Overview

overview

10

Static

static

1

URLScan

urlscan

1

http://bing.com

windows10-2004-x64

10

Analysis

  • max time kernel
    611s
  • max time network
    608s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    25/02/2024, 04:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://bing.com

Score
10/10
wannacrydiscoverypersistenceransomwarespywarestealerworm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Extracted

Path

C:\Users\Admin\Downloads\r.wnry

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send %s to this bitcoin address: %s Next, please find an application file named "%s". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window.

Extracted

Path

C:\Users\Admin\Downloads\msg\m_english.wnry

Ransom Note
{\rtf1\adeflang1025\ansi\ansicpg1252\uc2\adeff31507\deff0\stshfdbch31505\stshfloch31506\stshfhich31506\stshfbi0\deflang1033\deflangfe1042\themelang1033\themelangfe1042\themelangcs0{\fonttbl{\f0\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f1\fbidi \fswiss\fcharset0\fprq2{\*\panose 020b0604020202020204}Arial;} {\f34\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria Math;}{\f37\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria;}{\f41\fbidi \fmodern\fcharset0\fprq1{\*\panose 020b0609020204030204}Consolas;} {\f53\fbidi \fmodern\fcharset129\fprq1{\*\panose 020b0609000101010101}\'b1\'bc\'b8\'b2\'c3\'bc;}{\f54\fbidi \fmodern\fcharset129\fprq1{\*\panose 020b0609000101010101}@\'b1\'bc\'b8\'b2\'c3\'bc;} {\flomajor\f31500\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbmajor\f31501\fbidi \fmodern\fcharset129\fprq2{\*\panose 020b0503020000020004}\'b8\'bc\'c0\'ba \'b0\'ed\'b5\'f1;} {\fhimajor\f31502\fbidi \froman\fcharset0\fprq2{\*\panose 02040503050406030204}Cambria;}{\fbimajor\f31503\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;} {\flominor\f31504\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\fdbminor\f31505\fbidi \fmodern\fcharset129\fprq2{\*\panose 020b0503020000020004}\'b8\'bc\'c0\'ba \'b0\'ed\'b5\'f1;} {\fhiminor\f31506\fbidi \fswiss\fcharset0\fprq2{\*\panose 020f0502020204030204}Calibri;}{\fbiminor\f31507\fbidi \froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f540\fbidi \froman\fcharset238\fprq2 Times New Roman CE;} {\f541\fbidi \froman\fcharset204\fprq2 Times New Roman Cyr;}{\f543\fbidi \froman\fcharset161\fprq2 Times New Roman Greek;}{\f544\fbidi \froman\fcharset162\fprq2 Times New Roman Tur;}{\f545\fbidi \froman\fcharset177\fprq2 Times New Roman (Hebrew);} {\f546\fbidi \froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f547\fbidi \froman\fcharset186\fprq2 Times New Roman Baltic;}{\f548\fbidi \froman\fcharset163\fprq2 Times New Roman (Vietnamese);}{\f550\fbidi \fswiss\fcharset238\fprq2 Arial CE;} {\f551\fbidi \fswiss\fcharset204\fprq2 Arial Cyr;}{\f553\fbidi \fswiss\fcharset161\fprq2 Arial Greek;}{\f554\fbidi \fswiss\fcharset162\fprq2 Arial Tur;}{\f555\fbidi \fswiss\fcharset177\fprq2 Arial (Hebrew);} {\f556\fbidi \fswiss\fcharset178\fprq2 Arial (Arabic);}{\f557\fbidi \fswiss\fcharset186\fprq2 Arial Baltic;}{\f558\fbidi \fswiss\fcharset163\fprq2 Arial (Vietnamese);}{\f880\fbidi \froman\fcharset238\fprq2 Cambria Math CE;} {\f881\fbidi \froman\fcharset204\fprq2 Cambria Math Cyr;}{\f883\fbidi \froman\fcharset161\fprq2 Cambria Math Greek;}{\f884\fbidi \froman\fcharset162\fprq2 Cambria Math Tur;}{\f887\fbidi \froman\fcharset186\fprq2 Cambria Math Baltic;} {\f888\fbidi \froman\fcharset163\fprq2 Cambria Math (Vietnamese);}{\f910\fbidi \froman\fcharset238\fprq2 Cambria CE;}{\f911\fbidi \froman\fcharset204\fprq2 Cambria Cyr;}{\f913\fbidi \froman\fcharset161\fprq2 Cambria Greek;} {\f914\fbidi \froman\fcharset162\fprq2 Cambria Tur;}{\f917\fbidi \froman\fcharset186\fprq2 Cambria Baltic;}{\f918\fbidi \froman\fcharset163\fprq2 Cambria (Vietnamese);}{\f950\fbidi \fmodern\fcharset238\fprq1 Consolas CE;} {\f951\fbidi \fmodern\fcharset204\fprq1 Consolas Cyr;}{\f953\fbidi \fmodern\fcharset161\fprq1 Consolas Greek;}{\f954\fbidi \fmodern\fcharset162\fprq1 Consolas Tur;}{\f957\fbidi \fmodern\fcharset186\fprq1 Consolas Baltic;} {\f958\fbidi \fmodern\fcharset163\fprq1 Consolas (Vietnamese);}{\f1072\fbidi \fmodern\fcharset0\fprq1 GulimChe Western;}{\f1070\fbidi \fmodern\fcharset238\fprq1 GulimChe CE;}{\f1071\fbidi \fmodern\fcharset204\fprq1 GulimChe Cyr;} {\f1073\fbidi \fmodern\fcharset161\fprq1 GulimChe Greek;}{\f1074\fbidi \fmodern\fcharset162\fprq1 GulimChe Tur;}{\f1077\fbidi \fmodern\fcharset186\fprq1 GulimChe Baltic;}{\f1082\fbidi \fmodern\fcharset0\fprq1 @\'b1\'bc\'b8\'b2\'c3\'bc Western;} {\f1080\fbidi \fmodern\fcharset238\fprq1 @\'b1\'bc\'b8\'b2\'c3\'bc CE;}{\f1081\fbidi \fmodern\fcharset204\fprq1 @\'b1\'bc\'b8\'b2\'c3\'bc Cyr;}{\f1083\fbidi \fmodern\fcharset161\fprq1 @\'b1\'bc\'b8\'b2\'c3\'bc Greek;} {\f1084\fbidi \fmodern\fcharset162\fprq1 @\'b1\'bc\'b8\'b2\'c3\'bc Tur;}{\f1087\fbidi \fmodern\fcharset186\fprq1 @\'b1\'bc\'b8\'b2\'c3\'bc Baltic;}{\flomajor\f31508\fbidi \froman\fcharset238\fprq2 Times New Roman CE;} {\flomajor\f31509\fbidi \froman\fcharset204\fprq2 Times New Roman Cyr;}{\flomajor\f31511\fbidi \froman\fcharset161\fprq2 Times New Roman Greek;}{\flomajor\f31512\fbidi \froman\fcharset162\fprq2 Times New Roman Tur;} {\flomajor\f31513\fbidi \froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\flomajor\f31514\fbidi \froman\fcharset178\fprq2 Times New Roman (Arabic);}{\flomajor\f31515\fbidi \froman\fcharset186\fprq2 Times New Roman Baltic;} {\flomajor\f31516\fbidi \froman\fcharset163\fprq2 Times New Roman (Vietnamese);}{\fdbmajor\f31520\fbidi \fmodern\fcharset0\fprq2 Malgun Gothic Western;}{\fhimajor\f31528\fbidi \froman\fcharset238\fprq2 Cambria CE;} {\fhimajor\f31529\fbidi \froman\fcharset204\fprq2 Cambria Cyr;}{\fhimajor\f31531\fbidi \froman\fcharset161\fprq2 Cambria Greek;}{\fhimajor\f31532\fbidi \froman\fcharset162\fprq2 Cambria Tur;} {\fhimajor\f31535\fbidi \froman\fcharset186\fprq2 Cambria Baltic;}{\fhimajor\f31536\fbidi \froman\fcharset163\fprq2 Cambria (Vietnamese);}{\fbimajor\f31538\fbidi \froman\fcharset238\fprq2 Times New Roman CE;} {\fbimajor\f31539\fbidi \froman\fcharset204\fprq2 Times New Roman Cyr;}{\fbimajor\f31541\fbidi \froman\fcharset161\fprq2 Times New Roman Greek;}{\fbimajor\f31542\fbidi \froman\fcharset162\fprq2 Times New Roman Tur;} {\fbimajor\f31543\fbidi \froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\fbimajor\f31544\fbidi \froman\fcharset178\fprq2 Times New Roman (Arabic);}{\fbimajor\f31545\fbidi \froman\fcharset186\fprq2 Times New Roman Baltic;} {\fbimajor\f31546\fbidi \froman\fcharset163\fprq2 Times New Roman (Vietnamese);}{\flominor\f31548\fbidi \froman\fcharset238\fprq2 Times New Roman CE;}{\flominor\f31549\fbidi \froman\fcharset204\fprq2 Times New Roman Cyr;} {\flominor\f31551\fbidi \froman\fcharset161\fprq2 Times New Roman Greek;}{\flominor\f31552\fbidi \froman\fcharset162\fprq2 Times New Roman Tur;}{\flominor\f31553\fbidi \froman\fcharset177\fprq2 Times New Roman (Hebrew);} {\flominor\f31554\fbidi \froman\fcharset178\fprq2 Times New Roman (Arabic);}{\flominor\f31555\fbidi \froman\fcharset186\fprq2 Times New Roman Baltic;}{\flominor\f31556\fbidi \froman\fcharset163\fprq2 Times New Roman (Vietnamese);} {\fdbminor\f31560\fbidi \fmodern\fcharset0\fprq2 Malgun Gothic Western;}{\fhiminor\f31568\fbidi \fswiss\fcharset238\fprq2 Calibri CE;}{\fhiminor\f31569\fbidi \fswiss\fcharset204\fprq2 Calibri Cyr;} {\fhiminor\f31571\fbidi \fswiss\fcharset161\fprq2 Calibri Greek;}{\fhiminor\f31572\fbidi \fswiss\fcharset162\fprq2 Calibri Tur;}{\fhiminor\f31575\fbidi \fswiss\fcharset186\fprq2 Calibri Baltic;} {\fhiminor\f31576\fbidi \fswiss\fcharset163\fprq2 Calibri (Vietnamese);}{\fbiminor\f31578\fbidi \froman\fcharset238\fprq2 Times New Roman CE;}{\fbiminor\f31579\fbidi \froman\fcharset204\fprq2 Times New Roman Cyr;} {\fbiminor\f31581\fbidi \froman\fcharset161\fprq2 Times New Roman Greek;}{\fbiminor\f31582\fbidi \froman\fcharset162\fprq2 Times New Roman Tur;}{\fbiminor\f31583\fbidi \froman\fcharset177\fprq2 Times New Roman (Hebrew);} {\fbiminor\f31584\fbidi \froman\fcharset178\fprq2 Times New Roman (Arabic);}{\fbiminor\f31585\fbidi \froman\fcharset186\fprq2 Times New Roman Baltic;}{\fbiminor\f31586\fbidi \froman\fcharset163\fprq2 Times New Roman (Vietnamese);}} {\colortbl;\red0\green0\blue0;\red0\green0\blue255;\red0\green255\blue255;\red0\green255\blue0;\red255\green0\blue255;\red255\green0\blue0;\red255\green255\blue0;\red255\green255\blue255;\red0\green0\blue128;\red0\green128\blue128;\red0\green128\blue0; \red128\green0\blue128;\red128\green0\blue0;\red128\green128\blue0;\red128\green128\blue128;\red192\green192\blue192;}{\*\defchp \fs22\loch\af31506\hich\af31506\dbch\af31505 }{\*\defpap \ql \li0\ri0\sa200\sl276\slmult1 \widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 }\noqfpromote {\stylesheet{\ql \li0\ri0\sa200\sl276\slmult1\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \rtlch\fcs1 \af31507\afs22\alang1025 \ltrch\fcs0 \fs22\lang1033\langfe1042\loch\f31506\hich\af31506\dbch\af31505\cgrid\langnp1033\langfenp1042 \snext0 \sqformat \spriority0 \styrsid1847526 Normal;}{\*\cs10 \additive \ssemihidden \sunhideused \spriority1 Default Paragraph Font;}{\* \ts11\tsrowd\trftsWidthB3\trpaddl108\trpaddr108\trpaddfl3\trpaddft3\trpaddfb3\trpaddfr3\trcbpat1\trcfpat1\tblind0\tblindtype3\tscellwidthfts0\tsvertalt\tsbrdrt\tsbrdrl\tsbrdrb\tsbrdrr\tsbrdrdgl\tsbrdrdgr\tsbrdrh\tsbrdrv \ql \li0\ri0\sa200\sl276\slmult1 \widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \rtlch\fcs1 \af0\afs22\alang1025 \ltrch\fcs0 \fs22\lang1033\langfe1042\loch\f31506\hich\af31506\dbch\af31505\cgrid\langnp1033\langfenp1042 \snext11 \ssemihidden \sunhideused \sqformat Normal Table;}{\s15\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \rtlch\fcs1 \af41\afs21\alang1025 \ltrch\fcs0 \fs21\lang1033\langfe1042\loch\f41\hich\af41\dbch\af31505\cgrid\langnp1033\langfenp1042 \sbasedon0 \snext15 \slink16 \sunhideused \styrsid5268979 Plain Text;}{\*\cs16 \additive \rtlch\fcs1 \af41\afs21 \ltrch\fcs0 \f41\fs21 \sbasedon10 \slink15 \slocked \styrsid5268979 Plain Text Char;}}{\*\rsidtbl \rsid1847526\rsid2183709\rsid5268979\rsid5733561\rsid11488848\rsid14178431\rsid14237745\rsid14313477\rsid14432744}{\mmathPr\mmathFont34\mbrkBin0\mbrkBinSub0\msmallFrac0\mdispDef1 \mlMargin0\mrMargin0\mdefJc1\mwrapIndent1440\mintLim0\mnaryLim1}{\info{\author Messi}{\operator Messi}{\creatim\yr2017\mo5\dy11\hr13\min53}{\revtim\yr2017\mo5\dy11\hr14\min42}{\version4}{\edmins4}{\nofpages1}{\nofwords296}{\nofchars1385}{\nofcharsws1678} {\vern32775}}{\*\xmlnstbl {\xmlns1 http://schemas.microsoft.com/office/word/2003/wordml}}\paperw12240\paperh15840\margl1501\margr1502\margt1701\margb1440\gutter0\ltrsect \widowctrl\ftnbj\aenddoc\trackmoves1\trackformatting1\donotembedsysfont1\relyonvml0\donotembedlingdata0\grfdocevents0\validatexml1\showplaceholdtext0\ignoremixedcontent0\saveinvalidxml0\showxmlerrors1\noxlattoyen \expshrtn\noultrlspc\dntblnsbdb\nospaceforul\formshade\horzdoc\dgmargin\dghspace180\dgvspace180\dghorigin1501\dgvorigin1701\dghshow1\dgvshow1 \jexpand\viewkind1\viewscale140\pgbrdrhead\pgbrdrfoot\splytwnine\ftnlytwnine\htmautsp\nolnhtadjtbl\useltbaln\alntblind\lytcalctblwd\lyttblrtgr\lnbrkrule\nobrkwrptbl\snaptogridincell\allowfieldendsel\wrppunct \asianbrkrule\rsidroot1847526\newtblstyruls\nogrowautofit\usenormstyforlist\noindnmbrts\felnbrelev\nocxsptable\indrlsweleven\noafcnsttbl\afelev\utinl\hwelev\spltpgpar\notcvasp\notbrkcnstfrctbl\notvatxbx\krnprsnet\cachedcolbal \nouicompat \fet0 {\*\wgrffmtfilter 2450}\nofeaturethrottle1\ilfomacatclnup0\ltrpar \sectd \ltrsect\linex0\endnhere\sectlinegrid360\sectdefaultcl\sectrsid5268979\sftnbj {\*\pnseclvl1\pnucrm\pnstart1\pnindent720\pnhang {\pntxta \hich .}}{\*\pnseclvl2 \pnucltr\pnstart1\pnindent720\pnhang {\pntxta \hich .}}{\*\pnseclvl3\pndec\pnstart1\pnindent720\pnhang {\pntxta \hich .}}{\*\pnseclvl4\pnlcltr\pnstart1\pnindent720\pnhang {\pntxta \hich )}}{\*\pnseclvl5\pndec\pnstart1\pnindent720\pnhang {\pntxtb \hich (} {\pntxta \hich )}}{\*\pnseclvl6\pnlcltr\pnstart1\pnindent720\pnhang {\pntxtb \hich (}{\pntxta \hich )}}{\*\pnseclvl7\pnlcrm\pnstart1\pnindent720\pnhang {\pntxtb \hich (}{\pntxta \hich )}}{\*\pnseclvl8\pnlcltr\pnstart1\pnindent720\pnhang {\pntxtb \hich (} {\pntxta \hich )}}{\*\pnseclvl9\pnlcrm\pnstart1\pnindent720\pnhang {\pntxtb \hich (}{\pntxta \hich )}}\pard\plain \ltrpar\s15\ql \li0\ri0\widctlpar\wrapdefault\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0\pararsid5268979 \rtlch\fcs1 \af41\afs21\alang1025 \ltrch\fcs0 \fs21\lang1033\langfe1042\loch\af41\hich\af41\dbch\af31505\cgrid\langnp1033\langfenp1042 {\rtlch\fcs1 \af1\afs22 \ltrch\fcs0 \b\fs28\loch\af31502\hich\af31502\dbch\af53\insrsid14313477\charrsid5733561 \hich\af31502\dbch\af53\loch\f31502 What Happened to My Computer? \par }{\rtlch\fcs1 \af1\afs22 \ltrch\fcs0 \b\fs24\loch\af31502\hich\af31502\dbch\af53\insrsid14313477\charrsid5733561 \hich\af31502\dbch\af53\loch\f31502 Y}{\rtlch\fcs1 \af1\afs22 \ltrch\fcs0 \fs22\loch\af31502\hich\af31502\dbch\af53\insrsid14313477\charrsid5733561 \hich\af31502\dbch\af53\loch\f31502 our important files are encrypted. \par \hich\af31502\dbch\af53\loch\f31502 Many of your documents, photos, videos, databases and other files are no longer accessibl\hich\af31502\dbch\af53\loch\f31502 e because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service. \par \par }{\rtlch\fcs1 \af1\afs22 \ltrch\fcs0 \b\fs28\loch\af31502\hich\af31502\dbch\af53\insrsid14313477\charrsid5733561 \hich\af31502\dbch\af53\loch\f31502 Can I Recover My Files? \par }{\rtlch\fcs1 \af1\afs22 \ltrch\fcs0 \b\fs24\loch\af31502\hich\af31502\dbch\af53\insrsid14313477\charrsid5733561 \hich\af31502\dbch\af53\loch\f31502 S}{\rtlch\fcs1 \af1\afs22 \ltrch\fcs0 \fs22\loch\af31502\hich\af31502\dbch\af53\insrsid14313477\charrsid5733561 \hich\af31502\dbch\af53\loch\f31502 ure. We guarantee that you can recover all y\hich\af31502\dbch\af53\loch\f31502 our files safely and easily. But you have not so enough time. \par \hich\af31502\dbch\af53\loch\f31502 You can decrypt some of your files for free. Try now by clicking <Decrypt>. \par \hich\af31502\dbch\af53\loch\f31502 But if you want to decrypt all your files, you need to pay. \par \hich\af31502\dbch\af53\loch\f31502 You only have 3 days to submit the payment. After that the\hich\af31502\dbch\af53\loch\f31502 price will be doubled. \par \hich\af31502\dbch\af53\loch\f31502 Also, if you don't pay in 7 days, you won't be able to recover your files forever. \par \hich\af31502\dbch\af53\loch\f31502 We will have free events for users who are so poor that they couldn't pay in 6 months. \par \par }{\rtlch\fcs1 \af1\afs22 \ltrch\fcs0 \b\fs28\loch\af31502\hich\af31502\dbch\af53\insrsid14313477\charrsid5733561 \hich\af31502\dbch\af53\loch\f31502 How Do I Pay? \par }{\rtlch\fcs1 \af1\afs22 \ltrch\fcs0 \b\fs24\loch\af31502\hich\af31502\dbch\af53\insrsid14313477\charrsid5733561 \hich\af31502\dbch\af53\loch\f31502 P}{\rtlch\fcs1 \af1\afs22 \ltrch\fcs0 \fs22\loch\af31502\hich\af31502\dbch\af53\insrsid14313477\charrsid5733561 \hich\af31502\dbch\af53\loch\f31502 ayment is accepted in Bitcoin only. For more i\hich\af31502\dbch\af53\loch\f31502 nformation, click <About bitcoin>. \par \hich\af31502\dbch\af53\loch\f31502 Please check the current price of Bitcoin and buy some bitcoins. For more information, click <How to buy bitcoins>. \par \hich\af31502\dbch\af53\loch\f31502 And send the correct amount to the address specified in this window. \par \hich\af31502\dbch\af53\loch\f31502 After your payment, click <Check Pay\hich\af31502\dbch\af53\loch\f31502 ment>. Best time to check: 9:00am - 11:00am GMT from Monday to Friday. \par \hich\af31502\dbch\af53\loch\f31502 Once the payment is checked, you can start decrypting your files immediately. \par \par }{\rtlch\fcs1 \af1\afs22 \ltrch\fcs0 \b\fs28\loch\af31502\hich\af31502\dbch\af53\insrsid14313477\charrsid5733561 \hich\af31502\dbch\af53\loch\f31502 Contact \par }{\rtlch\fcs1 \af1\afs22 \ltrch\fcs0 \fs22\loch\af31502\hich\af31502\dbch\af53\insrsid14313477\charrsid5733561 \hich\af31502\dbch\af53\loch\f31502 If you need our assistance, send a message by clicking <Contact Us>. \par \par }{\rtlch\fcs1 \af1\afs22 \ltrch\fcs0 \fs22\cf6\loch\af31502\hich\af31502\dbch\af53\insrsid14313477\charrsid5733561 \hich\af31502\dbch\af53\loch\f31502 We strongly recommend you to\hich\af31502\dbch\af53\loch\f31502 not remove this software, and disable your anti-virus for a while, until you pay and the payment gets processed. If your anti-virus gets updated and removes this software automatically, it will not be able to recover your files even if you pay!}{ \rtlch\fcs1 \af1\afs22 \ltrch\fcs0 \fs22\cf6\loch\af31502\hich\af31502\dbch\af53\insrsid5268
URLs

