Analysis Overview
SHA256
cb78e3209d1b85e57260f6d12e45332623027ad6cce996b4a6048e8a5ce82c58
Threat Level: Known bad
The file Screenshot 2024-07-31 215500.png was found to be: Known bad.
Malicious Activity Summary
Wannacry family
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Drops startup file
Modifies file permissions
Reads user/profile data of web browsers
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
Sets desktop wallpaper using registry
Drops file in Windows directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Enumerates physical storage devices
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
NTFS ADS
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Modifies registry key
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Views/modifies file attributes
Uses Volume Shadow Copy service COM API
Suspicious behavior: AddClipboardFormatListener
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-17 02:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-17 02:23
Reported
2024-11-17 02:42
Platform
win11-20241023-en
Max time kernel
796s
Max time network
791s
Command Line
Signatures
Wannacry
Wannacry family
Deletes shadow copies
Downloads MZ/PE file
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD2E02.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD2E09.tmp | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\taskse.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\@[email protected] | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mhxddduoei124 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp\Crashpad\metadata | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\Crashpad\settings.dat | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_You-are-an-idiot.zip\Google Chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskdl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\taskse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\You-are-an-idiot\Google Chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133762843505887168" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\You-are-an-idiot.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-07-31 215500.png"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa419dcc40,0x7ffa419dcc4c,0x7ffa419dcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa419dcc40,0x7ffa419dcc4c,0x7ffa419dcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,18090275980823863826,10641319360865816558,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1836 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,18090275980823863826,10641319360865816558,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2140 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,18090275980823863826,10641319360865816558,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2192 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,18090275980823863826,10641319360865816558,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,18090275980823863826,10641319360865816558,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4516,i,18090275980823863826,10641319360865816558,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3592 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,18090275980823863826,10641319360865816558,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4792 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,18090275980823863826,10641319360865816558,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4904 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x21c,0x250,0x7ff6037e4698,0x7ff6037e46a4,0x7ff6037e46b0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5032,i,18090275980823863826,10641319360865816558,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5156,i,18090275980823863826,10641319360865816558,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4620 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1904 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {acca026b-477c-49dc-b255-752142433b44} 4196 "\\.\pipe\gecko-crash-server-pipe.4196" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {debc8c15-66c9-4d5e-9280-5b0a4da2b133} 4196 "\\.\pipe\gecko-crash-server-pipe.4196" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2784 -childID 1 -isForBrowser -prefsHandle 2776 -prefMapHandle 3156 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d99f1a0-fd01-42a1-a81e-749ba3276db2} 4196 "\\.\pipe\gecko-crash-server-pipe.4196" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3548 -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3208 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fe8772a-bae9-4aa0-b639-591ed72f069e} 4196 "\\.\pipe\gecko-crash-server-pipe.4196" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4276 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4316 -prefMapHandle 4312 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8e49c77-f305-498a-a815-a03dd27b0951} 4196 "\\.\pipe\gecko-crash-server-pipe.4196" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1692 -childID 3 -isForBrowser -prefsHandle 5644 -prefMapHandle 2920 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce478dca-d4d3-4ffd-9609-0910290ae274} 4196 "\\.\pipe\gecko-crash-server-pipe.4196" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5784 -childID 4 -isForBrowser -prefsHandle 5796 -prefMapHandle 5744 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8aeebb3-75ce-4320-b36c-553f0f96ea7d} 4196 "\\.\pipe\gecko-crash-server-pipe.4196" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5948 -childID 5 -isForBrowser -prefsHandle 5956 -prefMapHandle 5960 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ddf2181-f632-456b-92ab-cc0a56cebd51} 4196 "\\.\pipe\gecko-crash-server-pipe.4196" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6320 -childID 6 -isForBrowser -prefsHandle 6296 -prefMapHandle 6304 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40026931-139a-4fff-837c-a3ee8934d237} 4196 "\\.\pipe\gecko-crash-server-pipe.4196" tab
