infinitylock | hxxp://youtube[.]com

Analysis

max time kernel
456s
max time network
477s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
09-03-2024 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

10^/10

infinitylock wannacry discovery persistence ransomware worm

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@Please_Read_Me@.txt

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@WanaDecryptor@.exe". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock
Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490

Drops startup file 2 IoCs

Processes:

Endermanch@WannaCrypt0r.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD10A0.tmp	Endermanch@WannaCrypt0r.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD1451.tmp	Endermanch@WannaCrypt0r.exe

Executes dropped EXE 13 IoCs

Processes:

taskdl.exe@WanaDecryptor@.exe@WanaDecryptor@.exetaskhsvc.exetaskse.exetaskdl.exe@WanaDecryptor@.exetaskdl.exe@WanaDecryptor@.exetaskse.exetaskdl.exetaskse.exe@WanaDecryptor@.exe

pid	process
1044	taskdl.exe
2480	@WanaDecryptor@.exe
4464	@WanaDecryptor@.exe
1104	taskhsvc.exe
2024	taskse.exe
4828	taskdl.exe
4732	@WanaDecryptor@.exe
4140	taskdl.exe
4020	@WanaDecryptor@.exe
2184	taskse.exe
2136	taskdl.exe
4020	taskse.exe
1932	@WanaDecryptor@.exe

Loads dropped DLL 6 IoCs

Processes:

taskhsvc.exe

pid process

1104 taskhsvc.exe
1104 taskhsvc.exe
1104 taskhsvc.exe
1104 taskhsvc.exe
1104 taskhsvc.exe
1104 taskhsvc.exe
Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

720 icacls.exe

pid	process
1104	taskhsvc.exe
1104	taskhsvc.exe
1104	taskhsvc.exe
1104	taskhsvc.exe
1104	taskhsvc.exe
1104	taskhsvc.exe

pid	process
720	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lbwpvpfrj996 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_WannaCrypt0r.zip\\tasksche.exe\""	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

113 camo.githubusercontent.com
120 raw.githubusercontent.com
121 raw.githubusercontent.com

flow	ioc
113	camo.githubusercontent.com
120	raw.githubusercontent.com
121	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

Endermanch@WannaCrypt0r.exe@WanaDecryptor@.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@WanaDecryptor@.bmp"	Endermanch@WannaCrypt0r.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@WanaDecryptor@.bmp"	@WanaDecryptor@.exe

Drops file in Program Files directory 64 IoCs

Processes:

Endermanch@InfinityCrypt.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\identity_proxy\identity_helper.Sparse.Canary.msix.DATA.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Trust Protection Lists\Mu\Other.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\en-ae\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\uk.pak.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\zh-cn\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Trust Protection Lists\Mu\Social.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x86\EmbeddedBrowserWebView.dll.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\pl-pl\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\rna-main.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-ae\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_filter_18.svg.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\pt-br\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\te.pak.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Notifications\SoftLandingAssetLight.gif.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_anonymoususer_18.svg.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files-select\js\plugin.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\selector.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hr-hr\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\hu-hu\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ro-ro\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sv-se\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\he.pak.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Trust Protection Lists\Mu\Cryptomining.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\mojo_core.dll.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Locales\fr.pak.DATA.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pl-pl\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Locales\uk.pak.DATA.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\mpvis.DLL.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Locales\mk.pak.DATA.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\plugin.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_gridview_selected.svg.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_fi.dll.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\SY______.PFB.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\kk.pak.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\msedge.EtwManifest.man.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\es-es\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\new_icons_retina.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_download_pdf_18.svg.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\js\selector.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\core_icons_retina.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\cstm_brand_preview.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fr-fr\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\PSGet.Resource.psd1.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\nb-no\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ru-ru\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\devtools\zh-CN.pak.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\en_GB.dic.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-ae\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_fr_135x40.svg.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\Comb_field_White@1x.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fi-fi\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_zh_cn_135x40.svg.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_opencarat_18.svg.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\remove.svg.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-tool-view.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Complex Machine.pdf.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\notification_helper.exe.manifest.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_newfolder_dark_18.svg.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\selector.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE	Endermanch@InfinityCrypt.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Endermanch@InfinityCrypt.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Endermanch@InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Endermanch@InfinityCrypt.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3084248216-1643706459-906455512-1000\{7C41A84D-5563-47D8-BB53-738D7A70848F}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\Local Settings	msedge.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