http://schemas.microsoft.com/office/word/2003/wordml}}\paperw12240\paperh15840\margl1501\margr1502\margt1701\margb1440\gutter0\ltrsect

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 3 IoCs
  • Executes dropped EXE 55 IoCs
  • Loads dropped DLL 64 IoCs
  • Modifies file permissions 1 TTPs 9 IoCs
    discovery
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 3 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 28 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • NTFS ADS 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Views/modifies file attributes 1 TTPs 10 IoCs
    evasion

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bing.com
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4212
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdc9146f8,0x7fffdc914708,0x7fffdc914718
      2⤵
        PID:612
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        2⤵
          PID:336
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2652
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
          2⤵
            PID:224
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
            2⤵
              PID:4908
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
              2⤵
                PID:2224
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
                2⤵
                  PID:1504
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
                  2⤵
                    PID:4156
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
                    2⤵
                      PID:2580
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
                      2⤵
                        PID:2628
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
                        2⤵
                          PID:1068
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:2096
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
                          2⤵
                            PID:5104
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
                            2⤵
                              PID:1256
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
                              2⤵
                                PID:3736
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
                                2⤵
                                  PID:2456
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
                                  2⤵
                                    PID:2072
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
                                    2⤵
                                      PID:1396
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --service-sandbox-type=video_capture --mojo-platform-channel-handle=4916 /prefetch:8
                                      2⤵
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:4484
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=4124 /prefetch:8
                                      2⤵
                                        PID:888
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
                                        2⤵
                                          PID:2572
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
                                          2⤵
                                            PID:3328
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
                                            2⤵
                                              PID:3856
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
                                              2⤵
                                                PID:1036
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
                                                2⤵
                                                  PID:3524
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
                                                  2⤵
                                                    PID:1420
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
                                                    2⤵
                                                      PID:4932
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1
                                                      2⤵
                                                        PID:1084
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=3976 /prefetch:8
                                                        2⤵
                                                          PID:3108
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
                                                          2⤵
                                                            PID:2916
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1
                                                            2⤵
                                                              PID:2300
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7608 /prefetch:8
                                                              2⤵
                                                                PID:3184
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7772 /prefetch:8
                                                                2⤵
                                                                  PID:3424
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=7532 /prefetch:8
                                                                  2⤵
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:4980
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
                                                                  2⤵
                                                                    PID:3964
                                                                  • C:\Users\Admin\Downloads\Setup (1).exe
                                                                    "C:\Users\Admin\Downloads\Setup (1).exe"
                                                                    2⤵
                                                                    • Checks computer location settings
                                                                    • Executes dropped EXE
                                                                    • Loads dropped DLL
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    • Suspicious use of SetWindowsHookEx
                                                                    PID:2384
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://pcapp.store/installing.php?guid=721196E6-B31C-4E5D-B8D6-136C757B28AEX&winver=19041&version=fa.1086d&nocache=20240225041316.247&_fcid=1708834357343715
                                                                      3⤵
                                                                        PID:1572
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffdc9146f8,0x7fffdc914708,0x7fffdc914718
                                                                          4⤵
                                                                            PID:4376
                                                                        • C:\Users\Admin\StrPIC\Temp\nss5518.tmp
                                                                          "C:\Users\Admin\StrPIC\Temp\nss5518.tmp" /verify
                                                                          3⤵
                                                                          • Executes dropped EXE
                                                                          • Suspicious use of SetWindowsHookEx
                                                                          PID:4516
                                                                        • C:\Users\Admin\StrPIC\Temp\nss5518.tmp
                                                                          "C:\Users\Admin\StrPIC\Temp\nss5518.tmp" /internal 1708834357343715 /force
                                                                          3⤵
                                                                          • Drops startup file
                                                                          • Executes dropped EXE
                                                                          • Loads dropped DLL
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          • Suspicious use of SetWindowsHookEx
                                                                          PID:4776
                                                                          • C:\Users\Admin\StrPIC\setDRM.exe
                                                                            "C:\Users\Admin\StrPIC\setDRM.exe" 1708834357343715
                                                                            4⤵
                                                                            • Executes dropped EXE
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:1596
                                                                          • C:\Users\Admin\StrPIC\PcAppStore.exe
                                                                            "C:\Users\Admin\StrPIC\PcAppStore.exe" /init default
                                                                            4⤵
                                                                            • Executes dropped EXE
                                                                            • Enumerates connected drives
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            • Suspicious use of SendNotifyMessage
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:1520
                                                                            • C:\Users\Admin\StrPIC\nwjs\NW_store.exe
                                                                              .\nwjs\NW_store.exe .\ui\.
                                                                              5⤵
                                                                              • Checks computer location settings
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              • Enumerates system info in registry
                                                                              • Modifies data under HKEY_USERS
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              PID:3356
                                                                              • C:\Users\Admin\StrPIC\nwjs\NW_store.exe
                                                                                C:\Users\Admin\StrPIC\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x2cc,0x2d0,0x2d4,0x2a8,0x2d8,0x7fffdc009b48,0x7fffdc009b58,0x7fffdc009b68
                                                                                6⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                PID:3364
                                                                              • C:\Users\Admin\StrPIC\nwjs\NW_store.exe
                                                                                "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1832,i,7781403484917487472,16568632643071507588,131072 /prefetch:2
                                                                                6⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:4020
                                                                              • C:\Users\Admin\StrPIC\nwjs\NW_store.exe
                                                                                "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --mojo-platform-channel-handle=1936 --field-trial-handle=1832,i,7781403484917487472,16568632643071507588,131072 /prefetch:8
                                                                                6⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:3852
                                                                              • C:\Users\Admin\StrPIC\nwjs\NW_store.exe
                                                                                "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=1756 --field-trial-handle=1832,i,7781403484917487472,16568632643071507588,131072 /prefetch:8
                                                                                6⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:1260
                                                                              • C:\Users\Admin\StrPIC\nwjs\NW_store.exe
                                                                                "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\StrPIC\nwjs\gen" --no-zygote --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1832,i,7781403484917487472,16568632643071507588,131072 /prefetch:1
                                                                                6⤵
                                                                                • Checks computer location settings
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • NTFS ADS
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:2984
                                                                              • C:\Users\Admin\StrPIC\nwjs\NW_store.exe
                                                                                "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=es --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3912 --field-trial-handle=1832,i,7781403484917487472,16568632643071507588,131072 /prefetch:8
                                                                                6⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:5684
                                                                              • C:\Users\Admin\StrPIC\nwjs\NW_store.exe
                                                                                "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=es --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4144 --field-trial-handle=1832,i,7781403484917487472,16568632643071507588,131072 /prefetch:8
                                                                                6⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:5908
                                                                              • C:\Users\Admin\StrPIC\nwjs\NW_store.exe
                                                                                "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=es --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4360 --field-trial-handle=1832,i,7781403484917487472,16568632643071507588,131072 /prefetch:8
                                                                                6⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:5324
                                                                              • C:\Users\Admin\StrPIC\nwjs\NW_store.exe
                                                                                "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=es --service-sandbox-type=none --no-sandbox --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4356 --field-trial-handle=1832,i,7781403484917487472,16568632643071507588,131072 /prefetch:8
                                                                                6⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:5564
                                                                              • C:\Users\Admin\StrPIC\nwjs\NW_store.exe
                                                                                "C:\Users\Admin\StrPIC\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4356 --field-trial-handle=1832,i,7781403484917487472,16568632643071507588,131072 /prefetch:2
                                                                                6⤵
                                                                                • Executes dropped EXE
                                                                                • Loads dropped DLL
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:840
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
                                                                        2⤵
                                                                          PID:1944
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
                                                                          2⤵
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:1732
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
                                                                          2⤵
                                                                            PID:3308
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1
                                                                            2⤵
                                                                              PID:5552
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
                                                                              2⤵
                                                                                PID:5440
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
                                                                                2⤵
                                                                                  PID:5356
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3972 /prefetch:8
                                                                                  2⤵
                                                                                    PID:4856
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,26669796194949050,147514447002545365,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2916 /prefetch:8
                                                                                    2⤵
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    PID:4856
                                                                                  • C:\Users\Admin\Downloads\WannaCry.EXE
                                                                                    "C:\Users\Admin\Downloads\WannaCry.EXE"
                                                                                    2⤵
                                                                                    • Drops startup file
                                                                                    • Executes dropped EXE
                                                                                    • Sets desktop wallpaper using registry
                                                                                    PID:5032
                                                                                    • C:\Windows\SysWOW64\attrib.exe
                                                                                      attrib +h .
                                                                                      3⤵
                                                                                      • Views/modifies file attributes
                                                                                      PID:4624
                                                                                    • C:\Windows\SysWOW64\icacls.exe
                                                                                      icacls . /grant Everyone:F /T /C /Q
                                                                                      3⤵
                                                                                      • Modifies file permissions
                                                                                      PID:5968
                                                                                    • C:\Users\Admin\Downloads\taskdl.exe
                                                                                      taskdl.exe
                                                                                      3⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:4976
                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                      C:\Windows\system32\cmd.exe /c 200541708834572.bat
                                                                                      3⤵
                                                                                        PID:2728
                                                                                        • C:\Windows\SysWOW64\cscript.exe
                                                                                          cscript.exe //nologo m.vbs
                                                                                          4⤵
                                                                                            PID:2640
                                                                                        • C:\Windows\SysWOW64\attrib.exe
                                                                                          attrib +h +s F:\$RECYCLE
                                                                                          3⤵
                                                                                          • Views/modifies file attributes
                                                                                          PID:3052
                                                                                        • C:\Users\Admin\Downloads\taskdl.exe
                                                                                          taskdl.exe
                                                                                          3⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:5988
                                                                                        • C:\Users\Admin\Downloads\@[email protected]
                                                                                          @[email protected] co
                                                                                          3⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:5052
                                                                                          • C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
                                                                                            TaskData\Tor\taskhsvc.exe
                                                                                            4⤵
                                                                                            • Executes dropped EXE
                                                                                            • Loads dropped DLL
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            PID:1596
                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                          cmd.exe /c start /b @[email protected] vs
                                                                                          3⤵
                                                                                            PID:1792
                                                                                            • C:\Users\Admin\Downloads\@[email protected]
                                                                                              @[email protected] vs
                                                                                              4⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:3624
                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
                                                                                                5⤵
                                                                                                  PID:4584
                                                                                                  • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                                    wmic shadowcopy delete
                                                                                                    6⤵
                                                                                                      PID:5208
                                                                                              • C:\Users\Admin\Downloads\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                3⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:4920
                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "vmyaplqrsb019" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
                                                                                                3⤵
                                                                                                  PID:5284
                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "vmyaplqrsb019" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
                                                                                                    4⤵
                                                                                                    • Adds Run key to start application
                                                                                                    • Modifies registry key
                                                                                                    PID:4396
                                                                                                • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                  taskdl.exe
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:3632
                                                                                                • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                  taskdl.exe
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:4932
                                                                                                • C:\Users\Admin\Downloads\taskse.exe
                                                                                                  taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:5204
                                                                                                • C:\Users\Admin\Downloads\taskse.exe
                                                                                                  taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:4624
                                                                                                • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                  taskdl.exe
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:1392
                                                                                                • C:\Users\Admin\Downloads\taskse.exe
                                                                                                  taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:840
                                                                                                • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                  taskdl.exe
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:3576
                                                                                                • C:\Users\Admin\Downloads\taskse.exe
                                                                                                  taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:5408
                                                                                                • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                  taskdl.exe
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:2680
                                                                                                • C:\Users\Admin\Downloads\taskse.exe
                                                                                                  taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:788
                                                                                                • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                  taskdl.exe
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:5412
                                                                                                • C:\Users\Admin\Downloads\taskse.exe
                                                                                                  taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:1076
                                                                                                • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                  taskdl.exe
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:3116
                                                                                                • C:\Users\Admin\Downloads\taskse.exe
                                                                                                  taskse.exe C:\Users\Admin\Downloads\@[email protected]
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:4800
                                                                                                • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                  taskdl.exe
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:5388
                                                                                              • C:\Users\Admin\Downloads\WannaCry.EXE
                                                                                                "C:\Users\Admin\Downloads\WannaCry.EXE"
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:3860
                                                                                                • C:\Windows\SysWOW64\attrib.exe
                                                                                                  attrib +h .
                                                                                                  3⤵
                                                                                                  • Views/modifies file attributes
                                                                                                  PID:1596
                                                                                                • C:\Windows\SysWOW64\icacls.exe
                                                                                                  icacls . /grant Everyone:F /T /C /Q
                                                                                                  3⤵
                                                                                                  • Modifies file permissions
                                                                                                  PID:1660
                                                                                              • C:\Users\Admin\Downloads\WannaCry.EXE
                                                                                                "C:\Users\Admin\Downloads\WannaCry.EXE"
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:2676
                                                                                                • C:\Windows\SysWOW64\icacls.exe
                                                                                                  icacls . /grant Everyone:F /T /C /Q
                                                                                                  3⤵
                                                                                                  • Modifies file permissions
                                                                                                  PID:3564
                                                                                                • C:\Windows\SysWOW64\attrib.exe
                                                                                                  attrib +h .
                                                                                                  3⤵
                                                                                                  • Views/modifies file attributes
                                                                                                  PID:3008
                                                                                              • C:\Users\Admin\Downloads\WannaCry.EXE
                                                                                                "C:\Users\Admin\Downloads\WannaCry.EXE"
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:3516
                                                                                                • C:\Windows\SysWOW64\attrib.exe
                                                                                                  attrib +h .
                                                                                                  3⤵
                                                                                                  • Views/modifies file attributes
                                                                                                  PID:528
                                                                                                • C:\Windows\SysWOW64\icacls.exe
                                                                                                  icacls . /grant Everyone:F /T /C /Q
                                                                                                  3⤵
                                                                                                  • Modifies file permissions
                                                                                                  PID:5544
                                                                                              • C:\Users\Admin\Downloads\WannaCry.EXE
                                                                                                "C:\Users\Admin\Downloads\WannaCry.EXE"
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:1244
                                                                                                • C:\Windows\SysWOW64\icacls.exe
                                                                                                  icacls . /grant Everyone:F /T /C /Q
                                                                                                  3⤵
                                                                                                  • Modifies file permissions
                                                                                                  PID:1796
                                                                                                • C:\Windows\SysWOW64\attrib.exe
                                                                                                  attrib +h .
                                                                                                  3⤵
                                                                                                  • Views/modifies file attributes
                                                                                                  PID:4860
                                                                                              • C:\Users\Admin\Downloads\WannaCry.EXE
                                                                                                "C:\Users\Admin\Downloads\WannaCry.EXE"
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:3440
                                                                                                • C:\Windows\SysWOW64\icacls.exe
                                                                                                  icacls . /grant Everyone:F /T /C /Q
                                                                                                  3⤵
                                                                                                  • Modifies file permissions
                                                                                                  PID:5932
                                                                                                • C:\Windows\SysWOW64\attrib.exe
                                                                                                  attrib +h .
                                                                                                  3⤵
                                                                                                  • Views/modifies file attributes
                                                                                                  PID:5656
                                                                                              • C:\Users\Admin\Downloads\WannaCry.EXE
                                                                                                "C:\Users\Admin\Downloads\WannaCry.EXE"
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:2988
                                                                                                • C:\Windows\SysWOW64\attrib.exe
                                                                                                  attrib +h .
                                                                                                  3⤵
                                                                                                  • Views/modifies file attributes
                                                                                                  PID:208
                                                                                                • C:\Windows\SysWOW64\icacls.exe
                                                                                                  icacls . /grant Everyone:F /T /C /Q
                                                                                                  3⤵
                                                                                                  • Modifies file permissions
                                                                                                  PID:5544
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffdc9146f8,0x7fffdc914708,0x7fffdc914718
                                                                                              1⤵
                                                                                                PID:1416
                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                1⤵
                                                                                                  PID:1040
                                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                  1⤵
                                                                                                    PID:4912
                                                                                                  • C:\Windows\system32\AUDIODG.EXE
                                                                                                    C:\Windows\system32\AUDIODG.EXE 0x2ec 0x470
                                                                                                    1⤵
                                                                                                      PID:2448
                                                                                                    • C:\Windows\system32\msiexec.exe
                                                                                                      C:\Windows\system32\msiexec.exe /V
                                                                                                      1⤵
                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                      PID:5816
                                                                                                    • C:\Windows\System32\rundll32.exe
                                                                                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                      1⤵
                                                                                                        PID:4756
                                                                                                      • C:\Users\Admin\Downloads\WannaCry.EXE
                                                                                                        "C:\Users\Admin\Downloads\WannaCry.EXE"
                                                                                                        1⤵
                                                                                                        • Executes dropped EXE
                                                                                                        PID:1784
                                                                                                        • C:\Windows\SysWOW64\attrib.exe
                                                                                                          attrib +h .
                                                                                                          2⤵
                                                                                                          • Views/modifies file attributes
                                                                                                          PID:3008
                                                                                                        • C:\Windows\SysWOW64\icacls.exe
                                                                                                          icacls . /grant Everyone:F /T /C /Q
                                                                                                          2⤵
                                                                                                          • Modifies file permissions
                                                                                                          PID:1468
                                                                                                      • C:\Users\Admin\Downloads\WannaCry.EXE
                                                                                                        "C:\Users\Admin\Downloads\WannaCry.EXE"
                                                                                                        1⤵
                                                                                                        • Executes dropped EXE
                                                                                                        PID:2708
                                                                                                        • C:\Windows\SysWOW64\icacls.exe
                                                                                                          icacls . /grant Everyone:F /T /C /Q
                                                                                                          2⤵
                                                                                                          • Modifies file permissions
                                                                                                          PID:4140
                                                                                                        • C:\Windows\SysWOW64\attrib.exe
                                                                                                          attrib +h .
                                                                                                          2⤵
                                                                                                          • Views/modifies file attributes
                                                                                                          PID:5420
                                                                                                      • C:\Windows\system32\vssvc.exe
                                                                                                        C:\Windows\system32\vssvc.exe
                                                                                                        1⤵
                                                                                                          PID:5300
                                                                                                        • C:\Windows\SysWOW64\werfault.exe
                                                                                                          werfault.exe /h /shared Global\6531096ae8fe4d558352876316edf1a1 /t 3676 /p 4884
                                                                                                          1⤵
                                                                                                            PID:5324

                                                                                                          Network

                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                          Reconnaissance