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa41b33cb8,0x7ffa41b33cc8,0x7ffa41b33cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6736 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4824 /prefetch:2
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_You-are-an-idiot.zip\Google Chrome.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_You-are-an-idiot.zip\Google Chrome.exe"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\f158b8dda1a141aca69adf4601a782c0 /t 1380 /p 2284
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\Downloads\You-are-an-idiot\Google Chrome.exe
"C:\Users\Admin\Downloads\You-are-an-idiot\Google Chrome.exe"
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\88499c9429e74bac9b81baa6b6a9b82e /t 904 /p 2944
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,4884039943488487116,7894511460671267438,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7128 /prefetch:8
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 14101731811281.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
C:\Users\Admin\Downloads\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "mhxddduoei124" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "mhxddduoei124" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| N/A | 127.0.0.1:50103 | tcp | |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| N/A | 127.0.0.1:50110 | tcp | |
| US | 151.101.67.19:443 | www-mozilla.fastly-edge.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | tcp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | tcp |
| GB | 74.125.175.169:443 | r4.sn-aigzrnsz.gvt1.com | udp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| GB | 95.101.143.219:443 | th.bing.com | tcp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| GB | 95.101.143.219:443 | th.bing.com | tcp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | tcp |
| IE | 20.190.159.23:443 | login.microsoftonline.com | tcp |
| GB | 95.101.143.219:443 | th.bing.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | tcp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| GB | 95.101.143.219:443 | th.bing.com | tcp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| GB | 95.101.143.201:443 | th.bing.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:53807 | tcp | |
| FR | 5.39.92.199:443 | tcp | |
| US | 128.31.0.39:9101 | tcp | |
| US | 66.111.2.20:9001 | tcp | |
| DE | 178.254.44.135:9001 | tcp | |
| DE | 131.188.40.189:443 | tcp | |
| US | 8.8.8.8:53 | 189.40.188.131.in-addr.arpa | udp |
| DE | 84.19.176.161:8443 | tcp | |
| US | 8.8.8.8:53 | 161.176.19.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 3940148bb31c739fe5a813002002bb78 |
| SHA1 | 8c934f084062d305772a6643a8610c3a4587f95b |
| SHA256 | b23186f7aebb73adbbc3edab05170def7edd8081ef6cbf4c802db559f5a8d538 |
| SHA512 | feb308a2c3f1263afeb806eb34e0dd986f735ed08bea4e2692ab73c3c8b52907d2947d6cefe259888dae95e86d3c7ae0dc3b38777b94cf73e326ec5b5df1a6be |
\??\pipe\crashpad_780_AQUDTVEKPRSHCQLU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | f55cf1be8b1a74c21512a9dad51fb7c2 |
| SHA1 | 5bb545e8dcd6b3b17a252c5dc5ec5e09298ba79d |
| SHA256 | 600ec1dc25d756a04fe8b37e07accf68fd045c8b28444a164cfe74f91fe506cb |
| SHA512 | f59976c470bccd3afa3da64f5e715ba8eb69803fe46684247931c3d1265a174accfbb60e569c7916cf71a4c444e78abcfbb79ce82c4b10ebd949b42bd98d96dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3bc5a2c6503ea5a74166e14f9591d7d4 |
| SHA1 | df168ac83c2768a99ad89118998624459d618db1 |
| SHA256 | c4e6320a228614e60be1a73ca4a9ffb7c23a78bc3ff83c9a0d37675d683a8254 |
| SHA512 | a47e2d6044f1efb98ea9fc2f569a6abe031eef4c83f34f1aeae17876e0eed9208d6f2af4277cde1f66917935e374c208d7a6c6f5e026904feb251916424876fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f8dc8c4eb3479e20773d9157d5cc6af |
| SHA1 | 9204a5b062e8876520a2de4fc5dbcb4ebafeed75 |
| SHA256 | a0c29f6f7d3438fb836ac7932cf00761a67619b45f40a313ee14f8233999aa6e |
| SHA512 | 274971be1d2c6af5b0a0da6355802817675c8ad66587bcf6bdf1138929830e0813c8fb74a1357728007b21bbf7eea768012dd6f4e258b739c1b142875326c1b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 26a3fe2f29b77c563ba4b7156dc73165 |
| SHA1 | 3058db2aa70675205dfe52a0225ee0e2469057da |
| SHA256 | 58a6c68f0d2e470b123a38abe16acfd6993feddf8a9b1f498d611aa319d12b76 |
| SHA512 | dbcacec4f5fc660912e172bc5031a9aed2b551353f083a887186d2e3088ff0b0ce1acad04252e10e3f60a40d1c9772e6c86b3ebc99d8a14dc822c0c7c01249d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 945a5cc10aadde94479bbf8a6a374ddb |
| SHA1 | 4ae4babdd77052bca027e6c1d96948e36c0950e6 |
| SHA256 | 79728524348339f23d8ec3f1d0c56d2cd15a243f6a42609ec49adb1a549e3355 |
| SHA512 | 377bced1bf2320fb651dddbed749c69a4b2af7544e64e073e191d95070f6dd076c4d783b75ff0136af65fd66e2847a4eb78618ebdddb8298dd9ef7251edeee14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9c51d7a8d47e9c2513c40d7387c76e0f |
| SHA1 | c0ab4c16bf4f1e10113e73d5c059bb84b7ec04fc |
| SHA256 | 909a983fec687946acfdaa774c60625baf4674b03f64d11a03ca52d1b03112bc |
| SHA512 | 1b8a4d05bb7339ad8ec20f07db6c0922cbc9bea3135d5e457e2224ef1a9ac563691cc1782ff2f43ebca66ec89bda09016ea951202ae8daa6e71a1c9a4b6977b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8fa1cd489ab5b56b6710ead72daa50fd |
| SHA1 | 3cec069d859378ecada08b3e841a3bff62e64f97 |
| SHA256 | cbe291d6856d8492c057a64f7e0fd11676f597d6beb0b12a7246e6a54d0a8f1b |
| SHA512 | 410f744cf96bcffaa7be1b24907ef6a3ba876df0c075b0ad94f06ae63c5d4e82e78740831378037570449c2903d6467a8b4cb7aec4ba4cc532b931446f3a9942 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ce7b93d7af8b2f49ccc44df99f554bfb |
| SHA1 | 759b00c9c9436bf7ef01e6fe265c68f396409e97 |
| SHA256 | 86e77f28c7876a9d5246f71ced06bd695be11df149e10efbd5d43a72c0e0cc2c |
| SHA512 | bbe75f42e9c25e2197326a58c1877e903480f3746a7ffcb4ce1073b4d24a97fe11ec310156dfac3e2c0c7f93ae155232eb68944c185093d04c9fd7823ba6747b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b40b7e7441204b7c932ac884087a7dad |
| SHA1 | 4bb035ba21c95c268ccb0d2e0da8f08e10b5f79d |
| SHA256 | 2a794711bcc4c6f46bec00393235afb619de04e899b615fdff81beae4ca36d98 |