3760 reg.exe

pid	process
3760	reg.exe

NTFS ADS 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\InfinityCrypt.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WannaCrypt0r.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exetaskhsvc.exe

pid	process
600	msedge.exe
600	msedge.exe
3808	msedge.exe
3808	msedge.exe
3256	msedge.exe
3256	msedge.exe
4668	identity_helper.exe
4668	identity_helper.exe
860	msedge.exe
860	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1152	msedge.exe
1520	msedge.exe
1520	msedge.exe
4904	msedge.exe
4904	msedge.exe
1104	taskhsvc.exe
1104	taskhsvc.exe
1104	taskhsvc.exe
1104	taskhsvc.exe
1104	taskhsvc.exe
1104	taskhsvc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

Processes:

msedge.exe

pid	process
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe

Suspicious use of AdjustPrivilegeToken 54 IoCs

Processes:

AUDIODG.EXEWMIC.exetaskse.exevssvc.exetaskse.exeEndermanch@InfinityCrypt.exetaskse.exe

description	pid	process
Token: 33	4892	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4892	AUDIODG.EXE
Token: SeIncreaseQuotaPrivilege	2240	WMIC.exe
Token: SeSecurityPrivilege	2240	WMIC.exe
Token: SeTakeOwnershipPrivilege	2240	WMIC.exe
Token: SeLoadDriverPrivilege	2240	WMIC.exe
Token: SeSystemProfilePrivilege	2240	WMIC.exe
Token: SeSystemtimePrivilege	2240	WMIC.exe
Token: SeProfSingleProcessPrivilege	2240	WMIC.exe
Token: SeIncBasePriorityPrivilege	2240	WMIC.exe
Token: SeCreatePagefilePrivilege	2240	WMIC.exe
Token: SeBackupPrivilege	2240	WMIC.exe
Token: SeRestorePrivilege	2240	WMIC.exe
Token: SeShutdownPrivilege	2240	WMIC.exe
Token: SeDebugPrivilege	2240	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2240	WMIC.exe
Token: SeRemoteShutdownPrivilege	2240	WMIC.exe
Token: SeUndockPrivilege	2240	WMIC.exe
Token: SeManageVolumePrivilege	2240	WMIC.exe
Token: 33	2240	WMIC.exe
Token: 34	2240	WMIC.exe
Token: 35	2240	WMIC.exe
Token: 36	2240	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2240	WMIC.exe
Token: SeSecurityPrivilege	2240	WMIC.exe
Token: SeTakeOwnershipPrivilege	2240	WMIC.exe
Token: SeLoadDriverPrivilege	2240	WMIC.exe
Token: SeSystemProfilePrivilege	2240	WMIC.exe
Token: SeSystemtimePrivilege	2240	WMIC.exe
Token: SeProfSingleProcessPrivilege	2240	WMIC.exe
Token: SeIncBasePriorityPrivilege	2240	WMIC.exe
Token: SeCreatePagefilePrivilege	2240	WMIC.exe
Token: SeBackupPrivilege	2240	WMIC.exe
Token: SeRestorePrivilege	2240	WMIC.exe
Token: SeShutdownPrivilege	2240	WMIC.exe
Token: SeDebugPrivilege	2240	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2240	WMIC.exe
Token: SeRemoteShutdownPrivilege	2240	WMIC.exe
Token: SeUndockPrivilege	2240	WMIC.exe
Token: SeManageVolumePrivilege	2240	WMIC.exe
Token: 33	2240	WMIC.exe
Token: 34	2240	WMIC.exe
Token: 35	2240	WMIC.exe
Token: 36	2240	WMIC.exe
Token: SeTcbPrivilege	2024	taskse.exe
Token: SeTcbPrivilege	2024	taskse.exe
Token: SeBackupPrivilege	4792	vssvc.exe
Token: SeRestorePrivilege	4792	vssvc.exe
Token: SeAuditPrivilege	4792	vssvc.exe
Token: SeTcbPrivilege	2184	taskse.exe
Token: SeTcbPrivilege	2184	taskse.exe
Token: SeDebugPrivilege	2124	Endermanch@InfinityCrypt.exe
Token: SeTcbPrivilege	4020	taskse.exe
Token: SeTcbPrivilege	4020	taskse.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