                                                                                                          Resource Development

                                                                                                          Initial Access

                                                                                                          Execution

                                                                                                          Persistence

                                                                                                          Boot or Logon Autostart Execution

                                                                                                          1
                                                                                                          T1547

                                                                                                          Registry Run Keys / Startup Folder

                                                                                                          1
                                                                                                          T1547.001

                                                                                                          Privilege Escalation

                                                                                                          Boot or Logon Autostart Execution

                                                                                                          1
                                                                                                          T1547

                                                                                                          Registry Run Keys / Startup Folder

                                                                                                          1
                                                                                                          T1547.001

                                                                                                          Defense Evasion

                                                                                                          File and Directory Permissions Modification

                                                                                                          1
                                                                                                          T1222

                                                                                                          Hide Artifacts

                                                                                                          1
                                                                                                          T1564

                                                                                                          Hidden Files and Directories

                                                                                                          1
                                                                                                          T1564.001

                                                                                                          Indicator Removal

                                                                                                          1
                                                                                                          T1070

                                                                                                          File Deletion

                                                                                                          1
                                                                                                          T1070.004

                                                                                                          Modify Registry

                                                                                                          3
                                                                                                          T1112

                                                                                                          Credential Access

                                                                                                          Unsecured Credentials

                                                                                                          1
                                                                                                          T1552

                                                                                                          Credentials In Files

                                                                                                          1
                                                                                                          T1552.001

                                                                                                          Discovery

                                                                                                          Peripheral Device Discovery

                                                                                                          1
                                                                                                          T1120

                                                                                                          Query Registry

                                                                                                          4
                                                                                                          T1012

                                                                                                          System Information Discovery

                                                                                                          4
                                                                                                          T1082

                                                                                                          Lateral Movement

                                                                                                          Collection

                                                                                                          Data from Local System

                                                                                                          1
                                                                                                          T1005

                                                                                                          Command and Control

                                                                                                          Web Service

                                                                                                          1
                                                                                                          T1102

                                                                                                          Exfiltration

                                                                                                          Impact

                                                                                                          Defacement

                                                                                                          1
                                                                                                          T1491

                                                                                                          Inhibit System Recovery

                                                                                                          1
                                                                                                          T1490

                                                                                                          Replay Monitor

                                                                                                          Loading Replay Monitor...

                                                                                                          Downloads

                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0
                                                                                                            Filesize

                                                                                                            471B

                                                                                                            MD5

                                                                                                            32573888d1bd64aab12864511eb78780

                                                                                                            SHA1

                                                                                                            7b0101a0344cbff6edd2d2f78f25fdd6d53c62f4

                                                                                                            SHA256

                                                                                                            d7f8532b864ef3d595e14a86c8a8b04cb7a8df6cccc64bac6d12318783e5742a

                                                                                                            SHA512

                                                                                                            684986ad5a8448b59f3a5a96eedf664b726a776ef63ab13169c2a438597fe1155fb51a03d7af4bbbc40f011a5100dbeffb4d4436d67b02469ba202a32a735fc3

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE
                                                                                                            Filesize

                                                                                                            471B

                                                                                                            MD5

                                                                                                            d715e3cb0ff8ee3f7cb8ef959ce91e76

                                                                                                            SHA1

                                                                                                            bc2e324f0f348fc192324ec4c05488e22d6b0ede

                                                                                                            SHA256

                                                                                                            5b7d35ea8b0a1779cdff1575089f06fe51b85bb1b6df747bdedff5084c95f235

                                                                                                            SHA512

                                                                                                            24388c2f19da0d97dd5c777d2471c423d809897424ff4bb2a8292a0833d3943f88a6929c917067d7f870599aebcb6520ae1e2a10772a575c642971ffe63c99fa

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0
                                                                                                            Filesize

                                                                                                            404B

                                                                                                            MD5

                                                                                                            c77205d0b05c6f483cad8bc6fece0f39

                                                                                                            SHA1

                                                                                                            29b5540505c5ba6d419aa587c647521e3dda1c47

                                                                                                            SHA256

                                                                                                            d7d1049232ca3d0f957af89e6403d93f9d95f39d2249e299bb7bdf1c961647ce

                                                                                                            SHA512

                                                                                                            83259cbbffe163635a50968395cb692a7a370e1b092e543a4e4b48dc6f988059f19d52eb6af031d075eb35dcfbf76e55c5319dfff254286a500c733907f6ab3b

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE
                                                                                                            Filesize

                                                                                                            412B

                                                                                                            MD5

                                                                                                            fa75e3cd1a22f35120d843b22a48ae84

                                                                                                            SHA1

                                                                                                            c770639f704f6fa69d1ad25f2516f94293c696eb

                                                                                                            SHA256

                                                                                                            c60220afc71ea6353ee72da2c6013c294a4d321a86559aaafd3e913995ac9be1

                                                                                                            SHA512

                                                                                                            59e85e6ef9effd4035c45f98736c2e380782ca4279059134c3a3be92a72ccea6ce4f4b527e5bffa00b0b1568b6471e1d030f502c328f0c5e56f831bba340a3ef

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                            Filesize

                                                                                                            152B

                                                                                                            MD5

                                                                                                            360dd5debf8bf7b89c4d88d29e38446c

                                                                                                            SHA1

                                                                                                            65afff8c78aeb12c577a523cb77cd58d401b0f82

                                                                                                            SHA256

                                                                                                            3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef

                                                                                                            SHA512

                                                                                                            0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                            Filesize

                                                                                                            152B

                                                                                                            MD5

                                                                                                            6fbbaffc5a50295d007ab405b0885ab5

                                                                                                            SHA1

                                                                                                            518e87df81db1dded184c3e4e3f129cca15baba1

                                                                                                            SHA256

                                                                                                            b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6

                                                                                                            SHA512

                                                                                                            011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
                                                                                                            Filesize

                                                                                                            65KB

                                                                                                            MD5

                                                                                                            56d57bc655526551f217536f19195495

                                                                                                            SHA1

                                                                                                            28b430886d1220855a805d78dc5d6414aeee6995

                                                                                                            SHA256

                                                                                                            f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

                                                                                                            SHA512

                                                                                                            7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                                                                                            Filesize

                                                                                                            84KB

                                                                                                            MD5

                                                                                                            74e33b4b54f4d1f3da06ab47c5936a13

                                                                                                            SHA1

                                                                                                            6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

                                                                                                            SHA256

                                                                                                            535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

                                                                                                            SHA512

                                                                                                            79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
                                                                                                            Filesize

                                                                                                            1.1MB

                                                                                                            MD5

                                                                                                            d8106993c2e1ea8402b6d383159bf400

                                                                                                            SHA1

                                                                                                            afec2f70dddee7abc9a6241b923467a79a024a8e

                                                                                                            SHA256

                                                                                                            24dde830c99b2763bc674354c8bd4523150805784f1e78dc89795cc7408449f5

                                                                                                            SHA512

                                                                                                            b0ac8fc42766cb05695782780e6b71b6c3a39327c2038ba75f18975b6bdb969fdbca51d74ca116bd048042650888193e8c7e238ce5789d4b115145073da4c75b

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
                                                                                                            Filesize

                                                                                                            69KB

                                                                                                            MD5

                                                                                                            a127a49f49671771565e01d883a5e4fa

                                                                                                            SHA1

                                                                                                            09ec098e238b34c09406628c6bee1b81472fc003

                                                                                                            SHA256

                                                                                                            3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

                                                                                                            SHA512

                                                                                                            61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
                                                                                                            Filesize

                                                                                                            19KB

                                                                                                            MD5

                                                                                                            2e86a72f4e82614cd4842950d2e0a716

                                                                                                            SHA1

                                                                                                            d7b4ee0c9af735d098bff474632fc2c0113e0b9c

                                                                                                            SHA256

                                                                                                            c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

                                                                                                            SHA512

                                                                                                            7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
                                                                                                            Filesize

                                                                                                            28KB

                                                                                                            MD5

                                                                                                            cf1fc92e741ef491313e37a95ab31a2c

                                                                                                            SHA1

                                                                                                            635d8d42d73d45093a45549b0d2d194e1ea4141b

                                                                                                            SHA256

                                                                                                            a4b8fdbcd3b9c985cf861908d9b650a0d323e0f14d24e284fa68fac8146dc3e9

                                                                                                            SHA512

                                                                                                            7bab48d7fba6d2a211700761ad4cc958a64f57c7e3b5cf8973afa27fa6409c3604dabb0b61c0a1a5c84200ea3106cb3cdad088e32a517c5c74093f23c2be889a

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
                                                                                                            Filesize

                                                                                                            62KB

                                                                                                            MD5

                                                                                                            c3c0eb5e044497577bec91b5970f6d30

                                                                                                            SHA1

                                                                                                            d833f81cf21f68d43ba64a6c28892945adc317a6

                                                                                                            SHA256

                                                                                                            eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

                                                                                                            SHA512

                                                                                                            83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
                                                                                                            Filesize

                                                                                                            31KB

                                                                                                            MD5

                                                                                                            13cfa53cd77baa3cd8f46b2649ce0a06

                                                                                                            SHA1

                                                                                                            dbdbfe23ab336a3a5ca28bfca16197624b85955f

                                                                                                            SHA256

                                                                                                            a2306ee57d806468b732988af50f9c991e0b8d005283339b8c24130a455df109

                                                                                                            SHA512

                                                                                                            80a07ac13f9b730b90bd81565fd611be03eab85c407819f800772f136ed4b35eb2bb1c56841b2b3ba63236c91d98137138e0f149214216d5af84beaef0f42ad1

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
                                                                                                            Filesize

                                                                                                            61KB

                                                                                                            MD5

                                                                                                            1971e737391eabf87667012e84069a5a

                                                                                                            SHA1

                                                                                                            8fd29644afc6da70873c25f9bf9d1c495c759843

                                                                                                            SHA256

                                                                                                            c9aab23276584648e971c3745fca3bed6d9e4c7e373bf3dc7ad316f2aef42fd3

                                                                                                            SHA512

                                                                                                            23062a1d410b69532d3bf97ec7d1fa3c27e974613326fe3a3d80f909d595bda78f2ba366bcd612e494ecee1af1493264d0044a26fae604466e5437a25da6280b

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
                                                                                                            Filesize

                                                                                                            19KB

                                                                                                            MD5

                                                                                                            2cf9df4d427447dd00b9566db8465de6

                                                                                                            SHA1

                                                                                                            8087616509700002b3364e20c748888ab581b42e

                                                                                                            SHA256

                                                                                                            8008577b4c52cbdb4883d39192b6dbef37e006851cb0415c4752dae24b985783

                                                                                                            SHA512

                                                                                                            ea36bafecde55be1ffa649f4f873e2267f2a7633d9fbf9c43bc6ed1d7076761e167ca4944ddff9f26630f15266fb26237288dfeefcf2b1d6f59eabedff9c89f2

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
                                                                                                            Filesize

                                                                                                            33KB

                                                                                                            MD5

                                                                                                            c15d33a9508923be839d315a999ab9c7

                                                                                                            SHA1

                                                                                                            d17f6e786a1464e13d4ec8e842f4eb121b103842

                                                                                                            SHA256

                                                                                                            65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

                                                                                                            SHA512

                                                                                                            959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
                                                                                                            Filesize

                                                                                                            3KB

                                                                                                            MD5

                                                                                                            4130c1a70af92d757d53bd8abe4af547

                                                                                                            SHA1

                                                                                                            92dce410b5d93a4270e3c69c03f07be7e500cf11

                                                                                                            SHA256

                                                                                                            1df821dd4e5f7e6720d7328fe3fe439113dcee070ac4ee14c62f8da3c525f744

                                                                                                            SHA512

                                                                                                            ca36aad880cf31b4b8eb596e1da8903a2648945877fc98331db6347ee077d47ece5cdd762882d489e0161ab58eda90cd93ef0b905c66c1af7e4e3146005832a0

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                            Filesize

                                                                                                            5KB

                                                                                                            MD5

                                                                                                            4736196033bb19632d59395b9ab57231

                                                                                                            SHA1

                                                                                                            3ac4752ae4a40316c8bdb1944ac8f77419f774eb

                                                                                                            SHA256

                                                                                                            c448eb29781310191baf96ef46d5f3d4cfe174ad6f5eeb26cfa2ef8137214030

                                                                                                            SHA512

                                                                                                            386c56f23bbc1c622b4e085e5532d285a8fe66f957e4478770d161c33325f28c71e078a3c96137921763a49edbeecb7079913e653abbb462cc80cad225621419

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                            Filesize

                                                                                                            624B

                                                                                                            MD5

                                                                                                            dff464e51501d8d108f9eb22be213942

                                                                                                            SHA1

                                                                                                            64891cee3b445de4404bad6a44a00bb43af4e3ff

                                                                                                            SHA256

                                                                                                            84ede22333832255980cb53b2c25d21d4486e9be0db30bcf564dc78df2fd77a8

                                                                                                            SHA512

                                                                                                            470585b42d4447b54a1c2f01ae47d2b3bffdac876186e1472b994c938301a0ab0d55a7d5c6736f6f295b479c95ade81e86d3d824f955c59292d306d338e2be49

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                            Filesize

                                                                                                            3KB

                                                                                                            MD5

                                                                                                            725ff2d01c44807e1a202b1b9b5898cc

                                                                                                            SHA1

                                                                                                            e5975eee4560c4d21f7b8bdfbffaa2637d95f73a

                                                                                                            SHA256

                                                                                                            50ada94f36fba52b4a0f9fb12475cfdbbeb2b16319c72623ee8f32e75ce5e335

                                                                                                            SHA512

                                                                                                            f137142025f302edd7bd668c9328b4db22827b33341f05748e8849ff33a8b3abbf7b9fd8d92a240f36d134c0aa825eeb20e1414908bb9322e8094d01e0a735af

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                            Filesize