| SHA512 | fcc8ae11c729de570781354bc384b2950b3aac0811345c5cf63cc253b3d0f56742a7f86a1f89b5e5985ab213e3a67e0534a45a10ce0dc772b65da3a418687cd6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 503766d5e5838b4fcadf8c3f72e43605 |
| SHA1 | 6c8b2fa17150d77929b7dc183d8363f12ff81f59 |
| SHA256 | c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9 |
| SHA512 | 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b5452f6cf8d58c8a8d1a3fa6ea359a63 |
| SHA1 | 346d1cdddceb4582845320619dcaa86050f99cbe |
| SHA256 | 9360f414d59c317c13f7c26565e71a324768a657eba23665449621de90cd76c5 |
| SHA512 | a890d542fc8e203374fed2658a812597a89e2d41fd013a9230586176025cde5ae5327c123710d3d7cd98015241bb5b9dbbb95a2e65d2bb8a17c931de979b31a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9d6d5d5613712138190630c8955fc58c |
| SHA1 | 74e030d8e84be12c9350383b55109066bbd40e45 |
| SHA256 | 404551036cfc5f9301c540e98c1ff72c4f39af9a957767825d5b471ce4817874 |
| SHA512 | e88469ac8342187a594ba4dcfcf9e5e2d89bb80bbab08af22bd6db37ad46038eb3dab9b6442e586188ce93762f6bf725d330082c16910f8cadf128ca2e160556 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0d8d6d63b5fb5d3640a4f79c75b95b6c |
| SHA1 | c328b38b1478d9ecaa7a5a9a9d75a5b7fbda5679 |
| SHA256 | 37f16d8e30e0b1c75a68b92d757270222b539bafe58a6ff7a9a21343ce4c4589 |
| SHA512 | 2172463497c26a668df29493ed57a10dcd3c207301c848dc56a4739989e1b3e13892e9265363b83d54b8e0527c302000914324f23a68cfe33a5ed2d07b551599 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f8df316084945b3ba15e710c16e9a6e7 |
| SHA1 | 67c157a846dc19aad6df382c0dddc6db74196aa4 |
| SHA256 | c44b1ae24a9a8b2e78b2b119002db36f764d6962e32c1f79dcf17cf35ad225c6 |
| SHA512 | 8ec42b36e596e285dc0b0d8f142122575ad3ba126b624735087c8f6fa0fe52e327231c65901051fc37240950c0a25b1940d293ae421c07650032f9a9200f6b88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 58c42865d869ebc894f82d660f090bc9 |
| SHA1 | 953bc380a136746a74740bfe2bb4b3bc2e308201 |
| SHA256 | c13c951a8ef2ebf50fd2b96fa0a4fb3b4a49f4df8186ba0941e019ae34c0962f |
| SHA512 | 4e9fb92c2cb72722c837d74dc26c8ee5523f080618ead839be196977da066d598a203a2b80b356836c84bc82461aa3420b029794a20e9b1d7401660bea387cdb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9d7f37e2fdf1114507108827cf516c48 |
| SHA1 | 7dfdde9eec668b2625e4cd6b54fa9f7141d79459 |
| SHA256 | f5c3e3fa03cb1393b0511272b1c402aeb58a34233b287fce5fe28cfa63e88900 |
| SHA512 | 400f8816a86d05868782a17fb5443edbcacb633b7af0318b9855bb66f7b3b696ed213c54f0032c2bfdd6de558a808d69ed2826f4a1df023e679dd887dc40de94 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | faad4a158b2cfd965038a65915e7e8ae |
| SHA1 | b03ad83fc4a531c79d09fddf882803e835d54e11 |
| SHA256 | 1c07665446eb5c0266c68c7ec2d0f279f520c2a84ea2860cc5da4735a0ab3a2b |
| SHA512 | 3e67e8f1dfe4630cc3915ec82ecb4b5bac88c04ff890e8928c0a0ade2e5f5564b9e27b80666f3649fff862ceb30afd96adf20ba90ffd1e743601060cec3b49ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 66a67f6d9b529881a574f449845c3a86 |
| SHA1 | 3a391f9807bf3f9f444ea73658a9245afe3b5309 |
| SHA256 | 60929839b3190ebd7b3286d7e947beb77d8d8aac0791dc593ee07e48d7064214 |
| SHA512 | dfb51bd0d979c35d5629caf92d5b77ab11c46c9ca2dc469bd10be33a1999b59031efa79197b997588bfc1d13546250116b89388d0d6c99fad36383115350fac4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\f6762e8c-e836-48db-84bf-7687f4a76cbc
| MD5 | 1662dbed658783e066b895fc6b1a9630 |
| SHA1 | 99425cf5fb65db241583e913e6e25ee72e0c506b |
| SHA256 | db8f648146109c166b697a97fe05351e3a49acf8c7bb48b1a88aff3ac8ae2653 |
| SHA512 | 5bfc5b82b270b4a2a0a71502ba1091e315335e34d27a524b2b54f61c7170eff72632bba3323497fb716b850aad36a988cc687ede58beeb3dcde7ad5f2e4d3ccb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\10551ba5-5fc1-4fd8-83a5-02882ee053c0
| MD5 | 631720641d4c0780959a63c23a7b2f43 |
| SHA1 | dda60ca03e05d6bbbd5afdc9772975b1b78249fa |
| SHA256 | 067f3b818568f2f066f8159e53c1e9fc4745fde61a13ccd7baa74420d50f0251 |
| SHA512 | a4a7590a631ca557a592b6011d25423a1a64a5935ee113011f6b5822ba9ce11b83179e328616afd018194ad4f8ee85de450eb31b4d6c7d41b1a959297c0cfdec |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | d35b9febf0ef57db9905a85b53760bd7 |
| SHA1 | 23fc07f8fa2473581e1e1f428ed6315fca49b766 |
| SHA256 | 2bb2a81a23490834cfc57edc1f7f16c17e44f76737bed84c3cb44ed6a31d9ae8 |
| SHA512 | 3c3e4ad2fd3f33b041eeeeddc24e706766ca70abd97ff05372ac8f3fce6d9d16b4afba71034af0fd105e8552952bddba8bc049c821352a16221a65a5787af35e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 7890b4d2f6c3278e96b85463548d748c |
| SHA1 | 29a01b9c9d6f4959fff6b301f08fc399ac316df5 |
| SHA256 | f890e0f1baa0e70a780a32df3e4c4473d9d9e02d5ac746aaf2243126a49ecd2e |
| SHA512 | 8992c5f6a2baab7fb2b5d3ef0c5170f5615f12fca0829579b3166df3d492451350340ab20143839ef28c10f485e82ad1acc799032cbfc9ab6c6c9e72940151c6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\activity-stream.discovery_stream.json
| MD5 | 18ad7913a1142c59859ead636fdaac9f |
| SHA1 | 992831da84e66aa4352af1ffeda931639b5bd5be |
| SHA256 | a912f6c10c47d19d25409e7d62c9e2fafaba729e8213b0a5d4da01e17035a67b |
| SHA512 | b4d487771bf39e4fee1ddb9d5e1bdd9191b5e74532d4783e0da5533681872dcf0d1fe227f297d4119dab0138f6787a9a4befe6eeddf9e151310081bc61fa44ca |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs-1.js
| MD5 | 64ca469a761b6cd7d3e2ebf51ca37972 |
| SHA1 | 39586f5688655a2a029fe7715e214dbdc9377861 |
| SHA256 | e4539002c67c5acf35dfa9ba335aa9ec16b71bfd63001ec16ccbcf86f2b74cd7 |
| SHA512 | d439cf2948e48a7c3a742bb151b61b88818120fc4a871fb74fc430e691b02336b96c2652429db62f77aa1ac1e8377424b562fc8518b42eddf5700f94dd15a53c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | a6c5813f739ace667307498129533bd0 |
| SHA1 | 4c3e29f36494cc888efc8b32c3e0ef67e79d06a6 |
| SHA256 | 58adbd980114b354da4b6df8d74ff99cc2b15d4574566c2a1abdcdff2b96e45c |
| SHA512 | 1aeb7ca444b9bba7ae74163ea408a82ba0c66680959329d29b8787ddc84bde5721254cf441eb6df88e9e61d21314421e28bcc927890f15b588d94b590b28643d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\AlternateServices.bin
| MD5 | de74008a04d6207125be940ee71499fe |
