c5cb47b9d1c21ddfe2eaac14e0c99c758aab85036705c072525e70255957abc97412ab0ceadd2adbebc1b176699614f71bf50689cf9ff97891e6216a15dc5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

MD5 971d4ee7ef6d3820d879d1b88e67de37
SHA1 00646996af9fe523387f3c52ebf9f7d6967c97d7
SHA256 63703bf9c50538983a7fe508f1155132fe5db276c525ed42521342be5960ee62
SHA512 0595a0f17787b874c3b89ede62a63ad81d01a8fa4b69a6854b90ccb8ae751866cbe7a866dcba4124fda6271e30ba530f43a483eab8aa3bbdfaf230f9889a0c45

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

MD5 33ddb81a5fe76c3a062609dee2539844
SHA1 e52e9f74b63aef093630e3b93dc93de6ff551225
SHA256 c6b379b0fd78f4d61d54fb14d0bd12e4e922b14f8d60e881dbfcc9d47a99d58d
SHA512 04a85b17ab5159511ccbcb83a4b56222eec4daff618d39ccac644c8ed503e15f0eff5595f90be88197ce0b3b5d4d56296c1619bc24e4592ad63e8ef52a7fea8f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

MD5 5bfa8cb4bf2bb1bc2aa0c84780f1de08
SHA1 76d68cbceabe9bbfe7ea6477498742cbe3ffbf11
SHA256 4ac976fef1ed12735f7d61493dc60e7d9398fb488b2c0b6c5c5b88890ea8a9f2
SHA512 42ea492e0b014cbd44ad149872f20297da13e44e87b4de8f040c6f15c4cb05e4e54fa2c85cbcc74bc128281ab08a6fbdf341dee9342c5dcdb9c9c078e1e4ce2f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cache2\entries\F9E32F5D7583CD0BBB518FB0C8FDC554F0E81102

MD5 ff2231f07347b1bf421853f6254cade6
SHA1 240de46ddae6d48dc854b3e16b224f4fa2a34679
SHA256 fb8f9241fed2c64ebb00af90b582ca340d1ed90214cec1dd67316af32062fbf7
SHA512 58993b936bdc5a54131bf638820caa76e7f3fecd9fd3dfe7b59f351da0cb6a827ff1f933a1814813ece27f64df233ee5fa0ea46235d94d2534a8d1fae4631ba7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

MD5 2aadfaf209116d768b765b3c5376fd38
SHA1 9ca4ed0161add4803e121e174dd4bec93419dd9e
SHA256 cac21698acd82e65b190e54808f754400121ec8c338eb429de161f5cb5f55d8c
SHA512 424f161269a864e5d67d30d661db368941eb4380afc3ad76dffe02b6e8d4e393159156a1613dd6f4f5d289b57474c2101e91e6cd8a335b7ef1baecf8c3a1000f

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.8X89O7Yl.0-master.zip.part

MD5 017f199a7a5f1e090e10bbd3e9c885ca
SHA1 4e545b77d1be2445b2f0163ab2d6f2f01ec4ca05
SHA256 761e037ee186880d5f7d1f112b839818056f160a9ba60c7fb8d23d926ac0621f
SHA512 76215a26588204247027dcfdab4ea583443b2b2873ff92ad7dd5e9a9037c77d20ab4e471b8dd83e642d8481f53dbc0f83f993548dc7d151dead48dc29c1fdc22

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

MD5 2ff21ea44b0b208890b7251faeecf360
SHA1 d2eac845c0dbe141ce7a35798b52d6cae935c352
SHA256 88609cfc048163db71dab9ce76397890f95e056512523c0efa69f2b4a8be7f3b
SHA512 dcae40c57018670e58846eec04253863638cb0fdac1db00f5c736d97ca5adec475060bf10afb520cc1c9c2f3d9b6743e06c248bd2d6cb3e7eac67bd0f15cdbea

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry.zip

MD5 efe76bf09daba2c594d2bc173d9b5cf0
SHA1 ba5de52939cb809eae10fdbb7fac47095a9599a7
SHA256 707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a
SHA512 4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

MD5 71535ca648066cd469f03b2badb30739
SHA1 6db2694170ec9f1aea6b036e087ac57a646888c8
SHA256 3bee1900274ff9fa157f754745f29a492132f49607b4d0317cda658319ac423b
SHA512 8737b921ff59fab88ee1918bffdb4708423457e94327d434144db64f032fedb441cf06a551cb566e4591dbe9e41982dd5d786756f409e58bb248e0865f01a978

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

MD5 84c82835a5d21bbcf75a61706d8ab549
SHA1 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467
SHA256 ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
SHA512 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_finnish.wnry

MD5 35c2f97eea8819b1caebd23fee732d8f
SHA1 e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA256 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\c.wnry