                                                                                                            5KB

                                                                                                            MD5

                                                                                                            9e20182ff3974f629ac67551854bcdc0

                                                                                                            SHA1

                                                                                                            9fad0e2c9523949b355db1f49c306773e83f5226

                                                                                                            SHA256

                                                                                                            1333b33248381309b32be7b8beb0053142b4dc7d774e8bc64c18c2da9e48e23d

                                                                                                            SHA512

                                                                                                            40eb6e9be3750c08049b319a8ed46529fd348d00321994373b8caf6fb73f6b48f1d239833a811316a9c1b025b3bd4aa96a7b07b24795f7e28a731ed8a91a7b54

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                            Filesize

                                                                                                            474B

                                                                                                            MD5

                                                                                                            d2f56366353567cdfbb09b0e84e57f53

                                                                                                            SHA1

                                                                                                            9431a3f542f2cac7aa72e1f01ddc6e3a151f8ca6

                                                                                                            SHA256

                                                                                                            7d26dc650c21175820baf624a1e237dd75b520de12c7fe5daf9f190b5f4ad991

                                                                                                            SHA512

                                                                                                            fe3aca3bd79ad4d7df4e248aa9b0c2b32daa68b94aaa51f318a60bf267c3ebb01d7c9f7a817ac31f85d2b132dc7ac7f5f283431e2d7cf6996cf2975a5595f2f6

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                            Filesize

                                                                                                            5KB

                                                                                                            MD5

                                                                                                            c662b521e3caafb3a08feb7bbb6186c7

                                                                                                            SHA1

                                                                                                            263d7a50e0ce91985ee80a62f8fdcbfada3d74f5

                                                                                                            SHA256

                                                                                                            a198e08095f897fb97035e717d8a7e0e49fe31257e84d62d651c5556c0053d2b

                                                                                                            SHA512

                                                                                                            f267e39fa518f14ef33d6609d84fb4591ab75c7e8090dc244dfebf71e758a88ab8caa27a854dd25c54f945580ad632a3f9806125f10ddafbf9b75e3422cc1ee6

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                            Filesize

                                                                                                            5KB

                                                                                                            MD5

                                                                                                            d9bdd8b44746f4544c510b0008fef020

                                                                                                            SHA1

                                                                                                            f86ce0fe0b4a47d37fc4300f4467402d47943446

                                                                                                            SHA256

                                                                                                            c2812d105457ff3118243efe8d176f755e339cd6a9bea438db802831c482c2ae

                                                                                                            SHA512

                                                                                                            ae8bb04f7dc260655a930f95ae3e2fc74502736ff05952b2bf48ab4980450e5938807c9d5699e7307421990ca01b8fc0ed297eb627e2179bc7dc19a920983d92

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                            Filesize

                                                                                                            6KB

                                                                                                            MD5

                                                                                                            2d0cc51dfab66b077de130342f46ee8a

                                                                                                            SHA1

                                                                                                            6bc7f5f72edf8fa108aa4a8cdaa38213012027e4

                                                                                                            SHA256

                                                                                                            e051db7a04f0d07f655713e77dba6916c5d315b2d6a43cfa55fc0897b0627639

                                                                                                            SHA512

                                                                                                            5fc1d3d152b6dfa6c31bcaa827aa6d6cb20ea3f8de5b74674de544e93315c5097a230b2141fd64106a23785a4235b6c19eef09d26f64b3ada8d2524f2e1ca486

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            6KB

                                                                                                            MD5

                                                                                                            798a79dd8e6b4c7fadd60354adc20a2a

                                                                                                            SHA1

                                                                                                            0213d2046116c4d668f707e3bbbb0333139775a6

                                                                                                            SHA256

                                                                                                            3cd7144f390d1d45c59f426705bffd8f0c0dd430647e372eaf43479e010cebd6

                                                                                                            SHA512

                                                                                                            9b3e94d3b6024e63e789a2c94584609759d5ffba9bf70585a7bdee57b9fccbceb6be192597dc5fd2bb3493e62f0436e5d96ac4a618116e6c8d016ae4ac9f615b

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            7KB

                                                                                                            MD5

                                                                                                            f959da9b9c3ea0d8b87a33ddafaea370

                                                                                                            SHA1

                                                                                                            29ae054fb56ab2c1534a2a3cb20a862c33b664a2

                                                                                                            SHA256

                                                                                                            70f09f89084aef1844814c4a4031ec826f1230587c517268c30cde2fd2f780c6

                                                                                                            SHA512

                                                                                                            0af7cfae31b3d9eceecf929fb5e42e0a7477c1a83d33e594e27877012966151da6d4b2865ea5b7c3d6d933c0ed2e69b4b3c24167f3cd07abafede87aecc930bc

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            MD5

                                                                                                            33d7497905b845f2f3ebd75a7517a331

                                                                                                            SHA1

                                                                                                            bce4c80ea98d99f0bd248d4e2d4689a3153ce371

                                                                                                            SHA256

                                                                                                            316da06a89d570f26df071b89200311dc0dc93e22656bce2229b111605b52fd0

                                                                                                            SHA512

                                                                                                            7d0416fd5e37a0300327e9f7b93403910ddb7e39f634203cc5aa4f7bc00a94013a934460ff4b129e27916cb3d87a91215f942cbad51f52d2e5df3959ffbafcb7

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            MD5

                                                                                                            54f9638a58661a5a9ee181e7ae02e2c9

                                                                                                            SHA1

                                                                                                            9c9e365545fd75a4c39600af6a8ec4fd239581f1

                                                                                                            SHA256

                                                                                                            54ff2b90359a59650363f9a06b55e0328eab3ffece657739b23ca78bdaaec73b

                                                                                                            SHA512

                                                                                                            960dc2806c8326a28e040db47924125c8d43e7f483134ebfb650cbc56e2659eae8feb8bfcbd68a8b3171eeb0a64e99812ef6b51faaeadac004f37636c32f79a9

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            9KB

                                                                                                            MD5

                                                                                                            88d63a63b4a3487e3e0e36e64c08af9c

                                                                                                            SHA1

                                                                                                            0266cdc15ca48e4095887372f4911a26e1d056f6

                                                                                                            SHA256

                                                                                                            ea2323a539982f1c4e1389b3b5bbf92002edb4eaeca613546945f432a9f79a02

                                                                                                            SHA512

                                                                                                            ac490f3dc6795faa74101af132c9f56ccf6c634f7c441d1d1d06910ad8452730ddba8203f73aaa79341932a414d7228a6d71ecf8e0829e653658b60a3c907f81

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            6KB

                                                                                                            MD5

                                                                                                            416cc153c43df68ef122455abd4916ea

                                                                                                            SHA1

                                                                                                            d270a7fe4c395bc8f206ea489b9046167c9d0c2a

                                                                                                            SHA256

                                                                                                            d82697ea560d1f221ab6e945649e8a0bfe4a5a7bf8cadb48f2cebc11ea20e8f9

                                                                                                            SHA512

                                                                                                            f4abe718b3662ff0b78455591d82a38a228b2de0181279ccce0a58c004d7a120109b120112f19f03d45e5c5f4e034cc4335b049dda2a5e310483656c37377378

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            9KB

                                                                                                            MD5

                                                                                                            2075cf5475f51c4cad1fd6fd153d512d

                                                                                                            SHA1

                                                                                                            9dee0a822b9909f7c0fcb83c601218a36c708d43

                                                                                                            SHA256

                                                                                                            aca6c1a0361592b27e2e4835a5ff4fad06155ee8345f9bb21bcdc67b6880b7a4

                                                                                                            SHA512

                                                                                                            1f40c1b3d53aa361dc07d216108e3135162b163d3e77450ebaca2d00fba28749d01d340b48d5fb045985059007736cb5840acb6d9afde50f3331119e632405bd

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            10KB

                                                                                                            MD5

                                                                                                            a252fe44f049c32bfc37f5e9e598c84a

                                                                                                            SHA1

                                                                                                            58af28aaf2191be2a734b72015ac8698ce3a62a7

                                                                                                            SHA256

                                                                                                            0241d11b1f8cc6f7c8d680449e97d638b4c0e7b5418162288e5cae7f6137eafe

                                                                                                            SHA512

                                                                                                            9d1ff9cfb532a10e73685ee9e120f74089c56392705971bdd30fe0ee2c576fac0870f8fa76c708022882c24260a2cea2458e869c20957dc5989087fb872e9bc5

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            9KB

                                                                                                            MD5

                                                                                                            5ad6737672cae0af9aacf0022c413516

                                                                                                            SHA1

                                                                                                            3c9db285f80eabb01c3f526b2148aa7ffe68595e

                                                                                                            SHA256

                                                                                                            b7ed24b5f4f9103d9ffb50719ef40997e08677b70b224f208e9f1d1b8a57a12a

                                                                                                            SHA512

                                                                                                            a2144bc3e6d257749663b2c6d50265ec90a82812abce0355da36c8d8df86314c3048e2b5b961bc90252d8ffaa753205826cb4d1f237e41cfa2a4539b97ff1540

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            10KB

                                                                                                            MD5

                                                                                                            8afcbe669cbd0bba9c77dd4c7eef9cbb

                                                                                                            SHA1

                                                                                                            765394aa88d3deaa7c260dd3b78bfb857674f5f3

                                                                                                            SHA256

                                                                                                            34ed70d570a27bb75bab3c0ec629e3ccdbbcb5c3c45ae252cd2926efc4900141

                                                                                                            SHA512

                                                                                                            df8de6875edb50c018b3de1ef66265e3530258a1d188ee2c51466d96071aac921bfe9a8757d952803a12c0d33d96de296df05f9f41b710f2da2f984f25260773

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            536B

                                                                                                            MD5

                                                                                                            eb79a5b0e9a0511967a9cdf995a91326

                                                                                                            SHA1

                                                                                                            ca0c5ec3b8218bbc9b6b04ae885137bba9693cc1

                                                                                                            SHA256

                                                                                                            58eea48ebaa3a1dc215a2620529544f9346c593bb4add32c810241ff471c4e30

                                                                                                            SHA512

                                                                                                            5576c99de320e024482f0b90fadc24ca4565ee5123e744437b67f56cd4ce132cfaa2aefa2b85f5fe2720358b1d6fe821a2c9df56c8297af92edf67b1b64dd9c8

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            e103c69ff8fc7a536a3e6c6e42093cae

                                                                                                            SHA1

                                                                                                            bb58d254447a28e3164044d420d1a00440394a90

                                                                                                            SHA256

                                                                                                            c96a466daaa366724ecf8d8c9ff6385ac0c790468e61f4457c027caf90f958ef

                                                                                                            SHA512

                                                                                                            8ffcef05fab28c062228c4e8f3bdddb721e6a27d4dec6bb58b6ffa5c31f6a247e42725f4d5a22a503a59792cbdc193b40ef2365106edf2fca72b50e458cb79b8

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            2f58dddc9fe504d6c502bbf9b7916734

                                                                                                            SHA1

                                                                                                            1bcd4a51059452c3f08e5dc4d66ec7e7550bc38e

                                                                                                            SHA256

                                                                                                            d23428ea7ce077e54533cde421296d6044e34225727d28832cd93a8f5d2df367

                                                                                                            SHA512

                                                                                                            dc6b215781a7ea75dba312be530cab5323429e69c03f33f644e07f8b5da67136d37940a21a6b8e25cdc664458bd93c4875a81c27f0ab8db501e25b7a8b2849df

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            2KB

                                                                                                            MD5

                                                                                                            1d080b40cb9ba65d97e9a8670e32d434

                                                                                                            SHA1

                                                                                                            9098b61802c1cd8af18ce7959284df5002d89131

                                                                                                            SHA256

                                                                                                            0033c593c9aaeea47fb3da389aabae3e98b74a18c79951a1033f43f9d030d566

                                                                                                            SHA512

                                                                                                            e7080cf0ee1db304e7af46d10b939be80066b81408ce9f9c26aff3e693d1052d6255bd8caa92df209c62374f233d07adc2a2fbbd4059ba1bee276b08dd3f7dd6

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            3KB

                                                                                                            MD5

                                                                                                            e1c893cc05f13ef4e3043659be06e3f4

                                                                                                            SHA1

                                                                                                            be30771925295f3a5fc76ecf529765e4c2d219fc

                                                                                                            SHA256

                                                                                                            04e57f80ee7dfbcfb5fe795684d2ed4d1d1e7da86322b9abec65b7c3382fcc2a

                                                                                                            SHA512

                                                                                                            cf82570c0b6add1e19f98d8f6b35b1b78e5c9a3fc3419a1c0b38347c688328961f75dbac6fa1051d01a6392842fdb630924ba0beb6d856415aaeaf7b4974256c

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            536B

                                                                                                            MD5

                                                                                                            b1192678a698ec2e5605edbb098ade0a

                                                                                                            SHA1

                                                                                                            7ce16bc82a81bd207c5b2a0bab6910eda2d64f55

                                                                                                            SHA256

                                                                                                            22b5fc4579b927fb825fdfd2ba5e51c12a886ac0ca149504c3b42ec7e1a58e65

                                                                                                            SHA512

                                                                                                            07362dc424a50dff10b2e330ae835678a99179e16db57e1f1934769f4a2130258c9d0e6e7eeaa44b25e41f68e250a3c85633b53a366505b69264ca6c12c62b66

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            870b2f6b770782258b6e1a290674f70e

                                                                                                            SHA1

                                                                                                            540c283a5be6faac23eee07a59f5630b365c5cc5

                                                                                                            SHA256

                                                                                                            0e2b06fa3303be86ebea09514a07e28a71f540a65f668905285b3ce27fd4184b

                                                                                                            SHA512

                                                                                                            a95e4586bcd775ee959b59a0fa8d522a46215c94e24996707ebc48cfe96b56ee5c35c8f3b45d868d56faccdd01befe5711460681cbb9d5f5dc04c61857c91061