| SHA1 | 3850045f874a56de9c6dc3106b74a535503b4b1b |
| SHA256 | d7c22b19478edbd994868b5627524e4ffe30642dea202a36f5b8775a285e53e2 |
| SHA512 | c14d9c7785d85c0922dd586a4a388c9486cac9f93387633e5190a4bedbe97db93a0c014a0f5a0ab0dc376eb94815e296f5824a885369f6699631777ccd018266 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\AlternateServices.bin
| MD5 | 93865bbe40808773bff09dddadadfef4 |
| SHA1 | a0e054cc6fb54016efac883c9e215881afd9a7a3 |
| SHA256 | 1f96197b8c28accd1dbcb71fd0a9eec62e58f576bf35c72252aaa1b12a622c7d |
| SHA512 | f96e2d1faeb1fd89c8dc75c28fe6c8efa3f92033ec9dacc5941abdc9a2e05e26ca6cbf3929e63137b389f8128aa65f0e360ad05658efb24768e61b0860e8d555 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\sessionstore-backups\recovery.baklz4
| MD5 | f92e96e38eafed901cb4e4475962e821 |
| SHA1 | 50f04cf609a1b246c257b42d93c957209da2030a |
| SHA256 | 4aa149e9cad7d883d2d2ae63bbae2fa5c00302b7b21a87c1be50db33e4b77620 |
| SHA512 | 08307160253661d61f7146ee41041fdd967e09932a34b4b7dcd9206bd5b68a1285480dfd91a2691397a0aae292686e2e9c7e22272f4b4812de8b1ce0233d90ab |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs-1.js
| MD5 | e34636f87defbeca5f393e2b9662a31e |
| SHA1 | 3cfb1e4375d5de2a1ab79a18219e713e2dbf189f |
| SHA256 | aad21b0fe9b8efa16c2bace45e515869b516ad7da9e819394963f179fb0f2d0d |
| SHA512 | b0d859006967973bf8d89cf2733b32068b56f09edd95e7a1677697416dd17206464d8c175ce11ddcbd47643f7972d376b00ef4f59a96f87952ce69fc061cf795 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\sessionCheckpoints.json
| MD5 | 2ad4fe43dc84c6adbdfd90aaba12703f |
| SHA1 | 28a6c7eff625a2da72b932aa00a63c31234f0e7f |
| SHA256 | ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933 |
| SHA512 | 2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 6d11c1d37db7b82099283cec1981f0f1 |
| SHA1 | fa3b849c682cfd2b581b3dd24fe4ca1738f3edfc |
| SHA256 | f948e131255f9a3c232e3a199a2892b1af9e08d0db496dc2925785453919874a |
| SHA512 | 55b4aac0eb136d14eb27c8029bfc47f2b1b57ebb9780774ba41e533deed107e3d92e111713b88b7deabf4384e081e3226751e86086ed3e4e73b72609ba5e5019 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7bed1eca5620a49f52232fd55246d09a |
| SHA1 | e429d9d401099a1917a6fb31ab2cf65fcee22030 |
| SHA256 | 49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e |
| SHA512 | afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5431d6602455a6db6e087223dd47f600 |
| SHA1 | 27255756dfecd4e0afe4f1185e7708a3d07dea6e |
| SHA256 | 7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763 |
| SHA512 | 868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2643f07c7cc507a4101be5920be9677a |
| SHA1 | f8bd7d0d1b39709991ba5a0e5d4658d95bdb1628 |
| SHA256 | 1a6fc80e59e46ee8d6dd05e3c4f0729c3f0c459fd77d053439f3c560d6f194e6 |
| SHA512 | 59fdb0c631f29be6ee633c2ee88b99cd8241f6ef573faea3e57db09990e4b0c6fcd8580aa5cdb2f626bc4e3b60fd93a4e7ca741c6845dfaf866ff4f681ced39e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e35104080d39eeb564b6997c565d0be3 |
| SHA1 | 1dc5dba48e430684924a5916da2d88e08fc3a468 |
| SHA256 | 941b5042ed31ea6fdb1da555a2d97f3c5d76fa04aa31305096c0e26ab3f25fd2 |
| SHA512 | aadeab1ca191c52d1f07da255a66854c991c157a581ceb20dd4c9d98182881c747cf9801db788e612dc1e766a4f69fed8b51df7f808e023c1ab6a609444c385f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c4bfa2caef9ab6770f75dbf390e7142e |
| SHA1 | 17e56e1d53d1b6e858ec0a29555bbb20fe3c1b90 |
| SHA256 | d91cb29eebeeab774adcb275062b6e5ff2bd9880f6112c26046baeaba1e6fb87 |
| SHA512 | ab524769e0c0e9afea5f6fab58c2c2188bab716c39b900e932c49a5250c00daccc756ea9fb646315ff6f50ea68be184f0cf7fc634dd0abd432b6c3bdfd56e83d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | c813a1b87f1651d642cdcad5fca7a7d8 |
| SHA1 | 0e6628997674a7dfbeb321b59a6e829d0c2f4478 |
| SHA256 | df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3 |
| SHA512 | af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 226541550a51911c375216f718493f65 |
| SHA1 | f6e608468401f9384cabdef45ca19e2afacc84bd |
| SHA256 | caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5 |
| SHA512 | 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | b275fa8d2d2d768231289d114f48e35f |
| SHA1 | bb96003ff86bd9dedbd2976b1916d87ac6402073 |
| SHA256 | 1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1 |
| SHA512 | d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cc261a68d29fe4f7b4e5f979d9927a8c |
| SHA1 | 80933c97c0fcc3d01af311091ed4b99a84d75554 |
| SHA256 | 2c4ca639553677f16697fe82ceb6227a09c1130f0b8ca8e92495140659f43e97 |
| SHA512 | 7b3b5ae7eb6ec8a676c8cde3074f413ac02e6cb4f1426551142f122b76faba366adbe637b2bbb52abdf9d2cf3f8180c9f15b32cc6ba606215820c349e709ee28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a0938d03f0ea77c5fec637319ab928f9 |
| SHA1 | 0610d5bf6e8777ac2374b9c3e57e5b8e7ea605f0 |
| SHA256 | 9a1e7d4022ecfba07ac01df441d5667f4206d72a2200c2cf79188d8987dcf5f1 |
| SHA512 | 071a5daa5b0c3c948e55aca4b64aa45de75c5dd256d223ef4ff5f8c0d87b6d3378cf646460aa5772cf8b61bf40e2cadbfb2465d8837988a06cd9ca6dcfc8bdc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d97be.TMP
| MD5 | 84d7e8d0f02cb99e60a8e330eaaee958 |
| SHA1 | 572dca0adee8fa41463e1dfde91b323e437f08dd |
| SHA256 | b69b68378e71eaca5df0001ff15d3d3fd0352c0f0050bdefc1bfc62800058204 |
| SHA512 | a09fc09327e472f06e5df5c2413a141ddaf9f454e08a10c7a07fa4196b308d8e719f6bfc89f6060d2e88618b9c5f0c8175efd61f0f44036019d98de3f63656e4 |
C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar
| MD5 | 352c9d71fa5ab9e8771ce9e1937d88e9 |
| SHA1 | 7ef6ee09896dd5867cff056c58b889bb33706913 |
| SHA256 | 3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61 |
| SHA512 | 6c133aa0c0834bf3dbb3a4fb7ff163e3b17ae2500782d6bba72812b4e703fb3a4f939a799eeb17436ea24f225386479d3aa3b81fdf35975c4f104914f895ff23 |
C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar:Zone.Identifier
| MD5 | 2279270520687fd8a35f9581dd121b2f |
| SHA1 | 8b4dc3d25a0a47680f6cdf8746a76b69218aeaad |
| SHA256 | 205801e59fd81578f1b49065e884a2cae4322daa6bbd4a1d2b6b3583c934030d |