MD5 8124a611153cd3aceb85a7ac58eaa25d
SHA1 c1d5cd8774261d810dca9b6a8e478d01cd4995d6
SHA256 0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e
SHA512 b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\LICENSE

MD5 84dcc94da3adb52b53ae4fa38fe49e5d
SHA1 12d81f50767d4e09aa7877da077ad9d1b915d75b
SHA256 589ed823e9a84c56feb95ac58e7cf384626b9cbf4fda2a907bc36e103de1bad2
SHA512 552aec8d120c9d931769f6a6b794716fce978d0055715de21746dc0f064f4a0f72b6be42d4828b98a56715b23fa427c1f66fd20aca0ef1751cc384c420db1605

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\u.wnry

MD5 7bf2b57f2a205768755c07f238fb32cc
SHA1 45356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256 b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA512 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskse.exe

MD5 8495400f199ac77853c53b5a3f278f3e
SHA1 be5d6279874da315e3080b06083757aad9b32c23
SHA256 2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d
SHA512 0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\taskdl.exe

MD5 4fef5e34143e646dbf9907c4374276f5
SHA1 47a9ad4125b6bd7c55e4e7da251e23f089407b8f
SHA256 4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79
SHA512 4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\t.wnry

MD5 5dcaac857e695a65f5c3ef1441a73a8f
SHA1 7b10aaeee05e7a1efb43d9f837e9356ad55c07dd
SHA256 97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6
SHA512 06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\s.wnry

MD5 ad4c9de7c8c40813f200ba1c2fa33083
SHA1 d1af27518d455d432b62d73c6a1497d032f6120e
SHA256 e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b
SHA512 115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\README.md

MD5 39148bc21924851d9082b687dc69e2dc
SHA1 5d1e5490476227aa8877b87aad184031e19dc33a
SHA256 76a94c98df32a1d37cc7f1e2b86bdc524eda3fedcdb35e57de0dd56bd976142f
SHA512 2415bb9de017c086abf8315e4288a04d5eb6048af2637e75843778f24de6834154b68365794b6cbc09ef5da0fe96d5bfce20227bf3656d23b7f148fb60988041

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\r.wnry

MD5 3e0020fc529b1c2a061016dd2469ba96
SHA1 c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade
SHA256 402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c
SHA512 5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_vietnamese.wnry

MD5 8419be28a0dcec3f55823620922b00fa
SHA1 2e4791f9cdfca8abf345d606f313d22b36c46b92
SHA256 1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8
SHA512 8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_turkish.wnry

MD5 531ba6b1a5460fc9446946f91cc8c94b
SHA1 cc56978681bd546fd82d87926b5d9905c92a5803
SHA256 6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415
SHA512 ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_swedish.wnry

MD5 c7a19984eb9f37198652eaf2fd1ee25c
SHA1 06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae
SHA256 146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4
SHA512 43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_spanish.wnry

MD5 8d61648d34cba8ae9d1e2a219019add1
SHA1 2091e42fc17a0cc2f235650f7aad87abf8ba22c2
SHA256 72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1
SHA512 68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_slovak.wnry

MD5 c911aba4ab1da6c28cf86338ab2ab6cc
SHA1 fee0fd58b8efe76077620d8abc7500dbfef7c5b0
SHA256 e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729
SHA512 3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_russian.wnry

MD5 452615db2336d60af7e2057481e4cab5
SHA1 442e31f6556b3d7de6eb85fbac3d2957b7f5eac6
SHA256 02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078
SHA512 7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_romanian.wnry

MD5 313e0ececd24f4fa1504118a11bc7986
SHA1 e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d
SHA256 70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1
SHA512 c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_portuguese.wnry

MD5 fa948f7d8dfb21ceddd6794f2d56b44f
SHA1 ca915fbe020caa88dd776d89632d7866f660fc7a
SHA256 bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66
SHA512 0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_polish.wnry

MD5 e79d7f2833a9c2e2553c7fe04a1b63f4
SHA1 3d9f56d2381b8fe16042aa7c4feb1b33f2baebff
SHA256 519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e
SHA512 e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_norwegian.wnry

MD5 ff70cc7c00951084175d12128ce02399
SHA1 75ad3b1ad4fb14813882d88e952208c648f1fd18
SHA256 cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a
SHA512 f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_latvian.wnry

MD5 c33afb4ecc04ee1bcc6975bea49abe40
SHA1 fbea4f170507cde02b839527ef50b7ec74b4821f
SHA256 a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536
SHA512 0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_korean.wnry

MD5 6735cb43fe44832b061eeb3f5956b099
SHA1 d636daf64d524f81367ea92fdafa3726c909bee1
SHA256 552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0
SHA512 60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_japanese.wnry

