wannacry | hxxps://github[.]com/zR00t1/WannaCry

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 17:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/zR00t1/WannaCry

Score

10^/10

wannacry ransomware worm

Malware Config

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
5976	WannaCry.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\Desktop\Wallpaper = ".\\wallpaper\\WanaDecryptor.bmp"	WannaCry.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 314724.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 641140.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2736	msedge.exe
2736	msedge.exe
2216	msedge.exe
2216	msedge.exe
4340	identity_helper.exe
4340	identity_helper.exe
5468	msedge.exe
5468	msedge.exe
5256	msedge.exe
5256	msedge.exe
5256	msedge.exe
5256	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5976	WannaCry.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2592	2216	msedge.exe	89
PID 2216 wrote to memory of 2592	2216	msedge.exe	89
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 4184	2216	msedge.exe	90
PID 2216 wrote to memory of 2736	2216	msedge.exe	91
PID 2216 wrote to memory of 2736	2216	msedge.exe	91
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92
PID 2216 wrote to memory of 3264	2216	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/zR00t1/WannaCry
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6f5e46f8,0x7ffa6f5e4708,0x7ffa6f5e4718
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16256348470276331437,10429647997080711111,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16256348470276331437,10429647997080711111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16256348470276331437,10429647997080711111,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16256348470276331437,10429647997080711111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16256348470276331437,10429647997080711111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16256348470276331437,10429647997080711111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16256348470276331437,10429647997080711111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16256348470276331437,10429647997080711111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16256348470276331437,10429647997080711111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16256348470276331437,10429647997080711111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16256348470276331437,10429647997080711111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,16256348470276331437,10429647997080711111,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1968 /prefetch:8
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16256348470276331437,10429647997080711111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,16256348470276331437,10429647997080711111,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,16256348470276331437,10429647997080711111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5468
- C:\Users\Admin\Downloads\WannaCry.exe
  "C:\Users\Admin\Downloads\WannaCry.exe"
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - Suspicious use of AdjustPrivilegeToken
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16256348470276331437,10429647997080711111,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4640 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16256348470276331437,10429647997080711111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,16256348470276331437,10429647997080711111,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1848 /prefetch:8
  2⤵
  PID:1544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c7d228f8f5e98ffedc94865e4a6ca3cd

SHA1
58b53e8770a83e6cd4de454468f2f9ce1aeea618

SHA256
5691f590cea08b67c3488a4852ce5b4b994d557976d69df1a9b87c1b9b5b16d3

SHA512
8a982ccb2ee6ce879427e44132259caabfd79efb8247dbb9f78a2437f42f7c840b6876a5842a83d5e8123487dadec11d0849762b4759243edc8324924117f0a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
587B

MD5
7da74e1e35fd68a73fa923dc31d19722

SHA1
af54837b29667b94a298839f51f2dc41d4fa2b13

SHA256
bc6ebbf1dacccae3ba995780a11d7c23ea26633c805f8aa5dbd2c83fe9646695

SHA512
17ea66c7bae520f682a7e767ca215d2ca7e40613b6216840152a4d4193fe25c11b441b248d87b8fa342aaf329d1237bca6524f4306816748f1afaf0703be83cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1cd4fe0daa5cd821c3f8801e72108c7

SHA1
068da402ede0275c6fe1a73a595d70e0784df27e

SHA256
c396cc15f9005fb8b39104e2345a781806bade86bda9ffb4cc199264a1627996

SHA512
1b4ab1aa873c1237565aa5efabed20973553cf1ca925583390e2fc1ce8078a8ec6a208d1aaadd1ce81106af15b79b552dd893b081e25bc6c34b38bbe3633c296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db5649bae0fa69bb204dc1377b23c35e

SHA1
bfb1a7816f7559f59543d80df04d7206cd2ce037

SHA256
0084b0da31d0def1e01e1e015cbc8d87db5d280d9199be438acf9c6092c85b3e

SHA512
3a6a36dcba1b5805291ed42fde5b0eebafe567e1be0451968c90e2da66da88ba50945c2ef0c39c44cfaf9d6f9b504c5626a340b0898c91257e0ebc5e10cc1066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9409d101ceb7a9d28df9efa50c318089

SHA1
2062408998ac69476c470313386f8f78946c75d2

SHA256
ae3034a0d0940edee98acdf23051ff705773b3e3c574614646ef1455dce1ac18

SHA512
57150332540d53bc60d703dd782fc81707054e7b7a3a436471cddc29a7e2b2520297f89c27a6717707b06df2edce7825cfd76b9eaaa48261c529d3f64cbd11ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
47b24d3c9b40ed6ead573001073baca6

SHA1
1124331895e142ab7aa7bcbe97c16e40db2ff51c

SHA256
4804f128b7f3010be3cb9ceee0075a0704c3e177d69130c57bb8f7e7a4175bcf

SHA512
7ab1e022fe2ab60436cdf53f700014bea8e890b3a59c1d11056a14888a0ad44b814019628246e8b07dbabb1030c0faecda4ba89a50eb9c4b84d76aef886d1130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8cc92d849469e3bbf27a851c784e6d92

SHA1
c30eca1e16bf286c6aec9e678b4b664fbb4b95d5

SHA256
6a184a1c48883a29171e250cacb0b7f487ed39a9f9ffabdd3810156743c71734

SHA512
203c70f49e9bc7e75839a3b574f72b6904d0d9c1773984e5e7832a7760ecb753fee0a281ee1619153d77899af56d77f81b7fc38b9debf5775a8f3020594167bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
16b1bf6bb6e31d1afe8d5abc1d44c035