| SHA512 | 80ff9320da4770791d9e65405f20954d2cf73b81b8a0371f1b748551e7f6a17f2ea598bfa441e7ef62ffba1099eaee18aa66e56c8962b1d049b60fb92e6f760e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1246fc77-24e8-48d5-91c5-3deae5294654.tmp
| MD5 | a11b5c9aa696a0f28ec55ca10e4341bf |
| SHA1 | d3fae2c4bb22b43092a48b041e7069152d66057c |
| SHA256 | fd59a771d9a20042483f4e68888c7a16fd69c1875476693153863093a1ef74fc |
| SHA512 | 28994f093d95859e7a87217d84c3d316e6b804e83a1fe233ea4fbd2fdfe9bf3e4ea4e99b38b7ae365f24dd42cb35824ad7d7fd7a96d7d8bbd760f712c9ad93a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9616535db16781fb2dae9ffd1c174908 |
| SHA1 | 644d1e8a48d8014bb31d92bf94b5b40c7ac37b64 |
| SHA256 | 2ec5683b4433e7504e6a6d664fcb23edd1f642e8563c56e11c9bd4d96303184b |
| SHA512 | 4c7305855fd045385bcc036c00b91cdc9940b13f0347b0e454c9db4572b3ef38845165968585545b0c17c76113f927d162e231aa6bd9db0e1f06434d883ccd86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e597b0cdf29b90ecbf8a740bf4464f90 |
| SHA1 | 124b012ab0fb8f91248d67acd5ae7246f9fa66cf |
| SHA256 | 63eee44324452fe1d1560f9408c91b538fe432de3846f1c12685032f9bdbbb35 |
| SHA512 | f33fa518de52459d8bf90e55b9ab98795871c32940b1f431fbb744c0a29c663428bf3e37848d07172a52ddf2f7a3e24f39dc17cf899c82a34acf8c94837874b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c7017dcd5c79ccfe073ca2a78c4eb67e |
| SHA1 | 33d521c66e2807ee85fb61c1c48382235922a802 |
| SHA256 | cdc2405bac089a9e75eca406644c8e88ea3482b631f57b5cb3172923431aa324 |
| SHA512 | 908fbc098157f45900464829ce712d7cc5f729fb116bacc3b618e8437d4c48688a544f9d8eda6ae845e80b6d3d4a0de43b3e2b33bc9c1710656a57720ecb6068 |
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip:Zone.Identifier
| MD5 | 6c5a0824951a5f5f9f5f7819e21ec043 |
| SHA1 | ffc805bcff198ba5cefb88b11ea9a19c2b8c76b4 |
| SHA256 | 6bd936da16d4102caa501fc457eeef72d6f5c20dda7d55466b37f782b16b8a9c |
| SHA512 | af0dc37036b9796c921aac06bc2155eda142a32e7fdb9193c15599b8fcd858c79aa1d9b455306325bf3334667d61bb89d67935e1febc8840702214296ca6eb09 |
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip
| MD5 | 8ce8fc61248ec439225bdd3a71ad4be9 |
| SHA1 | 881d4c3f400b74fdde172df440a2eddb22eb90f6 |
| SHA256 | 15ef265d305f4a1eac11fc0e65515b94b115cf6cbb498597125fa3a8a1af44f5 |
| SHA512 | fe66db34bde67304091281872510354c8381f2d1cf053b91dcd2ff16839e6e58969b2c4cb8f70544f5ddef2e7898af18aaaacb074fb2d51883687034ec18cdd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bd26031bc52d6f1c8008f5c16edec517 |
| SHA1 | 0de71b7c1ae497b3e48d8beba1b9837182560e7a |
| SHA256 | ab22fea45db60896ee1f543eb28ffceb92e23e4a7c10d54d4206e41cecebf318 |
| SHA512 | 00f75b20dfc1700dddfdf345d318ad2ae59dd881210db3d090e1499b61da57aa4d2c88855df7efe6d05589bd07d7aed6111ce9f4998d8ec7fedd24ff773d86d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4128b5ce1e9c02d24760591fbb31415a |
| SHA1 | d43f58ee4cb1320cf45c808c396831d3df39e935 |
| SHA256 | 1dfe5c12fd6386891646da54b1d3289cd23c858ead5eed602b722da973bcd433 |
| SHA512 | b08d3a6a0ed011af45e73df1d92d76a17adb91df2a4813e13d0a96c8d86b7c9ca4b2643333f8722617ae7deb95610706f375304b7a4977b903df7d7751d70480 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 109a0a8fff6900e91de1d80b6fd67cec |
| SHA1 | e606dc5fa912caaf78bb598265e92918c3b79962 |
| SHA256 | 743927d0363657ada8688f261e0ba872daf8a852813c6da81e344a1f406a60d6 |
| SHA512 | 841a50830ab78890147c50e380346f8d34a10c31b94569c0d880a632687fe682978b8802652d006d6713494f818fda86382c4f87bf5409724b61b4ef1f9a539d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | eaa37c3b0cd439b749ffa259b4e0c6f5 |
| SHA1 | 3611edb3eb872bdb39080fa0c7f9e5dce0273682 |
| SHA256 | a7d266886ce1992ed240b5ee77d994574e2fe4fb035549fc1c24cc0be74b611c |
| SHA512 | 9ef166fd7543c583b9201c28344548c75386e164cf4124879d9891df9a430ee21b52222524cb6554fd6ad8433bd7adb33a340cfdab6ebee61646009a8e0db35b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d59dc9c9452f453549e1f885c609a47b |
| SHA1 | 6272f0e9eb1f8d8c1e4d29f5457356239c171caf |
| SHA256 | dd3ee318a2d1861ddd55ea950ad21e57213639abd339b0f67ff13634d7d3e52f |
| SHA512 | 3636233caf3f26783b560f503780330d8fe0e50df1d97f8a9a26cb61fb4dc1c5cab5445197bf1cedcf61c3ecf568059d083a800cf83c7fae37d3e530d9ee0eac |
memory/1732-1478-0x00007FF7E6540000-0x00007FF7E6638000-memory.dmp
memory/1732-1479-0x00007FFA2F530000-0x00007FFA2F564000-memory.dmp
memory/1732-1480-0x00007FFA2CC10000-0x00007FFA2CEC6000-memory.dmp
memory/1732-1481-0x00007FFA2B950000-0x00007FFA2CA00000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 217ffa2d8f1729d9ae164afa9fd66ed9 |
| SHA1 | c8dae2bef6534fd09d18f3f42ba98c0ac715de39 |
| SHA256 | f1843cf7a543bfd8f5e1f91fa10f0d54b39ad4058fcf36e18eb4e47536b60be5 |
| SHA512 | 4aaf68fc336b8b461280a0c07447ee90b81a5492f311587884bfd29a36740e4f0a43fb59e5678e6a1fa6c356230549d74dbba982d36da78a075f41b3fc3e1d1f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | ad27954cfeb022de853566e74b235b03 |
| SHA1 | c48483ca741b66cf699cce45ebcfc423c17f84a6 |
| SHA256 | fdb04778fb07aeef8bce367ac63d477bb040e1169ea04b2d762e66503214f1d2 |
| SHA512 | 029aeafa0c62d1d9800d60ba72aabbc5f09df69c0b654738930adc079f27aff0c85374fd9ae614d3caadb78cc34c2729fa221e85b551eac95e3feeb5bfc31eec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 740878bb19aba335631a3e057d30fe48 |
| SHA1 | 065b3efe221922c63944a3c61e11e1c3e3f490f0 |
| SHA256 | 8adae073ecea4c72afe30438b04bc9dc120d1082bf55e2303b990624292ff8ce |
| SHA512 | 1cac94d64116e02d4b2de49074a2f5036cf8b7b963ffec5a931568e0dbfa69c30252bc6cc0b5ac7d28a24cbabb3c6cf48e47f62382ef513609582e090df9c47f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7b8c6eea1c16df920d2d3042a5286a3a |
| SHA1 | 882009d22dabd4e2bb1c27be3d812bf4610867b6 |
| SHA256 | a69ddb0ca29ffc1b2a53f113a043e355e81f838cbf8ee283eca12f85dcd6c2f5 |
| SHA512 | 98ae304f06bdc5cf78ac5987d69070418cf6536e02c718cbdbeb341a692c5be1980b7b65773fe24c20b2b20ea8772ab21e6d1428580db3161bc22dee9a04d146 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 0d89f546ebdd5c3eaa275ff1f898174a |
| SHA1 | 339ab928a1a5699b3b0c74087baa3ea08ecd59f5 |
| SHA256 | 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e |