MD5 b77e1221f7ecd0b5d696cb66cda1609e
SHA1 51eb7a254a33d05edf188ded653005dc82de8a46
SHA256 7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e
SHA512 f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_italian.wnry

MD5 30a200f78498990095b36f574b6e8690
SHA1 c4b1b3c087bd12b063e98bca464cd05f3f7b7882
SHA256 49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07
SHA512 c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_indonesian.wnry

MD5 3788f91c694dfc48e12417ce93356b0f
SHA1 eb3b87f7f654b604daf3484da9e02ca6c4ea98b7
SHA256 23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4
SHA512 b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_greek.wnry

MD5 fb4e8718fea95bb7479727fde80cb424
SHA1 1088c7653cba385fe994e9ae34a6595898f20aeb
SHA256 e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9
SHA512 24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_german.wnry

MD5 3d59bbb5553fe03a89f817819540f469
SHA1 26781d4b06ff704800b463d0f1fca3afd923a9fe
SHA256 2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61
SHA512 95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_french.wnry

MD5 4e57113a6bf6b88fdd32782a4a381274
SHA1 0fccbc91f0f94453d91670c6794f71348711061d
SHA256 9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc
SHA512 4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_filipino.wnry

MD5 08b9e69b57e4c9b966664f8e1c27ab09
SHA1 2da1025bbbfb3cd308070765fc0893a48e5a85fa
SHA256 d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324
SHA512 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

memory/5780-1409-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_english.wnry

MD5 fe68c2dc0d2419b38f44d83f2fcf232e
SHA1 6c6e49949957215aa2f3dfb72207d249adf36283
SHA256 26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5
SHA512 941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_dutch.wnry

MD5 7a8d499407c6a647c03c4471a67eaad7
SHA1 d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b
SHA256 2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c
SHA512 608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_danish.wnry

MD5 2c5a3b81d5c4715b7bea01033367fcb5
SHA1 b548b45da8463e17199daafd34c23591f94e82cd
SHA256 a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6
SHA512 490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_czech.wnry

MD5 537efeecdfa94cc421e58fd82a58ba9e
SHA1 3609456e16bc16ba447979f3aa69221290ec17d0
SHA256 5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150
SHA512 e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_croatian.wnry

MD5 17194003fa70ce477326ce2f6deeb270
SHA1 e325988f68d327743926ea317abb9882f347fa73
SHA256 3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171
SHA512 dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_chinese (traditional).wnry

MD5 2efc3690d67cd073a9406a25005f7cea
SHA1 52c07f98870eabace6ec370b7eb562751e8067e9
SHA256 5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a
SHA512 0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_chinese (simplified).wnry

MD5 0252d45ca21c8e43c9742285c48e91ad
SHA1 5c14551d2736eef3a1c1970cc492206e531703c1
SHA256 845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a
SHA512 1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\msg\m_bulgarian.wnry

MD5 95673b0f968c0f55b32204361940d184
SHA1 81e427d15a1a826b93e91c3d2fa65221c8ca9cff
SHA256 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd
SHA512 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\b.wnry

MD5 c17170262312f3be7027bc2ca825bf0c
SHA1 f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256 d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512 c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\56751730143505.bat

MD5 f3ac61b3337aa1b2c5dcd3b4f75219cb
SHA1 938f6a8458b42af22c8efecb3bd241646fe1b676
SHA256 93f8b4fea94db8d6650baf60385652ca8a7e565cc3dc9ee82973d7c6e36bdf99
SHA512 9b62a173f41ae2ca0c4fbd7f16bb75b1b7fbf75627bce0d7516be0de5e7ea7d3f77d66fdf7ad618a9752bafb8f4bdabcb3b17ba771514340f9cdbde2e2a7ab99

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\m.vbs

MD5 936382dce12c3227c7398be077a18923
SHA1 b6da0131916c43c57c31ac59c0eefa9f8efe764a
SHA256 0a717704d7b8e857bc1f2e3ad913b345bc48a7c31ee5a54b335ea12f06c32ffa
SHA512 46f6f16a8f6937f241299df16107034b415bf6d17c13a3f2038967d884930b3c1f95262278cbbfb020d069a7dbac200c1bad650053d6cf0301ca1db36a9cbed4

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

MD5 7a2726bb6e6a79fb1d092b7f2b688af0
SHA1 b3effadce8b76aee8cd6ce2eccbb8701797468a2
SHA256 840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5
SHA512 4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\@[email protected]