SHA1
3aa94de7ae81f4ac9a706b9ac81b93eb88e0a55b

SHA256
a0cee3094f32c0a712c4e8013801683571aa890d162421151e51e28c19f30d8e

SHA512
da6a41c2253ef9f9d8df9fc94ab3db2f7e282fc29871527433c26a8a515256864f9f09672c56e19e8223e2b2bd26dffe790a331455a5adfafb0a25a7b5554452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c36080cb86ea2da1b9d1a7447182c55b

SHA1
84e849b1771be5857e10956e5ee891197e6f3495

SHA256
dc6cc5854503e2f7dbe238f03e2e4a78494807539defcea90f92d1eebc98e647

SHA512
80c9e9b44f38af28a5c523f38d6d2e8a8da585603110f880bcb94baee537c3e33069436b83d38659e67a522c404898a8b84ca7ae10e2162f053cecf9c00f0753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
963fd4c6d3dab4c99fa3d7da4340f8d6

SHA1
132921fdecdb0cc081fbd67f35857c74342ed7da

SHA256
6f14e96c4267b978f45f423154403a2378075d5a11ef4c421fe1f8951cfaa6fd

SHA512
44f52f6edba7afe23331180134c82a3f21671ad756b8023e5876e593b02609530fbccd20578a24af281343f0e82ce273b3cd3d5d91d42b1db7da60b69ab18e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
09b5ba92c314f930a1395bde9c4e54b8

SHA1
cf1ca2721a89a1f2fad7f6c1f0b28c2c51cd1c0c

SHA256
d8844b4d6535e72fb3489c407b042d66dac21ef630f861ef466b62d7777ba1d8

SHA512
18af635c1ab397013dbf87e9a70b2cd2c0815f0fd4581c716cb724724d4446fbdf0ab7609914afe47c4fe9172d1fe1027be77cc2701400452feaa0b6efe4b2ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57976d.TMP

Filesize
874B

MD5
71edb41f3ee8baf117c41aeb4143dae2

SHA1
8e3777f8b48eb40823066dc52ee54790c5128a1c

SHA256
85a6b8c6b8c4ab36247c7ae1aeff92883ed172bbe19876b0bdbfbb66add77bfc

SHA512
ee80b8fec4bc79ddaf30cf7e081c5199086176610c5f9e931c4e16a9aa4f9344ec53616dd2e2eef5929bc7c82a98b5683be1bbb7d097452d4cede850861f3848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
25aa30f8be0ba4288b36e09460062ad7

SHA1
5fec54d7c4f39c2c2750817c8e91c3733022c88b

SHA256
c858e0b802f1ef7bd2ca6710308bdaa21688c612c743c2fab1b3aef3b9ec553d

SHA512
26ecce375fe639081f8d12ddfa47838ec68a2681491b51a0d880ad4d2aecd037d586b464d029a7f6f4eed0aa97ecadc604ae1c35de524b1700829deee97f3519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
58429f13081c3cc085406f35291f7b6c

SHA1
9102c1534db3c711bee1767920fd169fdd71c037

SHA256
8578ba9fec6d41921909986538cc261ac3fbc19eaf32f50eaff85b621008a40b

SHA512
2a2966627b7698a0014f3dcc7b8c9a3bffe7bddbf6a939d18827dbf5b848cfab338409ebe3b946e09f7400a6c21f64fb0910428dbdab2733ca9e314013d0f505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
543abceb0c639378c4d73bef4d1657fa

SHA1
99ab2b7deaa3ccb7e6d7d553d08ed49a392c8272

SHA256
8630190f441d909a5847e18d374ac5d18493900916635044fb78769d5c341fcd

SHA512
9d012dc8f27eebe68bb5bab8cee52894ca185f7e159cea618d8d94566619f852c52a7dce31f94822c9e3ddc257057d1dbcc18c35d7ccca8822243fd64fc10324

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 314724.crdownload

Filesize
2.9MB

MD5
db80f5f849c902b146afa7c375a4b2a5

SHA1
5b8844efb368ded70b991178350c91dddd28e448

SHA256
6c8af938c7796eb36c829b0d600117f2e99065e660a7c2936a7a5387c7488a8d

SHA512
65d928ee71e88ca420748069b2607fe4b30b0fb33cbb13b6e517facf0966b218fd7c3168653c558ed150411ad1cac54bd3b25bf11bb86b11c0d43c5a9dcc9eab

Download Submit
memory/5976-364-0x00000255D8030000-0x00000255D8040000-memory.dmp

Filesize
64KB

Download
memory/5976-389-0x00007FFA5B010000-0x00007FFA5BAD1000-memory.dmp

Filesize
10.8MB

Download
memory/5976-390-0x00000255D8030000-0x00000255D8040000-memory.dmp

Filesize
64KB

Download
memory/5976-391-0x00000255D8030000-0x00000255D8040000-memory.dmp

Filesize
64KB

Download
memory/5976-367-0x00000255D8030000-0x00000255D8040000-memory.dmp

Filesize
64KB

Download
memory/5976-363-0x00007FFA5B010000-0x00007FFA5BAD1000-memory.dmp

Filesize
10.8MB

Download
memory/5976-362-0x00000255BD6D0000-0x00000255BD9C4000-memory.dmp

Filesize
3.0MB

Download
memory/5976-422-0x00007FFA5B010000-0x00007FFA5BAD1000-memory.dmp

Filesize
10.8MB

Download