| SHA512 | 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | e938739b12a56769d93009345d4044ab |
| SHA1 | 5c566c0dbdb6aa805538b3f7d80c693072e0289f |
| SHA256 | 0d5a83909375a9139c60d36dfe1f580344321ce7c38e7ac9463b17396b44d5d8 |
| SHA512 | 0f133f2e6a918909f00bd1220f5afd05a26177aa17cbe29da35ca60f92f5bcc780f8f396e2123908f33e57c8301bfeb219423869b5f687acbe60d5b022c3fc6a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 22e6df469fe96cd9f76cbeb54b33f9f7 |
| SHA1 | 6baf26bbd4793322c26a487cbdbf6aa8ab20f376 |
| SHA256 | 2d9112c1b9163ad2b7aedee41b941825d447c231e2957e64830f780794bd10c5 |
| SHA512 | c5e2881f9ae5f9e825d76d491dcb578fe9b6e973d5db8fdf9daf4cf7fae88c8e119e475277773c3d475adabad896eeecd483bd7696ceffb08c44903811cd7bc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0b81a33e601c3fde25d202b1019c090b |
| SHA1 | bf8a3986a7daec8f4aba7ece93c8b73939ee029f |
| SHA256 | b9b655b39778ef62c347063e961ddfd29307142f0175b5df0dda4fbeb4be4155 |
| SHA512 | ef853b9e71559fc1ed24d9712d2f8fc833e0c2e1d43f9e3ed0d1ec320382360aaadef29b08d62e9c7320cdae6d0c69a3f30a21476f430f3e25090fbb1f52e12e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e3e1dd6562c1f5b6f084d88e6689eb3 |
| SHA1 | da6e8d25158715e78d1c6c714c0a1fb9addafef0 |
| SHA256 | 7f83de3bc41addac445742b0f59154e1f2b759dcdeb1c69c2b429b4dd81fc252 |
| SHA512 | bc348255714ffdb75883dc86c75a85eb1dd6835fc55df137dcf5166520aca5fa7f05c3c0b32ba43cc3223963c14d2bcdacbd8371810ec69d700e52d29129b778 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cde5e47b6e38b513addd5f20213c5c30 |
| SHA1 | 2e9d2bb20b57fe7c4701eb474b66e37b16b3a0ef |
| SHA256 | 4ae95386ff6208bcdbfd48269c63e0ef9c9d4367d683822e2e21ca93388ca522 |
| SHA512 | 12ddeb9bddac497827a7f292fbd910858c46b3dcf6b36452f5d12d1fed4abdd24ff4b44f6599bd2dfd22486760062b5b5482021460925bf357bc2de36c8e2ffa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 757852b1b4e433584ce8725c682889f8 |
| SHA1 | e0e208f2e0863bbe05ad51cc604655a5ea928eec |
| SHA256 | 6c2527a6a8e8090176adeaa83917c1d1d6c0522a9bb8c57cde4bcbf7e1760cc1 |
| SHA512 | 0bcfdb5f194da1717912c428fb4f1e16a730fa58254c6c655f8578f2c6a06f3842f3ae2d27203ec5121445aea2e23b5420cd92da4410a408a653029d8be98dc1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e6cc36b5a5efe273f9a300f65285c02f |
| SHA1 | 3037c29b39d17be679dafd31abd5e7cee39d6df9 |
| SHA256 | 39bee2a2bd23fda5d8a066452d23f0c97eba20c921bffa137bc570442fc6f17c |
| SHA512 | 806cd03aa4bc834a4217ff9f1b111d77a09d347b9b5ab56e646fb9ff624f7230a8e5fe8abd1166f562d6171349f4347e1942453dec5a127d4873138502512b4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 15e41ee0fe70595488b2af650d0c6645 |
| SHA1 | 14d49df977242a5acb60a9d89367afb219af0e69 |
| SHA256 | 3376102f2e015c603c8bd0c4e3047223dac3664519c4c7a921e6ee8fac14445f |
| SHA512 | 79080193f1274f1f076a026b6f60375fb9fb3f625e07142ce94f609f57c38537e1d342a30b22e68bc356951eb686734434b8d70b5ac8d602ca1f24eb79e068fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 41f70b3c565a66182d82db53dca36352 |
| SHA1 | f61b19c3791862e68377547fd37f3eb88c6c89a5 |
| SHA256 | 0e5daffa1f5ea6fcd962e1299859ab97872b2d312047eafca8eef7a31aa9e9c8 |
| SHA512 | 07b77c693a8030842e6609e42cb2c5054a6bd4be081ec4ad8e042518c506080c1332aa1041696dcbc06a597ea2c804629c8f4e1f5e431643719b9f95e653ad99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fdc1ca5025934d4ed0283d758ea9628e |
| SHA1 | dc39475aa01866e2e041af6f6b374bd20a2f6198 |
| SHA256 | fb68cff562e11a3853fbb9718070f36799e78875ba0273b3da5f95d5b2f8203d |
| SHA512 | 340de70b24b7a58b90e42e24ef08584ea1c044a5af9cac1ca4581d96685026016c11cde466f04ee4420d6d2710fcd985ac98dde6c9a577b0918e8e2e50876e48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 56c7e2267b85aa5b088a5addd9e122a2 |
| SHA1 | 20ea7a177691818ad41a855697415e9da8278f4e |
| SHA256 | e2b81823ab7a1b9573703efba9d94cb44b753e8b92961ab35a4abccfdad66c89 |
| SHA512 | 6df1bd693ffa38bc97a2a8c6d391fec0d1385b6990101d1fffa229c835fda72c664d8ee02cbf2e026fa9ba8a022e8b1a3a063cf17701a6ab1ec9c55075639002 |
C:\Users\Admin\Downloads\You-are-an-idiot.zip
| MD5 | 4acd75f2bfeb99226a8c9cc721284208 |
| SHA1 | 4c5fc527d8825952a6f45d4fcbab3bdb074e9713 |
| SHA256 | 47dca4e070081df4b70053c858a851dbd720845d4ac579eb5e7334a44ffa16c7 |
| SHA512 | ba18b878ad12916ae75dd1f5fbee09bbdfef4776d243fa4e9d7b34a113978b529a242c66e868c52cbb0cab4198d0b356e83dc36355f9452e03e7fbd4e0f9f6e0 |
C:\Users\Admin\Downloads\You-are-an-idiot.zip:Zone.Identifier
| MD5 | 4ab21321a0bbc3973ffc0cb8f47cd79a |
| SHA1 | 113af11b7f95a26aba4b52258cf6806dca9319f1 |
| SHA256 | a4becee149002759e5c3695cd5579ebb92c37c0d03cd8f5dcf1528c96c33f512 |
| SHA512 | 5527fa79d34c26bb93c9bd617641c25542d57a55c904ff0becc3895064cf6fafa34787c2fba674a9b9e58d554971bb050db583bc1cc2f31a706f4541812ca0e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f94e15581167179dea1620085d2c4f8e |
| SHA1 | d5730aa3b0e4c873a8c69ae3c0f40141a7c0c03b |
| SHA256 | 50ae5b9031afc13a5d2f73f27eff9527040ecab18c613691d6486623c564be9b |
| SHA512 | 43e66f146e28a1724fc259d8279313049101d9e5ab3bf4043be02a2a574295e4c3d31f0da575a41f5946afca80c58af9d0312bb2f80b6451149e9d118047d175 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1bda6437a51e6aa79175ed86525c207d |
| SHA1 | 961f5d366e1aaaa8b287a82bdd3c467ce1d8abed |
| SHA256 | 0ae58dc6c271df748d045fe0ebb8c5279713569316c2712ff3fbdef793e87a6f |
| SHA512 | 01889cd6fa4f4cad7b96f8d154391c97e3047aa4513f853189e057b9cca6f63cf8da4aaad67aec527c1313065a561ed36ffef544f053079b53fdb88d9e4e7c34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1c8e9fd46b8ef680243f96d360bf4946 |
| SHA1 | 65bc107cdfe1449c6e233d79bc9c4fe463a85b50 |
| SHA256 | 717853cb558baa222a9cfa54cede3cacd4ad2ce76c82fb154569ab6e132469e7 |
| SHA512 | 8bb6785a6ffa81365a0329c3004f5c8aedcbcc7e536d5f77591daa9deea2d3c1f31c367d772463332f4c609835f4cff87add028d5cd51e664b41b43c3e353408 |
memory/2284-2040-0x0000000000730000-0x000000000073C000-memory.dmp
memory/2284-2041-0x0000000005850000-0x0000000005DF6000-memory.dmp
memory/2284-2042-0x00000000051E0000-0x0000000005272000-memory.dmp