MD5 233495b74abe744dd84ae6ad0b94cede
SHA1 f453d842cabd678f5576f0657d636962d7e31a53
SHA256 37c5c1b746e516591d5f46f8f30544392a1c7966bddacf67dfdfa2b2ad921a68
SHA512 e809d3f3f2953158f21c4a8ce236d6c9c1a0795a8aef3037e5e0978725da3399a7535ee12daeb71363da502fba99e0f0328d1b158fe642b02896009afff87d33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 c2fa4defaa1c9d9c22e1f4a23be6ffde
SHA1 c56139572a0316cad9aba8acd03b3101c34a6e9d
SHA256 1b78369bc09ee52747fba09603ff106f507e1f219b20c9877b58073979f953d6
SHA512 b6bd560f26d9cf9f98a9226e9d96ccdd6e3694c762e9ecc915e1972a7a0cad1cf0e783b0fbf357e8878ad8e40b6202155d63ef31c731a5167583cdfb256a60e4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\cert9.db

MD5 70eecf2b101e7d042273a0b5b78ea92b
SHA1 ce6c8e49590980839eabbc388a4fbfa4d5e72bca
SHA256 0ca8ad305c940936a6365e921a3ee27692265f90cb6c295c692649b61514e746
SHA512 b4fac60703c4935ee98a2ddd5e1fad4214d548f25f95fadc797cdd2b9413c9578802b8cf4f5aa1f66fe368e7c8f7cfed2a69c1a2d5f73d056974da60334d521a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

MD5 be98034c0c86611b274a317b75be1603
SHA1 ecb2bfbe22529a61e289eb595fcf358685980ffb
SHA256 3c6bfe012c1a02155a83c8f577841ea5e665bf252ac0e3e5b356b090a6090e52
SHA512 293870840f8c4046f3239606e6f9ef210c3e03ea71c7a5544e9900c57aa5d363fca7b9b726354f566ae44c9105d763015e9cefd5cbd317ead96cac6bc8e1f7c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

MD5 fe10f28457ebc2271b8d3859083ba37c
SHA1 6e3dd7a3aafef6a82952fd87564bb03f3e2fa1d6
SHA256 dfcb5891b38121688508b7a4f1cc320a75fd9619aee8ad67cf70f5900a081db2
SHA512 7549dca489a243d8d7e6c63049de07d59e9b8beda1cce70ab105c70056dc749300a6529c23e25a098fdbbd45c1507b24742b5782644a37d0d2d01bc8776fbe9b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Windows\System32\drivers\hitmanpro37.sys

MD5 55b9678f6281ff7cb41b8994dabf9e67
SHA1 95a6a9742b4279a5a81bef3f6e994e22493bbf9f
SHA256 eb5d9df12ae2770d0e5558e8264cbb1867c618217d10b5115690ab4dcfe893c6
SHA512 d2270c13dc8212b568361f9d7d10210970b313d8cd2b944f63a626f6e7f2feb19671d3fcdbdf35e593652427521c7c18050c1181dc4c114da96db2675814ab40

memory/964-2937-0x0000022177DE0000-0x0000022177EF5000-memory.dmp

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\TaskData\Tor\tor.exe

MD5 fe7eb54691ad6e6af77f8a9a0b6de26d
SHA1 53912d33bec3375153b7e4e68b78d66dab62671a
SHA256 e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA512 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

memory/4956-2981-0x0000000073A50000-0x0000000073AD2000-memory.dmp

memory/4956-2982-0x00000000736D0000-0x00000000738EC000-memory.dmp

memory/4956-2984-0x0000000073970000-0x0000000073992000-memory.dmp

memory/4956-2985-0x0000000000D00000-0x0000000000FFE000-memory.dmp

memory/4956-2983-0x00000000739C0000-0x0000000073A42000-memory.dmp

memory/4956-3001-0x00000000738F0000-0x0000000073967000-memory.dmp

memory/4956-2995-0x0000000000D00000-0x0000000000FFE000-memory.dmp

memory/4956-3000-0x00000000736D0000-0x00000000738EC000-memory.dmp

memory/4956-2999-0x0000000073970000-0x0000000073992000-memory.dmp

memory/4956-2998-0x00000000739A0000-0x00000000739BC000-memory.dmp

memory/4956-2997-0x00000000739C0000-0x0000000073A42000-memory.dmp

memory/4956-2996-0x0000000073A50000-0x0000000073AD2000-memory.dmp

memory/4956-3006-0x0000000000D00000-0x0000000000FFE000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