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            93eccbb2f4ca9913a9ce8eb2206e7e95

                                                                                                            SHA1

                                                                                                            7867ad18b355fbfee1d325f99e7a5ad8965592e4

                                                                                                            SHA256

                                                                                                            b12cb92abc8a1c15bf210cb1b785f6498774eb15325711cc6bb282e363c272cd

                                                                                                            SHA512

                                                                                                            85a0e570e312f80e994361ceb86db0f84bd053af6413b6148cbd3a2055a69b125e8f14ae4a212aa46dd05f1426894e8606575a5dcec39d1390b7884c1ab91cc8

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            3KB

                                                                                                            MD5

                                                                                                            c20fadac0b3db6bfc5ad437dd47acf78

                                                                                                            SHA1

                                                                                                            9d032a07447901aa614adbe26945e9207fd2a423

                                                                                                            SHA256

                                                                                                            f9d86bffab67c68b6b9ed642351c21e18b007609a77f5a8864fd0b803e80d829

                                                                                                            SHA512

                                                                                                            5853cf9d706acad16821b14222b98f14cd100ff15d84482534206733268ccbc453578511d64445ff2959a9c56a9bad25c4fdc856ab08736dc9bc946799dfd2e0

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                            Filesize

                                                                                                            2KB

                                                                                                            MD5

                                                                                                            f43f236642eea33883e7b37f483a6ba0

                                                                                                            SHA1

                                                                                                            b77f2155864db0cfaa993ca4855b319d3a1d7a63

                                                                                                            SHA256

                                                                                                            16c479fe0e8df6646a861a9758acc24ccc9a004befc4ac637a364e3e0a331681

                                                                                                            SHA512

                                                                                                            4f13f8d91551418f63bdd6f02475b6f84fb277d5467bb3029b472aaed7275f44c3b30da0f0886f4b5c1146d1f291f80bbde65c27abcc7ee3c241fee1b1f9d6da

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                            Filesize

                                                                                                            16B

                                                                                                            MD5

                                                                                                            206702161f94c5cd39fadd03f4014d98

                                                                                                            SHA1

                                                                                                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                            SHA256

                                                                                                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                            SHA512

                                                                                                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                            Filesize

                                                                                                            16B

                                                                                                            MD5

                                                                                                            46295cac801e5d4857d09837238a6394

                                                                                                            SHA1

                                                                                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                            SHA256

                                                                                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                            SHA512

                                                                                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                            Filesize

                                                                                                            11KB

                                                                                                            MD5

                                                                                                            7225ea3338a1c99d7f143a7116059282

                                                                                                            SHA1

                                                                                                            12e61ff735882571f954257d75f0708f514e8896

                                                                                                            SHA256

                                                                                                            de61bccdcd6db0cc826e92bb7c0f7ecda333262b629a239ea76b4e37f5ead026

                                                                                                            SHA512

                                                                                                            f2b3a3411fc51c0bceb6dd4cb802e0baeed546f7d4c41390e1f11f0ca796a4787bd3b80ed1f749b4893b43a9648fdbdd12449c0d12acb272b262ebef98a79c2a

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                            Filesize

                                                                                                            12KB

                                                                                                            MD5

                                                                                                            a614f06d3dee48ac238184cc43f492f7

                                                                                                            SHA1

                                                                                                            73c9c82eb2e850ba687cff1412ce9151e8a6cd63

                                                                                                            SHA256

                                                                                                            6b2eba81c3d49015785d2ce018a85b0b7dcbfacdca617424031c5f1208c029a1

                                                                                                            SHA512

                                                                                                            309dad1b9d33ebfa06f79de9a7c2baa78ef192a14a7f8e829f7295c5e04d44a479d3f9f90ed631e513f1c5cae1bb1d0d44731db9ce9d9728436f911a43586776

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                            Filesize

                                                                                                            12KB

                                                                                                            MD5

                                                                                                            4aee6e741ac1fcaa222cb7dccad3a672

                                                                                                            SHA1

                                                                                                            eb4dda45ee81e54534385387ae51c8e7e207cfde

                                                                                                            SHA256

                                                                                                            f6e4ccaeb29c2e70212413204cac1ef0ac45e85248258212bde80107f10308fa

                                                                                                            SHA512

                                                                                                            95672e501335610b7d58b0860ff544a78a0ebaf5aaced223cc9f4baec228efb9f028843f913c829bf66403e0595477a5b3d400e03149043badd3de382c3f3063

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                            Filesize

                                                                                                            12KB

                                                                                                            MD5

                                                                                                            318c124188a5536b0f09e5ba04f41398

                                                                                                            SHA1

                                                                                                            3b10e852ca4ab2eeb72e94beb805c17c14a0ab41

                                                                                                            SHA256

                                                                                                            806cf38335171adafc2b47719a715b30dfe8098585c97109360dd111dc0a1684

                                                                                                            SHA512

                                                                                                            04a1f4c859688c113cc99fe2958f2bf43748d35746fac680af6220bfe0b32d4218a9463880d213d7d97ad80fb3a7b9769a43cd0772f382aacebf9875b5357b14

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                            Filesize

                                                                                                            12KB

                                                                                                            MD5

                                                                                                            390d5c2b55610cfc4e77ac18e94cc269

                                                                                                            SHA1

                                                                                                            482b1dff6607cc6a91314b7e3a100ccf5349d50c

                                                                                                            SHA256

                                                                                                            8310ec75fd2575bcb855208bd6c3de1847f242cd986144f824dbb116f6273301

                                                                                                            SHA512

                                                                                                            98d33a8d6178373f1b0f547c21e179ea50f271b8fdb6f7bb44ea6d06b1b26add6c5be8e7d099e79a2bfa766753a2fa346f9ae3261a40324f31cdcece2de80b27

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                                                            Filesize

                                                                                                            264KB

                                                                                                            MD5

                                                                                                            ad01f85a1c6988ccf1da4ce4de5ed711

                                                                                                            SHA1

                                                                                                            19ecce8bb3ed5ef89663fddf3b5ad0421b28e50a

                                                                                                            SHA256

                                                                                                            0a81462bdfcbe688a5b9ab47839bd0ecbbb396a59787e3393fad4fcdcc804dc7

                                                                                                            SHA512

                                                                                                            0d8f7be2c31ed1f0613f63dc23eb548f5e496f0347d168d3f8c841136353441fae7b6daaaf6a871a564eae0f225de145cade5746c3fb91c2c5cda7666b36e389

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\nsbD22C.tmp\System.dll
                                                                                                            Filesize

                                                                                                            12KB

                                                                                                            MD5

                                                                                                            cff85c549d536f651d4fb8387f1976f2

                                                                                                            SHA1

                                                                                                            d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

                                                                                                            SHA256

                                                                                                            8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

                                                                                                            SHA512

                                                                                                            531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\nsbD22C.tmp\inetc.dll
                                                                                                            Filesize

                                                                                                            38KB

                                                                                                            MD5

                                                                                                            a35cdc9cf1d17216c0ab8c5282488ead

                                                                                                            SHA1

                                                                                                            ed8e8091a924343ad8791d85e2733c14839f0d36

                                                                                                            SHA256

                                                                                                            a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

                                                                                                            SHA512

                                                                                                            0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\nsbD22C.tmp\nsDialogs.dll
                                                                                                            Filesize

                                                                                                            9KB

                                                                                                            MD5

                                                                                                            6c3f8c94d0727894d706940a8a980543

                                                                                                            SHA1

                                                                                                            0d1bcad901be377f38d579aafc0c41c0ef8dcefd

                                                                                                            SHA256

                                                                                                            56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

                                                                                                            SHA512

                                                                                                            2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\nsbD22C.tmp\nsJSON.dll
                                                                                                            Filesize

                                                                                                            23KB

                                                                                                            MD5

                                                                                                            f4d89d9a2a3e2f164aea3e93864905c9

                                                                                                            SHA1

                                                                                                            4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

                                                                                                            SHA256

                                                                                                            64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

                                                                                                            SHA512

                                                                                                            dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\nscD18C.tmp\Math.dll
                                                                                                            Filesize

                                                                                                            67KB

                                                                                                            MD5

                                                                                                            85428cf1f140e5023f4c9d179b704702

                                                                                                            SHA1

                                                                                                            1b51213ddbaedfffb7e7f098f172f1d4e5c9efba

                                                                                                            SHA256

                                                                                                            8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a

                                                                                                            SHA512

                                                                                                            dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\0160e2af-f36a-4863-8afc-053bbd4a2e93.tmp
                                                                                                            Filesize

                                                                                                            148KB

                                                                                                            MD5

                                                                                                            728fe78292f104659fea5fc90570cc75

                                                                                                            SHA1

                                                                                                            11b623f76f31ec773b79cdb74869acb08c4052cb

                                                                                                            SHA256

                                                                                                            d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

                                                                                                            SHA512

                                                                                                            91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\data_2
                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            MD5

                                                                                                            0962291d6d367570bee5454721c17e11

                                                                                                            SHA1

                                                                                                            59d10a893ef321a706a9255176761366115bedcb

                                                                                                            SHA256

                                                                                                            ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                                                                            SHA512

                                                                                                            f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\data_3
                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            MD5

                                                                                                            41876349cb12d6db992f1309f22df3f0

                                                                                                            SHA1

                                                                                                            5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                                                                            SHA256

                                                                                                            e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                                                                            SHA512

                                                                                                            e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                            Filesize

                                                                                                            72B

                                                                                                            MD5

                                                                                                            830591676a07ed1a980b645b17700db4

                                                                                                            SHA1

                                                                                                            1eec300c60b8485dd9905d2d4bb907b29029538f

                                                                                                            SHA256

                                                                                                            17c0f5fee2c780600c1316a3567685e437804f4ef82da1c70ebff490c16fe3eb

                                                                                                            SHA512

                                                                                                            cb95770cd9116ebc1844ba30b2899676ae89bb4832622d7da4829e5fdd6d1d4ca283bf1c51d183881469545d39fa3aaf033571cc79572760180f3c1b89c02797

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5be711.TMP
                                                                                                            Filesize

                                                                                                            48B

                                                                                                            MD5

                                                                                                            70642db4e6347d7c6b8356bbe66c4ed5

                                                                                                            SHA1

                                                                                                            a32af75023c08f1c19c48428ef054c008ea12a71

                                                                                                            SHA256

                                                                                                            a314494235789b0509a830b1b41e84d29beea70a08b73964dbfe674dd6d4a5d2

                                                                                                            SHA512

                                                                                                            a6bca4913b550b042cd9da0d96913b9b17da8e94d80b26b49ddf8b1d2b35071aeaf9bc1719abd536818f0648f274b2c7f366ad46c955f279f1676e10a25cd4e2

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Local Storage\leveldb\MANIFEST-000001
                                                                                                            Filesize

                                                                                                            41B

                                                                                                            MD5

                                                                                                            5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                            SHA1

                                                                                                            d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                            SHA256

                                                                                                            f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                            SHA512

                                                                                                            de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            57901ab12edf296491a9d67d8ff2004d

                                                                                                            SHA1

                                                                                                            22076141fb61a37399b04c51d1ae2a0b6dbd129d

                                                                                                            SHA256

                                                                                                            e1abe19d2afff9b4104bf3d3d04355450cc2cdf7a06826445568c6621250e523

                                                                                                            SHA512

                                                                                                            bc9182b2712d7d9900abd0a96f8d610d4e86060ab8aff8171c2f25e15b46acd64e4d4a98292cf89da49e092951cdda5c9cce9ad0d8746ca13c7dda260453fc19

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            d70afc7c116604ebc2a70a814effa445

                                                                                                            SHA1

                                                                                                            0b9679cf08e5f8902c8417d4d066965ffd56daaf

                                                                                                            SHA256

                                                                                                            529143ffa1cb3d86ae361f612c5768e2938b4dbb4508aa2bba7a714f48349661

                                                                                                            SHA512

                                                                                                            7b687b60b26a552a86d8490fbc45698ac0d8979812cccbf53d4aa2d8d32bde71fcecf4bfe5ff119e0c65a71426b923ecbf0ed16cf6431fae99f3201ec4426b50

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            aee480557855bf1331ebf001d95ae05b

                                                                                                            SHA1

                                                                                                            b8aca46ed1714fba275a9048fa4baa79fd1af13f

                                                                                                            SHA256

                                                                                                            90027188a88ad8f2f8fa8b67a2dae835435e14980dde905667ecaa05be62b35f

                                                                                                            SHA512

                                                                                                            5c10634a8c4489a28f3c16e03f42aa333a5ac3744270023cd6034124c9b503cbdd2267a12526b854b8ee614529fe4ea086a7c8d20cd20d771d4b5ecef24abd39

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State
                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            b4c37d7860cc9250166a4ce04921669f

                                                                                                            SHA1

                                                                                                            a6e8daa616fb1ba834ddaf17033fb84824066522

                                                                                                            SHA256

                                                                                                            d8ed192a34987ff145b345072bb1d0d3012d39320f97a00ae9bda64787d2b4bd

                                                                                                            SHA512

                                                                                                            4902c968f5d8275f589bec66b68ed7f9e4b9f0b0b062d841cc0335b39c0a9dedc1ea5371c89f5fee1df168738aa42aad8a9fff09afe0db503e27b2f253f9354d

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State~RFe5c9a82.TMP
                                                                                                            Filesize

                                                                                                            59B

                                                                                                            MD5

                                                                                                            2800881c775077e1c4b6e06bf4676de4

                                                                                                            SHA1

                                                                                                            2873631068c8b3b9495638c865915be822442c8b

                                                                                                            SHA256

                                                                                                            226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                                                                            SHA512

                                                                                                            e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity
                                                                                                            Filesize