memory/2284-2043-0x0000000005280000-0x000000000528A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5d2568c88519fa8def2e672a2aa0aba3 |
| SHA1 | 8bba58b91ebec0ae19617c3c60d2fd050ff37fc9 |
| SHA256 | 48393379f16daaea998070bccdab4fd0fa1b07f5ebd9226eb756dd6961924dab |
| SHA512 | 123c63cea426084927221c4e5d186e2817d7d58d76fc110b34cec22e21bbb156150880b61e1e04e991b26885b9011ee9c6e348ffe24d4128e4b0ea71cf9270f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8ca9676ed240bd7a29601e58aed3ab61 |
| SHA1 | 9a710b3660c379769fb40213bd78464d4ebddbb3 |
| SHA256 | ff2ca5ee3c77466e2565155fef1292958171cf765a3de99fab5a6d87705dfe98 |
| SHA512 | bb10a66fc6a26f770d555a9706a6f4c882e47fcae9b745f3b8346d698479a6b4a2e7f6908c7cc57a9372a187d42089d3af02ff677401080e154f5cf683029607 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9e9bfaef209979bc247658489d30f605 |
| SHA1 | 23552608025f47ee33c76d55d1b46e892a655fb6 |
| SHA256 | f717a83b43d8af493ec883946d7917ddd2b83fb174f7483a7b2223ecac476b71 |
| SHA512 | 28f636550d6a70e84d18d03a6c13d988916843d5558222f97c1e7b253c0a2da2cfe913e7ffbee591fbd6a0d7e4d9bea7181f9eac60c9829ede552da14b314b9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 296d228b43ef16c183c13367e3a66ba1 |
| SHA1 | 5819b0dd66e92ff494ee9a5871fb290ca4622a06 |
| SHA256 | f099d7c25f4275ac1556f1368e7278953a0876fd66f97313dcc4c44ae0fd2be5 |
| SHA512 | 99b9366fd39b6bde830e3820b14321ee511720c1c74fe95f798e28a7fbc5420e5718580b5a1466be758ba0d3d63959b186c410dfb1e5b46233f9f5b802530fbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | b701fd5ce841ce90ff569c641bf0cbfd |
| SHA1 | 923ef9dff528ad65b6f135828aa39340be591a9c |
| SHA256 | 26ac894bd46903e9b8d08bf85cf4c7795e88f7c9dd85717b7560e16acc007fe3 |
| SHA512 | 67d8cbd5ca9334aa5c784bb73b2057d28e2a3687341cd62358b5c5211ba833e10909dada2069b49b0ef328c1a40d8e02b58d27385e3d944eacde240a4bcf2fde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | ef29bfb1387b586ae8255ea38b4dfac1 |
| SHA1 | 9bf4210a476cc3e71cd86807d3bf43cf7fd552b9 |
| SHA256 | 725ee295a00aee811955b7c9648e3f4cd0076d546c304e9d74ef78f61401b120 |
| SHA512 | 198d95651bdb8161dba4eee700e392e37d80a5c34e6264e3bc141ca216597698c584e6461c0ac40c02c9359136bdea98e5d35dd846b2961724019048873a55d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 551ec1ab5799476429ed57184a6e0502 |
| SHA1 | 7bcf188080787adcbcf62dcdad2ffa9ad38e1301 |
| SHA256 | a26c3b6f6f77a35a297032c0ab11fa2be0a3e3d0091d7d2cf275fd40c84a43c1 |
| SHA512 | c9f59fa7160d68e2eb1cc8453a770423af23c2ea93a779aca1180111705096760aee976db84155973402731b113e7e4266772d32d1efd3fdd674d2ea0e5bf058 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 2e23d6e099f830cf0b14356b3c3443ce |
| SHA1 | 027db4ff48118566db039d6b5f574a8ac73002bc |
| SHA256 | 7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885 |
| SHA512 | 165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | aa9d4b0371cd9ae330d7b131493f54c5 |
| SHA1 | e83c2b6b6f023a6e00d18f0c9ed6b8ae9bab1459 |
| SHA256 | 1ffe9b8b344a25a19f33e5900aadb00e53b8bf1a22210ab66c7b50bbcbea45a1 |
| SHA512 | 337e27650c4b534683c8589dc4787eb9bcfecae020bcb1a507a1530b1fd7562ba8d185157e8af23b06e80cc70136f51bbc0fc0ac63e581e34e410c6d08d398e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | cfff8fc00d16fc868cf319409948c243 |
| SHA1 | b7e2e2a6656c77a19d9819a7d782a981d9e16d44 |
| SHA256 | 51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a |
| SHA512 | 9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 9a861a6a772b86aaa2cc92e55adf3912 |
| SHA1 | 85156e7eaf0d3bff66bd6119093610e8d9e8e5d2 |
| SHA256 | 6e7cc83f3b23d5f48bafdd934321de60485eb8d9ced04c6299e07dc6bcbc0d1b |
| SHA512 | b0a051e2e703227a55674fe235a97643ab1478af2384a5a974605cdd0e4ed79916d65e2adf61d19f59779da920699e74ac72cce05ec078f22f9b6678c5022a26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 76d82c7d8c864c474936304e74ce3f4c |
| SHA1 | 8447bf273d15b973b48937326a90c60baa2903bf |
| SHA256 | 3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8 |
| SHA512 | a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 1806db26c5d614e263c1cefdbb1211b1 |
| SHA1 | 412443dfdf346d3dc2d68e30cf717b402443f939 |
| SHA256 | 5c191b166a2ad5f70572dea7fd656306623e3274a544d8e084a3c5f28b9acfa2 |
| SHA512 | 43ffd45fafc2063328297193a992dea6e8d389943b3d39fb393e74d8bc64ffd50017be0978cc9b1c1e1242b88486e36d5b33840008e2482098c79814de4ab2fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 2d0c1a94e743a96a4b3781ae54be0409 |
| SHA1 | 278cabe3149e076466de567c608e6e9ebe59b906 |
| SHA256 | 6d24279a8a0cf68a54d6b7ca5ab6ce0eef64d3a74958002d01e32920675b9f26 |
| SHA512 | 10211443e4278afa413e4e05d3c035d3b66a2659a0826dafe1c5a4d14189c0504c33f40ddcbc5e71df6710c164ca0ebdf6b691a15de42379ec021f516d68056d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | d34875fe1c47517f4081a1e2c5bc91f9 |
| SHA1 | 204fed3cda5eea26388e139dd1600682e7665cf6 |
| SHA256 | aff6fc26fb0c69a279bdf9b32b4d2560cd47039470cca8248534daf8d0876186 |
| SHA512 | aa164260951708910e1cc3d83c17f2d176427dcbe53e1e13cb539d65317a1750bd1e482850049e9c126aa5e70fbdd72db13d50367b90c8b8b37f01a264ecb148 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 37573ba0592fdbf40d4d9ed3b5fff664 |
| SHA1 | f16fcd431a0183c37a39824f2bef24ee4c0dd886 |
| SHA256 | cf11c85cd2e2ca3ff70c19dcc2b8ffea68ef263577ca3d3206741afcc88ec7bd |
| SHA512 | 340ba9f194bc8ab2c87152716603676bf3c4c36f6a508ee83c8d6dbfc70b22c8b9e5fe4882c0418cffd3f7c4b383eeaf5d11eaf42c5d11f88dc452c48d6c4afe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 1e53408e78feddaa3dea2f0014d5dead |
| SHA1 | 3dbd20f4511465b8b18e4681ea24f9e0140307cf |
| SHA256 | deb39cbf92259253ae2c5627f31489104612379e8d781a7b2bce775682c2d833 |
| SHA512 | 601a7dd43d4e43ad479b4241d02652c5523b2bd900118bb2cfd579bfa451e96a6328723c61146ebc113e79c03bf718464504d43502836250fd6b3752e13d6467 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a02974c9a2b8ecdcfb58600fde4fbafa |
| SHA1 | 9fc9d2fbabbda37117c4de224e59cc88ca484812 |
| SHA256 | a178c0ab6d894829ea4b4f1cb0b86d138f32325b454779f31094cd66b0a0f2bd |