MD5 589243ebf2bbf89cd7c3965afd57b16f
SHA1 fec07974502b0c6a68e6ea9896d9ad040c624967
SHA256 d3ca0bee037abe4b0dd31efd1d344805d3f33baf27431c60605f6e9f8cfd311e
SHA512 c59cd6faecf62ea36e9ef12e071a2de3caa31a8048f54b24431f9ae2e7d2ec13e537b1a85dd0e551889d0a60836c5dbcbacfe65f70f186a9ae62e31db1a1e783

memory/4956-3049-0x0000000000D00000-0x0000000000FFE000-memory.dmp

memory/4956-3054-0x00000000736D0000-0x00000000738EC000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 0cca02f3bafdd4d2b57db814cebfb3f1
SHA1 e07e4f113644de8086eea54629e295f319ccd082
SHA256 a74520b85c7c43bc94d29c9c01ca98e9dbc33d039745b0c2e13e2b9f67506d10
SHA512 6c2462fc30de188490092eb678c20685da47e61c47a5a55fad909634cb9cdff875ddbb653c80ba251c7808546db2b619daa83542f92fe9523fa8062f3ec20762

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 db57fc452a02f054d4912607a54f4745
SHA1 24e8899b5035062ff3d126be9ee29df67ba92959
SHA256 6bd750e35759d5d32d82512c4e9cc558d1acd9081a83330cd79f992aadf29547
SHA512 8f946783afcc346680ebe12ae4fce664715157cb42f0ab715877f1b47854d5690e199d2063996ecef98d8654097a5ef3e8630e5ec77e6660dfeffb2375fd1f47

memory/4956-3113-0x0000000000D00000-0x0000000000FFE000-memory.dmp

memory/4956-3118-0x00000000736D0000-0x00000000738EC000-memory.dmp

memory/4956-3154-0x0000000000D00000-0x0000000000FFE000-memory.dmp

memory/4956-3159-0x00000000736D0000-0x00000000738EC000-memory.dmp

memory/4956-3164-0x0000000000D00000-0x0000000000FFE000-memory.dmp

memory/4956-3173-0x0000000000D00000-0x0000000000FFE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5d936b1d43351f7842948c340cc534ca
SHA1 7d22b26039f6ed476c04aebbf771b770ef28091f
SHA256 a5748fb829b32d3ffab390823066f319ee677a0776d760a7376df4cbb2775ed7
SHA512 2bd75042ccffc65407c3f85af3fdccdd160137068dcdec81d4c33d9b0d78b110294900393e1a5265e1f1364b4c58875277ea1cb0d2477f98bc9568351ae8f77c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ffc39812e2fcd5adcd109fff6e72c856
SHA1 927e636b225729179e43d8d731e3e4552a4f6405
SHA256 0f33fce94f0ebc3522f3d32883771a853a9041a4a59632a70033f12ec352d754
SHA512 da84d9e272245762fd8eb693b83b1beca59d513477e99f798c34f3ce7aeba263ad97834f8c315eb9fcade7d21c1925c13083d411f7fac7bf18594b860c57d6fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 597ba91f4a7ccbb66ce7365cc488168e
SHA1 318ecaadfa1fa009f1c7e2a0366de5b111f99570
SHA256 b2164703ee8dae85a26142e2003e3bbb705057e961859448abd4d62ce39c5280
SHA512 1c631c17aba3fc287b770014e8f28a3bc0eef6ef30c4495fb5248e8b0e384e292651dc42759edfb8c13084ea4ac0460e3035e5d9fc7724a61602f75568309393

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 014a1e40ca44d1618fc18aa2b00b6c69
SHA1 35cc180a61792a19a7e5470bad97979d40999219
SHA256 53c9bfc4c361cefd14cdb5c534639f7cc99fbfbcc8e33448f7d54de6bf46418e
SHA512 556c274f8e80de26596bd4d0156759c52753d725e67c376451a2d217d2860f0ec0d6ec147f8c260c907d26a63d8ba216ebfd343d1875181ebc347cba1c6d7732