                                                                                                            690B

                                                                                                            MD5

                                                                                                            231433f856987183f7572a4f30ee3c35

                                                                                                            SHA1

                                                                                                            f1f3077de59bff2696336255d8b6678df272c1c7

                                                                                                            SHA256

                                                                                                            72c6455c5952df908a0c370e6b97c105467e76afe8b385b6665a691abb9ca875

                                                                                                            SHA512

                                                                                                            a5d6f8a985c74068d006f27d6e6034120f68a1810e1c0aac0b553cf94057e9e814a8dc54d1a33af6ac8178462940289b87db9c1ddf6d8b109c464bdb5a5c3169

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity
                                                                                                            Filesize

                                                                                                            690B

                                                                                                            MD5

                                                                                                            4eb9193c429e1a495161c5cbe4cd4a75

                                                                                                            SHA1

                                                                                                            00ae9ee3293ed0653f415acc17658bbd725eeef9

                                                                                                            SHA256

                                                                                                            d58275a684cff255472bcccfc660f87a32098d74bea236b4e744f3eb2d5bce61

                                                                                                            SHA512

                                                                                                            f62349325ef783a2ef371c9ea04eb7d23d63f340dc8163555cdaa6a6e1dc459c91deea763be46ffca672f4ef370d87e17815e7d0c8fa2ce46c4e49b4f5cb555f

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity
                                                                                                            Filesize

                                                                                                            690B

                                                                                                            MD5

                                                                                                            26ffe7120da585e1cc6f8472d6fb2a41

                                                                                                            SHA1

                                                                                                            1f0f20fc05bae1352a8b585556dc79cdaba2b9dd

                                                                                                            SHA256

                                                                                                            3f3980cef9b0bc23411821fb5016f707f3be8ac50e33283824831f48fca5d66d

                                                                                                            SHA512

                                                                                                            c8602647029f3ac588e989e0bfb192fa0b43e3eb288a35bb4cde90136939fc30a728dbf0dcf1b694ab6b13f37ef1037c4d0872ac095814435d438adf6c06e0a0

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity
                                                                                                            Filesize

                                                                                                            690B

                                                                                                            MD5

                                                                                                            831190a4dbbca0ed3d3fdb034888d513

                                                                                                            SHA1

                                                                                                            807c46b69e7860f51cc7fc390dbdb3c08cb9f9c0

                                                                                                            SHA256

                                                                                                            e52efa4075f1e23e59323b7bad358d3140ceac382d2b38c3f22d745ce666ed79

                                                                                                            SHA512

                                                                                                            a6c243648273ef7df00078300c6d2606f5e28657cb88ad7528b37eee770dd6b5425a81e4618563a1f5c5023dc20febcc2bd9514633126f3a1f7eac466c0cab5b

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity
                                                                                                            Filesize

                                                                                                            690B

                                                                                                            MD5

                                                                                                            3519225f196d824ec51b6e5cb5f8e98f

                                                                                                            SHA1

                                                                                                            4917a0f74f00a6d4bdce6397df34bbfe479c2259

                                                                                                            SHA256

                                                                                                            4082642e8a4fa50d421e26817db8122e7f4d5cd5083873d00b9c1fab30ee0324

                                                                                                            SHA512

                                                                                                            9e2c324b00d22728d32658d7f2c102e984156563a397dfe9e09a704b50b939572a3421b52848f2aebc3fc4c76f591984213035b334e648f35717e876ae81d6b6

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe5bf53a.TMP
                                                                                                            Filesize

                                                                                                            523B

                                                                                                            MD5

                                                                                                            8cde287b575c992b9c9b4c3a4ebc8495

                                                                                                            SHA1

                                                                                                            5dfd5ffb4166d7f9aa6b0e2e4f896605bc4d5f5c

                                                                                                            SHA256

                                                                                                            1acc8410df6961b8f79f0de459a44acb3fa74636a53628c2665a6426ceb10f66

                                                                                                            SHA512

                                                                                                            dfec6b2e40ed5f3ef32cb87427a69d1b91b2d28b4d646a7d2b3ea75e62abcfdb12f705abe1459106f965c4105c23567a3afb2ebff8f6e341f7522f532894419b

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            3KB

                                                                                                            MD5

                                                                                                            437b7ce581e3eb5d47bbffb5dd4d5874

                                                                                                            SHA1

                                                                                                            eb8e04db27b8f106101bf6f3ce5c1a78b76f0ac8

                                                                                                            SHA256

                                                                                                            0217d25b42bb9535e34c841a91045eecd7b21035ac5436ed3e7b0823e97e2dc9

                                                                                                            SHA512

                                                                                                            35ad7124c14e4f3c4ba2407e5ba2f0ffc71bebb1fbd53817a3c1698b0c9eda2409a334a10183b321fde4b589598b20a6954217beafad7b15023acb06115d44a0

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            MD5

                                                                                                            fd6446663e1065c0fe388af3e935585e

                                                                                                            SHA1

                                                                                                            8dff8610959055584c0ebc68610a78069b8c6305

                                                                                                            SHA256

                                                                                                            864d3d51432fcf60ea3ab10e8daab6e36be8b4ba74265ec4f6f5c3b23cf74600

                                                                                                            SHA512

                                                                                                            955fd4e2ddbea8a252c5746b139cebd77a7b83b2da99a0eb5b6d224fd9307f97834387b0823e9506f88b1fde7489fcffc590a4d749d8258f9982d873bec104cf

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences
                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            MD5

                                                                                                            c2c1b5a2df75bed8d41ff00a5d3cd738

                                                                                                            SHA1

                                                                                                            07543553eb939c9e7754df1cadc1e33828426a6b

                                                                                                            SHA256

                                                                                                            b2d80baff8bde0d1395f96354d851e6e41c26d0914816f632f6afdb577e13405

                                                                                                            SHA512

                                                                                                            2b2de841acfde4785b1bd96e5a0492d6f33f1aaaae304d5bc2e1c86ab941dbab4234b336b94b5307d12599f9dfbf078fb634846bb458d731468377e579b09d74

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe5bd907.TMP
                                                                                                            Filesize

                                                                                                            3KB

                                                                                                            MD5

                                                                                                            d8acf8116a85b7537b457ba9b94af1c2

                                                                                                            SHA1

                                                                                                            a5e049522dcf90fe53e132715571f949d49a9cb3

                                                                                                            SHA256

                                                                                                            76c8f5da27b268f091335d20d0dba3b34bfe8f8c519d7d8a8a25fe848fe2a463

                                                                                                            SHA512

                                                                                                            560e62c9caffdcbbf30ca1513a1f943ca9a393f11875e22110a6f606d0509dd3f78be05e7eb3f0494ba29237840aba6d41f6be81b6c4f71a92439400843b6f9e

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5
                                                                                                            Filesize

                                                                                                            16B

                                                                                                            MD5

                                                                                                            d5e6121f86812cc7ae58efc4f9ceacbb

                                                                                                            SHA1

                                                                                                            3dfb06418220ed62ab46b473bc4ab269ff4f7e33

                                                                                                            SHA256

                                                                                                            05f173bbb3d564e2da3d496c4298b69c3506771a30238eb5285f1cd9df00e3c0

                                                                                                            SHA512

                                                                                                            88c5c1b06ddcac46d53e1cad013fec4fb789f97589f294a076be3cc7ac1c10ed9ea0a1c3a11f9f9499efe01420917ca14348be74dc2cd1c8cdb4313783123740

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State
                                                                                                            Filesize

                                                                                                            3KB

                                                                                                            MD5

                                                                                                            ff7658eb1809c73a39fad5fe5eba6c54

                                                                                                            SHA1

                                                                                                            60abcaf15da1b5741beeb4cb344628c9648f7ba8

                                                                                                            SHA256

                                                                                                            6b19ab65614b30197309ea89ec8d1083a907e392caf6c07b7a42e97a5d4c951c

                                                                                                            SHA512

                                                                                                            3eaa86ae8e122a7da0d0156b7f9409ffb0aaf3982fcb22c428a2b3b4821c5da3a5804a154559d49c1610121995617f583afa2c3f992db47a96e5f7348f97363b

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State~RFe5ba082.TMP
                                                                                                            Filesize

                                                                                                            916B

                                                                                                            MD5

                                                                                                            17d097362bb2a0c2d34665ac0b6fa781

                                                                                                            SHA1

                                                                                                            6a760b19968aeaf7efe0934ebe68d68e69aeb8f9

                                                                                                            SHA256

                                                                                                            79dc6f42f2704ac443a1171fab8ccb6f7a2a53d49a0a960ccd2e91e709956f2a

                                                                                                            SHA512

                                                                                                            cb8c16dc8c54ae00c83bfc661faf441c9a7f5ea825d3a9dfd25b7e473000962d0d168a5c23c20daddd02aa567c99ef6b789f14b4ba37c4dff700229bfc8c9d86

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                            Filesize

                                                                                                            10KB

                                                                                                            MD5

                                                                                                            df33504ff9ee92ea30bc09ff2e83b8a9

                                                                                                            SHA1

                                                                                                            769364650e7390cb28de896270ab9f6f1a12b65b

                                                                                                            SHA256

                                                                                                            9bbb36719381122d4ba287a5aced2fa8f671d0521225daf3e6a77fbc8d2187f5

                                                                                                            SHA512

                                                                                                            6d3266cb333a93c3bbf4ac2d5c8f1683525efeb5a8161257ec30d9c5facddeba655e8026eed7aedd1f28298703926cd53ed1486c8d6604aa8bf0e5524706d076

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                            Filesize

                                                                                                            10KB

                                                                                                            MD5

                                                                                                            f108ec4bf587bef7632acadfbfaa52ac

                                                                                                            SHA1

                                                                                                            eb6c3ba77ea32141d781aebe79bc4da4fc70a9be

                                                                                                            SHA256

                                                                                                            f2a25c23dca8a7d03079ceb77cf6a8cc8f3ef34f2ad76dd90ea5123801276771

                                                                                                            SHA512

                                                                                                            8fd0bc8b56a1e8d4a5cbdafbfcaca441dffb7b32f72391d6dc11604de0acda60fc06733c6290cff535290ca105927a77ac3ab2efd797c3c87b43164b978b520c

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
                                                                                                            Filesize

                                                                                                            4.2MB

                                                                                                            MD5

                                                                                                            4afa9c2ea6fa6a541e35d242920af6c8

                                                                                                            SHA1

                                                                                                            39456a1ff8908cceab93310b00790a2aa43ff9c3

                                                                                                            SHA256

                                                                                                            0a643a9336039f3ce8d3044b23ecb97a467293401401044d807ab2f719efdc46

                                                                                                            SHA512

                                                                                                            2b43c308e1cf6104d29a86e53e99485a02849c9ede33c1a24931260c18ba9c5fdbe8541094cf823af536397bc4b941dd1f29dc6cb01df62544bb762357230d9d

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\@[email protected]
                                                                                                            Filesize

                                                                                                            933B

                                                                                                            MD5

                                                                                                            7a2726bb6e6a79fb1d092b7f2b688af0

                                                                                                            SHA1

                                                                                                            b3effadce8b76aee8cd6ce2eccbb8701797468a2

                                                                                                            SHA256

                                                                                                            840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5

                                                                                                            SHA512

                                                                                                            4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\@[email protected]
                                                                                                            Filesize

                                                                                                            240KB

                                                                                                            MD5

                                                                                                            7bf2b57f2a205768755c07f238fb32cc

                                                                                                            SHA1

                                                                                                            45356a9dd616ed7161a3b9192e2f318d0ab5ad10

                                                                                                            SHA256

                                                                                                            b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

                                                                                                            SHA512

                                                                                                            91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Sin confirmar 130679.crdownload
                                                                                                            Filesize

                                                                                                            3.4MB

                                                                                                            MD5

                                                                                                            84c82835a5d21bbcf75a61706d8ab549

                                                                                                            SHA1

                                                                                                            5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

                                                                                                            SHA256

                                                                                                            ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

                                                                                                            SHA512

                                                                                                            90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\Sin confirmar 881821.crdownload
                                                                                                            Filesize

                                                                                                            176KB

                                                                                                            MD5

                                                                                                            f559aa92c9ad8db9da79ce6fdae11c36

                                                                                                            SHA1

                                                                                                            578f75c39faab60111d438128fc5d7b23b8b3312

                                                                                                            SHA256

                                                                                                            f637388a62c79489e9dd20f2ca300ef1ed8edcb797f3b51d9e62a53ca8929771

                                                                                                            SHA512

                                                                                                            b0e76290a469166a89e20b8b9b47d38b1b8650c7ce051f5b3eb49cd7190162a5e5ccf149b6761b94eb94adf4da7791fb99b3a3cc0afd459568590954353606ac

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\TaskData\Tor\tor.exe
                                                                                                            Filesize

                                                                                                            3.0MB

                                                                                                            MD5

                                                                                                            fe7eb54691ad6e6af77f8a9a0b6de26d

                                                                                                            SHA1

                                                                                                            53912d33bec3375153b7e4e68b78d66dab62671a

                                                                                                            SHA256

                                                                                                            e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

                                                                                                            SHA512

                                                                                                            8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\b.wnry
                                                                                                            Filesize

                                                                                                            192KB

                                                                                                            MD5

                                                                                                            5e3047cc8d5dfb9fe96d5e6d379dd05b

                                                                                                            SHA1

                                                                                                            6ab5533c2952968e20b5c3f4f62051976ed22bd3

                                                                                                            SHA256

                                                                                                            52dea631c1f41e4fda392d866e78b204179f8d4c5054b0e972ffa4b6d6cce619

                                                                                                            SHA512

                                                                                                            62abff5e6f4fa4076da4fe69fa78bf242b9ffd317bb2a61ae07f187f05520251f2ab9e7a14f8ba8504ae45700f8c9ee0a6ccc055061a33a3285d6ae8d44659e4

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\c.wnry
                                                                                                            Filesize