| SHA512 | d7a91d389d554c59154d7d66568914aa109dcb44dbd994943b8dc1486cba44318267cade0c392e85fe958c4533141f9e5ddc2bf60bf35e7c92c01e747bfa76f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ebe61b8d468fe7cd54d256e634ca1f1f |
| SHA1 | 9eb6c5b5351554ed0ab358cdc3f84cf82a87cb55 |
| SHA256 | 354e86818aea65d66461c678ce0bb782bdb8843f1b123a8bf1305119148e888d |
| SHA512 | e1b73215c290723bd08861324aa7b0efaa21d31d059275fcf9c2768bc30f38b6cc84787b13eb65a58c6b11720dd1cfcf14807ccbeaa370a90534c3bfb81ef398 |
C:\Users\Admin\Downloads\WannaCry.EXE
| MD5 | 84c82835a5d21bbcf75a61706d8ab549 |
| SHA1 | 5ff465afaabcbf0150d1a3ab2c2e74f3a4426467 |
| SHA256 | ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa |
| SHA512 | 90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244 |
C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5b5cb6920ac09d290fcb2592063841fd |
| SHA1 | d3369f4226dc1dbc1c403efb147f3a27f5d36101 |
| SHA256 | 0d932eccfb4d94d1508536f4ef328045b3d7536cb0eb18f549960fe0795467b6 |
| SHA512 | a8c59bf6f0e675253cb31a5d3b5b4f6227ebc0628300b936bf65981aef40ef2ecf241231bfc269284a1d7ffae788bb7f73107f1eb0e7117f07e9e3df774bef66 |
C:\Users\Admin\Downloads\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
memory/1444-2425-0x0000000010000000-0x0000000010010000-memory.dmp
C:\Users\Admin\Downloads\b.wnry
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Downloads\msg\m_bulgarian.wnry
| MD5 | 95673b0f968c0f55b32204361940d184 |
| SHA1 | 81e427d15a1a826b93e91c3d2fa65221c8ca9cff |
| SHA256 | 40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd |
| SHA512 | 7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92 |
C:\Users\Admin\Downloads\c.wnry
| MD5 | 383a85eab6ecda319bfddd82416fc6c2 |
| SHA1 | 2a9324e1d02c3e41582bf5370043d8afeb02ba6f |
| SHA256 | 079ce1041cbffe18ff62a2b4a33711eda40f680d0b1d3b551db47e39a6390b21 |
| SHA512 | c661e0b3c175d31b365362e52d7b152267a15d59517a4bcc493329be20b23d0e4eb62d1ba80bb96447eeaf91a6901f4b34bf173b4ab6f90d4111ea97c87c1252 |
C:\Users\Admin\Downloads\@[email protected]
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Downloads\@[email protected]
| MD5 | f97d2e6f8d820dbd3b66f21137de4f09 |
| SHA1 | 596799b75b5d60aa9cd45646f68e9c0bd06df252 |
| SHA256 | 0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a |
| SHA512 | efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0 |
C:\Users\Admin\Downloads\You-are-an-idiot\@[email protected]
| MD5 | f1d17de135333f5be2019d57a58763fa |
| SHA1 | 5c2e2a3ec302186ecb474bbd2abd458b696f1639 |
| SHA256 | 1cdb960138aff4eec890e33172818928250e106c822e48fd647145c1e53340ad |
| SHA512 | 2719281ac6459dfbddc0d4c0c581d056e38c9af49aceefc5dc4c9e6f00e8cbf4a60ba307ef77a5c6f7cc2c5bfa20108ce9fae5347a39df60d46f1e967e2ef9db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 10c0fb106de0ba31f5caa2ca1b6c5369 |
| SHA1 | 99171e970dc41205b2063daadf26b072c73e40b2 |
| SHA256 | 5b3fd0dae44f3b06f1fe0117f81cbbdc4a0558a9edde090b7a10eb4a2c7c5545 |
| SHA512 | 11fc4171ac028f7446c4c87acf404a10b4266cd3b821d59eb3f467e656330c8b4aa84d04249fe0b25e2465b4d09a964f54471607d7121ff5cddbe16c96ea3f97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fcdb05150efeba184ca712e9f04d756e |
| SHA1 | 4af618db28b86753cf754e9267b8f7c225282af5 |
| SHA256 | efce2cc8c99bda0fd758fd7b438b0abbb90a18069781833953f0b116b6201d72 |
| SHA512 | 1784dc8e0bf321ce073777a10b54157227e5ce13e5c8981d47aa3836722db1c7af8d572bb5ec1c28ba3349bfb1e32e783ad0e7edf2875e5c415247bb92b0d569 |
C:\Users\Admin\Downloads\msg\m_filipino.wnry
| MD5 | 08b9e69b57e4c9b966664f8e1c27ab09 |
| SHA1 | 2da1025bbbfb3cd308070765fc0893a48e5a85fa |
| SHA256 | d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324 |
| SHA512 | 966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4 |
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
memory/776-3884-0x0000000074190000-0x0000000074212000-memory.dmp
memory/776-3885-0x0000000073E30000-0x0000000073E52000-memory.dmp
memory/776-3886-0x0000000000330000-0x000000000062E000-memory.dmp
memory/776-3883-0x0000000073EE0000-0x00000000740FC000-memory.dmp
memory/776-3882-0x0000000074100000-0x0000000074182000-memory.dmp
memory/776-3911-0x0000000073E60000-0x0000000073ED7000-memory.dmp
memory/776-3913-0x0000000073E30000-0x0000000073E52000-memory.dmp
memory/776-3912-0x0000000073EE0000-0x00000000740FC000-memory.dmp
memory/776-3910-0x0000000074220000-0x000000007423C000-memory.dmp
memory/776-3909-0x0000000074100000-0x0000000074182000-memory.dmp
memory/776-3908-0x0000000074190000-0x0000000074212000-memory.dmp
memory/776-3907-0x0000000000330000-0x000000000062E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 81256b109b117b50c9152cc64a6d6863 |
| SHA1 | 2a5a86a5012293760389f91e38210bf5e705b965 |
| SHA256 | c463c1dd5c21500d7b12564f8890996f76164e53a544d45d26ff71ee489ee0ba |
| SHA512 | cfd486678128f5e430f7e2ad988802b621414dfd82a5c4f4ade436850217098ef8a96a71e0fd9494b0e5d3a22971d9b7c33242cd2c702310932fceed2a2d6328 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1ebe21837ebe2302e4991e89246ba0d3 |
| SHA1 | 8f285d1afcb9304a8992be78b137e5a372c77678 |
| SHA256 | f38ab1bcf0a9902454b272c90dc8f35810adc398d4d91fb53fe80840324e9886 |
| SHA512 | 402c326f85e4da7d31923c1d37920164f1014b2dc1a2fd6689e5b771b31565b72ca8d5dbd6d3e3da46cf07dd433026ba9c59506e92efb572f5fcd5f1e12edeb3 |
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | 7469b060980c9271cf2da86d478b9fcd |
| SHA1 | d9a486e331a8bdb930dfee4248e9cad944e62dec |
| SHA256 | a8e1b2eb66dddfa5950a7847db9cff3008521a475ea77b3766dd54ade4d1d0fe |
| SHA512 | 3f2cb8c27c80a2c1c5023bf26359ca3b92d62ba16cf469772b43b4bd0cd87c4be827a9f6079cc5ec46549a75f8d1ef9e7c7f1f8a10034a7a82f23d4a9cc8bda1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 80863b7a13b98610e18c47a2a1920c30 |
| SHA1 | fb1f066b5b4320ff37fd8631d37dadd9c251d051 |
| SHA256 | 0b36d64526d74aaaaa7ee4a2356550cf7acd0c5ecb8005d7360bc768f35405a7 |
| SHA512 | dc4aac619a16d1a7ebae54af1e3dc579444ab4c8c0fec418aeecd81abc179cf9e89d59b487d97c21aa56a78254d8fb62fd20d21411f7865a1340be0c74b0cc8a |
memory/776-3960-0x0000000000330000-0x000000000062E000-memory.dmp
memory/776-3967-0x0000000000330000-0x000000000062E000-memory.dmp