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 aab32958cceb4fa06f687af03adbd015
SHA1 88ec2d1b6f16126509b732568e6c2841cc8d47f8
SHA256 a77b6bf15bfb7358a93caa8deb9a8c7f5e1a72bc4099a25da213ccffd9792583
SHA512 0a911728b6747c747bc7764d57bd2f7b153a1d7e002265eba9a31fb31417588740f87220c5bf3e6e6fdacd1c2fa86c17aa0e9bd3dc3082f23d73e8b1833c7ddd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 84845df0d43475cac20aab76fc413513
SHA1 254a5c797fbe007a6eea0bbfb6a718fea47c5754
SHA256 a22e360d2fc126e0146ad5186e9de2cb422e8ee593ea557d7d85fee9ecf5bd9a
SHA512 d40f4e9d6e1041d11959db575c1b96a88d0dcd0512efe01f28e3e2e61f271305807d1bfb286748393a32d82a8b058685b0b7f2bfb3500d3bdd7c36252252d1a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 956bd121bb68f9c0d8c3aa9d4fbba094
SHA1 0c3a6eb9c9d4ec54deca249973d4756230b0185a
SHA256 256c4da488b13640aac86ed0d183575ec3614c892edcd0101add5bd908b09254
SHA512 223740daac7317da7b7187503241599f15609b6aa98b52066ee403301c243382b91f29d63b1154d72b40226b09162c60ea1b3223d03a06e8c2036070ad3aef2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 e566feb0592ff50c80389a6d7272340f
SHA1 31b3d27255578058d81e36a734bad931d4b8d057
SHA256 0164ecee31cc6d8459817139c362cec3d2cc9f24d66cd1ceebcbe22b6bb762d9
SHA512 8f6e85c2549fc4fba37911309b7bba20d41df257cfc7a424ac9a6a10ebcf19d288b2c1775bf871b56a81e5fd0eebcd014bd51207baf565c85fc6c5072dc48eea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 34c603225cb0c2bb402ff0ea9d0775d4
SHA1 e8456d286f59172a8717a944f007d97b3690f1f0
SHA256 8e239e1db704b003e28396c9027c41c7bb9b596854755a6194a01dff675b5e30
SHA512 48c77ed6e517c013141cd6f9e07cc82da3f8332c5f67a82c357f62d07c1b22372f2d6a0075a9f3b07a3ca1de044d909fce75535a071eab2a3a2c502a3702db62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 d26ef71a57c3c1c82d95d0b735d8469b
SHA1 06cf3fb7c4a69a5e8a4d01d6d57167a2b655236d
SHA256 d90ea9be0cd9f747124754979ad93f15d29ea1daff032b58efddafebc1e931c9
SHA512 ab107aad41f0f30d698eb11611cc7606ffb3eeb71158c6fc35148ae156cbf0943af050b5526f9c34dcb5112c3082d0b9a56b3ae132aa710dbccc50cfe80de0af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f0aace79611e0f28_0

MD5 eca70da96ab8ec431f831fef553e8909
SHA1 9fff0894a4cf861cdf31f70ae3e34b5d8bbb854c
SHA256 b32e76a98243070668262fff4d86a1eda437c97a04b1020b424d04af88640270
SHA512 308dd79e8df054fddc705ebe9b0dd0bd5c026d484f21a58b57665a4d8184ef3c35959c452db990a90f2f875ba6d671c409cefa845e8dd893baefbb6ad875fc3f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b7f1436746237703_0

MD5 465882f33b53b1e5551a53a2ef16222c
SHA1 bcb718e826a09cdfddfeed31f546b3471db94f69
SHA256 048147d1fec1db5368257d51b561f7b7e4de6876502a0b1009854eec5bb24c6b
SHA512 786f999716c79e31b2b73e94490a693c18eb0071c4d1f13343051045af4b3122b23cacf38f89dd5e63b9e4683f39f7e810d476efaf182bb20a3c4bc848d3903a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fa7edf1799608247_0

MD5 4f10b7dd361e1aa5e7ba5224fd6deec1
SHA1 f327db6036b059b4c7cef614005c70c02d79d89f
SHA256 52f6f277f2139118f59a5e3d0c0c96e6ca404472abe4ff0272ec8d0b2026aa18
SHA512 68b2eaa13a01e7468fc7221f64c17597067ad070507d6e16ef2802f4ac69a8ebeddbb1e6a2f8042eaf561bab5a69c4ef8428f7a0afcde4f59a67f1f065565b9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cde31569354d26f3_0

MD5 bb8a6053a86136f4c667a4f4017fb362
SHA1 fedcefe9ca88a1a9f0a488f0eb4fbd0a52302cc3
SHA256 264e0350b9e8ea13834f81d1195a97f9f258ecc615d405a14d92de38b2c70ab0
SHA512 35f88ce74eae9d54ee08d970a3420aba278dceba3d106f369e1eb791aa103f074c96fa9d2cccfe273130782c2c8580ef9f2377d5606e398b87c6d1729afe964f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c9529e31622887e8_0

MD5 3d6292a4331f2f15a98603cefeac64f3
SHA1 d0646fab79cc07800abb3a907c8278fe380452c4
SHA256 6d4f2509d5e7a4fcced11c637364114406884a25f3981806eaf6b39fdca06ad0
SHA512 8830d399dca783cc44bfc15feaacc31388484e13d7ba4dd4be871d241d46e11afe229f8b8f1274caea87b3f3fe86fedd0e05c57d74ce054a6637e736f356f45b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2df1c386343331ba_0

MD5 51e5af963e3ca707a50948a483c34d72
SHA1 d6b348cfe148c3cf5b365b472e2f426d9feb46e8
SHA256 155ffccdd01969f16c9b76af7ed69313ec2e9b03648b5f8e48b21a4761aa6a3c
SHA512 3aeee04308a74b147822fa5931b3693be60f3aa0edd7c7b752ff4ea15f55b833833d9b06dfbcc9948b80b449a8ee43841ee33a1762b3e568a6f407735ad03796