                                                                                                            780B

                                                                                                            MD5

                                                                                                            8124a611153cd3aceb85a7ac58eaa25d

                                                                                                            SHA1

                                                                                                            c1d5cd8774261d810dca9b6a8e478d01cd4995d6

                                                                                                            SHA256

                                                                                                            0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e

                                                                                                            SHA512

                                                                                                            b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\msg\m_chinese (simplified).wnry
                                                                                                            Filesize

                                                                                                            53KB

                                                                                                            MD5

                                                                                                            0252d45ca21c8e43c9742285c48e91ad

                                                                                                            SHA1

                                                                                                            5c14551d2736eef3a1c1970cc492206e531703c1

                                                                                                            SHA256

                                                                                                            845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

                                                                                                            SHA512

                                                                                                            1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\msg\m_chinese (traditional).wnry
                                                                                                            Filesize

                                                                                                            77KB

                                                                                                            MD5

                                                                                                            2efc3690d67cd073a9406a25005f7cea

                                                                                                            SHA1

                                                                                                            52c07f98870eabace6ec370b7eb562751e8067e9

                                                                                                            SHA256

                                                                                                            5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

                                                                                                            SHA512

                                                                                                            0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\msg\m_czech.wnry
                                                                                                            Filesize

                                                                                                            39KB

                                                                                                            MD5

                                                                                                            537efeecdfa94cc421e58fd82a58ba9e

                                                                                                            SHA1

                                                                                                            3609456e16bc16ba447979f3aa69221290ec17d0

                                                                                                            SHA256

                                                                                                            5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

                                                                                                            SHA512

                                                                                                            e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\msg\m_english.wnry
                                                                                                            Filesize

                                                                                                            36KB

                                                                                                            MD5

                                                                                                            fe68c2dc0d2419b38f44d83f2fcf232e

                                                                                                            SHA1

                                                                                                            6c6e49949957215aa2f3dfb72207d249adf36283

                                                                                                            SHA256

                                                                                                            26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

                                                                                                            SHA512

                                                                                                            941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\msg\m_indonesian.wnry
                                                                                                            Filesize

                                                                                                            36KB

                                                                                                            MD5

                                                                                                            3788f91c694dfc48e12417ce93356b0f

                                                                                                            SHA1

                                                                                                            eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

                                                                                                            SHA256

                                                                                                            23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

                                                                                                            SHA512

                                                                                                            b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\msg\m_japanese.wnry
                                                                                                            Filesize

                                                                                                            79KB

                                                                                                            MD5

                                                                                                            b77e1221f7ecd0b5d696cb66cda1609e

                                                                                                            SHA1

                                                                                                            51eb7a254a33d05edf188ded653005dc82de8a46

                                                                                                            SHA256

                                                                                                            7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

                                                                                                            SHA512

                                                                                                            f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\r.wnry
                                                                                                            Filesize

                                                                                                            864B

                                                                                                            MD5

                                                                                                            3e0020fc529b1c2a061016dd2469ba96

                                                                                                            SHA1

                                                                                                            c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade

                                                                                                            SHA256

                                                                                                            402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c

                                                                                                            SHA512

                                                                                                            5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\s.wnry
                                                                                                            Filesize

                                                                                                            2.9MB

                                                                                                            MD5

                                                                                                            ad4c9de7c8c40813f200ba1c2fa33083

                                                                                                            SHA1

                                                                                                            d1af27518d455d432b62d73c6a1497d032f6120e

                                                                                                            SHA256

                                                                                                            e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b

                                                                                                            SHA512

                                                                                                            115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\t.wnry
                                                                                                            Filesize

                                                                                                            64KB

                                                                                                            MD5

                                                                                                            5dcaac857e695a65f5c3ef1441a73a8f

                                                                                                            SHA1

                                                                                                            7b10aaeee05e7a1efb43d9f837e9356ad55c07dd

                                                                                                            SHA256

                                                                                                            97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6

                                                                                                            SHA512

                                                                                                            06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\taskdl.exe
                                                                                                            Filesize

                                                                                                            20KB

                                                                                                            MD5

                                                                                                            4fef5e34143e646dbf9907c4374276f5

                                                                                                            SHA1

                                                                                                            47a9ad4125b6bd7c55e4e7da251e23f089407b8f

                                                                                                            SHA256

                                                                                                            4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79

                                                                                                            SHA512

                                                                                                            4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\Downloads\taskse.exe
                                                                                                            Filesize

                                                                                                            20KB

                                                                                                            MD5

                                                                                                            8495400f199ac77853c53b5a3f278f3e

                                                                                                            SHA1

                                                                                                            be5d6279874da315e3080b06083757aad9b32c23

                                                                                                            SHA256

                                                                                                            2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d

                                                                                                            SHA512

                                                                                                            0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\StrPIC\Temp\nss5518.tmp
                                                                                                            Filesize

                                                                                                            2.9MB

                                                                                                            MD5

                                                                                                            e2e9e8c6e6bd2dc3cb16d27fbf3b4610

                                                                                                            SHA1

                                                                                                            0ded5fc9530a1515afafae57979bc0fc66b1cf49

                                                                                                            SHA256

                                                                                                            0ab6980002b3b64d734e0d68851742b8baad15e9cb6180179fd69cbbaa218786

                                                                                                            SHA512

                                                                                                            21053abec68911df990746e64a70cc198aff38c75fdb4005890bd64bcc90bc48da29144e4012f0b7e512c957bbc22a9f00873686d6e22c89b9f96e7d59b04063

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\StrPIC\Temp\nss5518.tmp
                                                                                                            Filesize

                                                                                                            2.8MB

                                                                                                            MD5

                                                                                                            a73f706b1dc7ca443603db6f993c6497

                                                                                                            SHA1

                                                                                                            fea43e02f57936ed46db4dc92b64174a8346ee4c

                                                                                                            SHA256

                                                                                                            6a883a6c925fa3c4de7c2a3297485724d948a11ce7a13580a89abfc2f227aadd

                                                                                                            SHA512

                                                                                                            5c9b5d79f68f39cdd4c445378861719323a7fd4bd54ae51966d8d73dcbb2efcc308543b12c5cfd6b501ad3d9fe92551fee490a6340053d3b10bf549b997aa10c

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\StrPIC\Temp\nss5518.tmp
                                                                                                            Filesize

                                                                                                            2.4MB

                                                                                                            MD5

                                                                                                            be7e4b1aa9794d7bc7fe6fcbcba8e911

                                                                                                            SHA1

                                                                                                            23e8bf445965611da96a2b7fe103225afcf63541

                                                                                                            SHA256

                                                                                                            a072e0080c1f18ec31a9c2a8f2ce3be243505451a0230ab03de147b47b884c25

                                                                                                            SHA512

                                                                                                            3fdd575e780198bdd7136637d3118ea3f88ad6752993acec20d169699d21dad004d2fb691cc57492612eb5215576db14e2f10381416325f6704065e7c071dfac

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\StrPIC\Temp\tempPOSTData
                                                                                                            Filesize

                                                                                                            3KB

                                                                                                            MD5

                                                                                                            b51750d6102de45d1f62bf982f298362

                                                                                                            SHA1

                                                                                                            d39fe8c6dcaf08d1e43a8d30b66b2ac4ef81badc

                                                                                                            SHA256

                                                                                                            6c1b44a5309441bf59aeac9027ef7ba777f9ebf4fd1ad18311864a742b832396

                                                                                                            SHA512

                                                                                                            56b7d39721708e9210c4b14c8032b958fa792b7151eb6fdfe804515516d187da9521391ce4bfef0ec84a4840d19b0fec8b9dd2a1b4c63bc63af4fb2d3a22a8d8

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\StrPIC\nwjs\locales\bg.pak.info
                                                                                                            Filesize

                                                                                                            831KB

                                                                                                            MD5

                                                                                                            f2a134d21e79420e0e025b2f5d0e0564

                                                                                                            SHA1

                                                                                                            e4f6ead92945b87c3b980878c707467dc84cd616

                                                                                                            SHA256

                                                                                                            4c125a498bd06dd1cbbe3e4f05dca6fa47ce19297ad9f92df3af65eaf0a05d67

                                                                                                            SHA512

                                                                                                            032e8c44c1edbf6ba3effce1d67e5355e926b5509c8aa3dcf15677efe9fe3a2bf27d81d7d7ffae3a5caae1755830ad016a11f1417dddbf49977bd52083aaee1b

                                                                                                            Download Submit

                                                                                                          • C:\Users\Admin\StrPIC\ui\@[email protected]
                                                                                                            Filesize

                                                                                                            585B

                                                                                                            MD5

                                                                                                            f738bb6fcbe3bbded77bbd6282d6508e

                                                                                                            SHA1

                                                                                                            483bd767db3afde8d4848a7acc76c815371a7d60

                                                                                                            SHA256

                                                                                                            60b295f8eb3b1b3a31310776514c53bab04c89298c95d785edd3e9fd2e7481e7

                                                                                                            SHA512

                                                                                                            54fd91eb801ebea77992e6de03246f99af51499d2be99c817602b8bb47c468b8bf3482c88f8f45a437461dba3c43f8640f4cf06045f8b33250287fde6fd9df23

                                                                                                            Download Submit

                                                                                                          • memory/840-3934-0x00000166A5300000-0x00000166A5301000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/840-3932-0x00000166A5300000-0x00000166A5301000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/840-3896-0x00000166A5300000-0x00000166A5301000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/840-3897-0x00000166A5300000-0x00000166A5301000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/840-3922-0x00000166A5300000-0x00000166A5301000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/840-3924-0x00000166A5300000-0x00000166A5301000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/840-3898-0x00000166A5300000-0x00000166A5301000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/840-3929-0x00000166A5300000-0x00000166A5301000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/840-3927-0x00000166A5300000-0x00000166A5301000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/840-3933-0x00000166A5300000-0x00000166A5301000-memory.dmp

                                                                                                            Filesize

                                                                                                            4KB

                                                                                                            Download

                                                                                                          • memory/1596-3931-0x0000000073B50000-0x0000000073B72000-memory.dmp

                                                                                                            Filesize

                                                                                                            136KB

                                                                                                            Download

                                                                                                          • memory/1596-4010-0x0000000073B80000-0x0000000073C02000-memory.dmp

                                                                                                            Filesize

                                                                                                            520KB

                                                                                                            Download

                                                                                                          • memory/1596-3913-0x0000000073B80000-0x0000000073C02000-memory.dmp

                                                                                                            Filesize

                                                                                                            520KB

                                                                                                            Download

                                                                                                          • memory/1596-3928-0x0000000072800000-0x0000000072877000-memory.dmp

                                                                                                            Filesize

                                                                                                            476KB

                                                                                                            Download

                                                                                                          • memory/1596-3935-0x0000000000570000-0x000000000086E000-memory.dmp

                                                                                                            Filesize

                                                                                                            3.0MB

                                                                                                            Download

                                                                                                          • memory/1596-3916-0x0000000073B80000-0x0000000073C02000-memory.dmp

                                                                                                            Filesize

                                                                                                            520KB

                                                                                                            Download

                                                                                                          • memory/1596-3918-0x0000000072880000-0x0000000072902000-memory.dmp

                                                                                                            Filesize

                                                                                                            520KB

                                                                                                            Download

                                                                                                          • memory/1596-3941-0x00000000725E0000-0x00000000727FC000-memory.dmp

                                                                                                            Filesize

                                                                                                            2.1MB

                                                                                                            Download

                                                                                                          • memory/1596-3946-0x00000000725E0000-0x00000000727FC000-memory.dmp

                                                                                                            Filesize

                                                                                                            2.1MB

                                                                                                            Download

                                                                                                          • memory/1596-3954-0x0000000000570000-0x000000000086E000-memory.dmp

                                                                                                            Filesize

                                                                                                            3.0MB

                                                                                                            Download

                                                                                                          • memory/1596-3925-0x00000000746F0000-0x000000007470C000-memory.dmp

                                                                                                            Filesize

                                                                                                            112KB

                                                                                                            Download

                                                                                                          • memory/1596-3930-0x00000000725E0000-0x00000000727FC000-memory.dmp

                                                                                                            Filesize

                                                                                                            2.1MB

                                                                                                            Download

                                                                                                          • memory/1596-4011-0x00000000725E0000-0x00000000727FC000-memory.dmp

                                                                                                            Filesize

                                                                                                            2.1MB

                                                                                                            Download

                                                                                                          • memory/1596-4012-0x0000000072880000-0x0000000072902000-memory.dmp

                                                                                                            Filesize

                                                                                                            520KB

                                                                                                            Download

                                                                                                          • memory/1596-4013-0x0000000000570000-0x000000000086E000-memory.dmp

                                                                                                            Filesize

                                                                                                            3.0MB

                                                                                                            Download

                                                                                                          • memory/1596-3915-0x00000000725E0000-0x00000000727FC000-memory.dmp

                                                                                                            Filesize

                                                                                                            2.1MB

                                                                                                            Download

                                                                                                          • memory/1596-3914-0x0000000000570000-0x000000000086E000-memory.dmp

                                                                                                            Filesize

                                                                                                            3.0MB

                                                                                                            Download

                                                                                                          • memory/1596-3917-0x0000000072880000-0x0000000072902000-memory.dmp

                                                                                                            Filesize

                                                                                                            520KB

                                                                                                            Download

                                                                                                          • memory/1596-3923-0x0000000073B50000-0x0000000073B72000-memory.dmp

                                                                                                            Filesize

                                                                                                            136KB

                                                                                                            Download

                                                                                                          • memory/1596-3926-0x0000000000570000-0x000000000086E000-memory.dmp

                                                                                                            Filesize

                                                                                                            3.0MB

                                                                                                            Download

                                                                                                          • memory/5032-2022-0x0000000010000000-0x0000000010010000-memory.dmp

                                                                                                            Filesize

                                                                                                            64KB

                                                                                                            Download