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\329c1ffe293b25b7_0

MD5 146ac6cf11a13d9c7c5d2dbc9863246d
SHA1 002a6068f03a80f826bc1488acff335d23a39f04
SHA256 398d5bacfbba34c6acd38052ff72387840404bb87e5f8d4832b820f6abb498f1
SHA512 f82dcb4f27aee901f0218833ac551ecc14e8f9d4ff324e9f8a6b4f46589717b41dc25e9cbbd351cc13527105d908cc81076fb9e21b67cda7593726a0d920fae8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f0aace79611e0f28_0

MD5 87c2fff91d97047d942213828c0285fd
SHA1 fde1e2c279e6e0eb833571e9f45b86be62f96e7f
SHA256 288c225b1c20c9ca5ec2ce11ffbb4067a5e259022646c4ef6cbeb2945bde8764
SHA512 da4f0f1ec4a4d5c40ca37ecc32e103867bdfcaf0b18df4aae198b464b3bcdbacf8f95834476968dee90fdbdc3ca537d3a544ffd251a7ffef584efffca39eb9b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f81679369981c6116d001d8a2b31a24c
SHA1 e4847cc6849342a53717439689be9357a77c598d
SHA256 9844e1890000de15504a67eaa28e826d21cf6070bfa84419420b7c9fd5b33a1a
SHA512 d63c5939e1d6d899e44d086f7fc75d921c7be2191e5e1caa183bf25d378aad52a514b1edc748d1de576fc98c9ba29d2fcbc1a3b3b1fa3a73b3e72064de381f36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f091b07242d46975_0

MD5 8f0a62757661dea71dcb609fb261d49f
SHA1 68a236c5544d0da86383d59519f78772f37d3e7a
SHA256 e7d3e1ecdd442fe1d72d93302d439d639d7f871cf11d0938b46707258ee7c50d
SHA512 40eb64e3b926d93702bbf128ed0e97145cc6be1f961dc9dedab2580f5a5f10ca18d1da9d9d5f83dc1c8ba643edc74e041fc8330e1584a0e915aa01184d16cc12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ed0251f02dafa57_0

MD5 d84d8c4ea5bc7214855531b82c07346d
SHA1 869d9c727b1646b78a58486d6c784919bc4da43c
SHA256 2d5e5ffddbf0f38aae9d1d16bbdd5ec735604103e48ee0b09838464024f2dada
SHA512 7dcd248135e0119ba3fe13a01a559648d62b7618f6acbfe1ccd68f41e691b714ab9c9e12393db8fc75484cd54760ce212fde5c3f9016c880fa07e24376d4f1a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\329c1ffe293b25b7_0

MD5 3c0366ba3f5cfbb9a561001097a0462a
SHA1 e41567b5d802e58b489a1870ce162e7bc82e2ac7
SHA256 62a8c196cdfcb3f89965b49c2de327762b6e8ef133053dfbcc9417f70f975cfa
SHA512 f5fe2a6d804dd4787b9d24bccb26252d36f3462a8c81c282f3cb3fb4c50ebf2adc1cae882fa2e277bcb251c17bef5c78f40a5da4086f22974944c965ef81f625

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f0aace79611e0f28_0

MD5 74a8600fa757fd888860c75490ed5c17
SHA1 7e51c86505776d663f1c58da2b0df383fb41a6a0
SHA256 0305ccc1c111db53a61a10528722062744687153b34756c5244e619009536a1b
SHA512 d224f981a30f70b31e11c7945c03b490b269a47b5704b4ae44492889351ea26e447452bfa3cd6609e8b5b422a6390c5921053dda477a9898804334eb25d17dba

C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

MD5 c41ae4f1a42928aab67178c15d572862
SHA1 3e4fa8a956f36072c48bf8bf9c3060fa85c6740a
SHA256 f460accf629b241af545e7eb2897c8bd7c57043814821d66d9fa46fca2c15ca3
SHA512 cbfcc1681b29b0fab95c2f80a5aa86c3103639c7ad6739b201030e2e54511fc313a378764b2d411e9f963f62a5178f6e2d56212f84e7108b73f409beca11f303

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d240285abd40d1316789e7f0ccef2c05
SHA1 2af2d670f4da5e2e2be2882629cecae137161d69
SHA256 4fdede2a7c4f0422776dae2a5cfced70375bc872f09233367e6cf3e0a8767a49
SHA512 f6eab78ceea75d73c2d09a128fb84522b2286680cfd5e964f01a79838510c39e7023ceee235b54b01267cf8f30b89e7cc4e6ac25bf47c4efc2cb9b9d94f9b563

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 97e35ad92fbfa5c5872fb7f224c0dce9
SHA1 f5d73c5faee4fdaa633ad6af1c7dc07730de0aa9
SHA256 d9c7aba394d94d3cff636e57c82d14a0d4d4f6180583f4252f2654685ac2f61c
SHA512 e5d1d62841184f024c3067402bc2b56597209dc68e99da3df79515c2f691ad7cf78b96c832f78a84f782b30fc7a5ed7cf03af91f92751220ad8820e1d9695dd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ce595.TMP

MD5 41d5ff6a1c2657086f0aaafd463f833a
SHA1 fc42c0cc1946d2cabbc40803378da436a7271c05
SHA256 cc657681f6fbee5673ec240ad9d0b3315965650a703cef5c970b39acfed3caec
SHA512 a6ff08f7fa7741b75196d223a5e6c7cadf81b662ff602e50ceaaa063a051ab58c0fbbc208ea3c08a335cd96c25a135724ebd08b24913c61464de7d448cca93a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6829f80b7d8900b0553ea55fccc0ab1e
SHA1 d662e9a04e416604e272aa8d6ef7de2126cafc81
SHA256 191a5bd472b7c75c0fabaa51f38464714ee25f792418b3037deab11b8b89e5a0
SHA512 8220d3ccd1f323e6c3290a1356331c30f785903eef16f4cdf14bd0cf93c5d693318397ca60e2b9834a427437b5b9edf37a87133cbce74db26a66901516e835fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cabf37d774312cdb6a290b0d274ec67e
SHA1 1e1f0f847875225ee9dc3b4d5f4c71e757e3671f
SHA256 b702ccda4a09494e075308223d4518ee934e239a52d61c39ff41b079405aa795
SHA512 d89866528458e4c5a27b4f6bf4a74e80230d63d96ab09a978cef99c34a382bea6ed86b8c3f65a6a10e2ee98557d7333394c07e8fc2114016d93fe98297e72699

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9bb0eb671d4b98aa283e7be938b27fe3
SHA1 756cedd6b3f1d78c323ee1d0a428aa12caa85826
SHA256 c1657ab0ce98cac87d86e6c939414afacf76351023af57ea98a15b9083830491
SHA512 17cf639341b7bcd12626776eedade452aaebd175d74d10d4ac7c996db2c1425907f61a7ba144b7c382d3a6b4de0b7271019b6abb57b48cdfa062a68205f37231

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 784afda2a91c15eb900cfaeb016417dc
SHA1 90284e74861984482305f465e04ea13f82c90bb6
SHA256 da4b5a142fa272f1ff8bc2c5fb9703caf95ff5bb4ba8a06bf7e7495ce7bf88ff
SHA512 1ad2a381432a2aa56b9ffb2d47a57d6a91c26e822628603f8a0121c35a72036041c2d388c45769b0c1cc91f8de1b71b2808fc86d024547c0154688cffc7a7258

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1bab5cb34ebaee9f9db9bca402e84f2a
SHA1 568f5c6f7707a8bbad99857e5957f5ebd2d05557
SHA256 64650587eebda47362ca0c0f4041583b53746bf1df678f28cfef28a8bc5bdc8a
SHA512 69257144f907f73832ffe22604c27c624e8446be4256a10615db1dc2aea5b7103ebac1972b7551a54e1e858fda723d22be7a050c840b2b68732543e9aab96147

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 171649464dfd28b3f1a3c091e3cc9314
SHA1 acd4a513f143273d57714a37ed4dcaac02e0d344
SHA256 0bfe1f89d2f07a6f2f544f6933329326365651b7502bdb3bc92f632c5c280839
SHA512 2a616000e3c02462674422c5a23decb9860ea343a72006821b84af386a18e66cd0860a7ba24bedcf5dbb75ce77d8b0a87fdce5a94945b759728f7e01c90424b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bbf663da22e8bf1b7c6e6b4ef7336fa4
SHA1 2623bc358514d59f033d806ff5d0c1afbab8e454
SHA256 c8414dccabcc8d84a711ad3cda5d30995cf140ed7b7e60fbfac1851c7a3a0505
SHA512 83fe61c2f359f04d8ca525754493a7fc7df62b7bd959eb993bf8f305d6019565cecea9d61e0305c79ea63f45e86d029201182168a0d5a47ecdc84f2284893c9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1881cb348c10466e6d831a7d535f720f
SHA1 cc8f38b9687eeb8e1ec280534cd4fcbd5bf4ac99
SHA256 8d19978a4ae9d3d523d5d2bca16c2a4f5bdded547e6dcb5813f6ae75e6fe545f
SHA512 3bdafa284c54a9e9440d6c94416f95997b9b65e707eaee80f1b866296980ed17765da22da7a74d45e4aad578817b92e94b00ee562f70aa60c85e9c3d67009b6f