msedge.exe

pid	process
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

@WanaDecryptor@.exe@WanaDecryptor@.exe@WanaDecryptor@.exe@WanaDecryptor@.exe@WanaDecryptor@.exe

pid	process
2480	@WanaDecryptor@.exe
2480	@WanaDecryptor@.exe
4464	@WanaDecryptor@.exe
4464	@WanaDecryptor@.exe
4732	@WanaDecryptor@.exe
4732	@WanaDecryptor@.exe
4020	@WanaDecryptor@.exe
1932	@WanaDecryptor@.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3808 wrote to memory of 1440	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 1440	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 3744	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 600	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 600	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe
PID 3808 wrote to memory of 776	3808	msedge.exe	msedge.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Views/modifies file attributes 1 TTPs 2 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exeattrib.exe

pid process

4456 attrib.exe
4652 attrib.exe

pid	process
4456	attrib.exe
4652	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9e76e3cb8,0x7ff9e76e3cc8,0x7ff9e76e3cd8
2⤵
PID:1440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
2⤵
PID:3744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
2⤵
PID:776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
2⤵
PID:4144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
2⤵
PID:4140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
2⤵
PID:4200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
2⤵
PID:1208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4812 /prefetch:8
2⤵
PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5196 /prefetch:8
2⤵
PID:2648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
2⤵
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
2⤵
PID:1348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
2⤵
PID:2992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
2⤵
PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
2⤵
PID:1612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
2⤵
PID:1704

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6788 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:4308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
2⤵
PID:4492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
2⤵
PID:3652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5500 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:1384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
2⤵
PID:4540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
2⤵
PID:1732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
2⤵
PID:4604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
2⤵
PID:2308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1244 /prefetch:1
2⤵
PID:3316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5752 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
2⤵
PID:132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
2⤵
PID:2136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
2⤵
PID:672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
2⤵
PID:200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
2⤵
PID:1004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1
2⤵
PID:1532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
2⤵
PID:4196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,4010766796702998642,11233143480414741504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4308

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4892

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:720

C:\Users\Admin\AppData\Local\Temp\Temp1_InfinityCrypt.zip\Endermanch@InfinityCrypt.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_InfinityCrypt.zip\Endermanch@InfinityCrypt.exe"
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2124

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\Endermanch@WannaCrypt0r.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\Endermanch@WannaCrypt0r.exe"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
PID:924

C:\Windows\SysWOW64\attrib.exe
attrib +h .
2⤵
- Views/modifies file attributes
PID:4456

C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:720

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:1044

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 16141710008608.bat
2⤵
PID:4080

C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
3⤵
PID:2696

C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
2⤵
- Views/modifies file attributes
PID:4652

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@WanaDecryptor@.exe
@WanaDecryptor@.exe co
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1104

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @WanaDecryptor@.exe vs
2⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@WanaDecryptor@.exe
@WanaDecryptor@.exe vs
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4464

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
4⤵
PID:1932

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
5⤵
- Suspicious use of AdjustPrivilegeToken
PID:2240

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@WanaDecryptor@.exe
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2024

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:4828

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@WanaDecryptor@.exe
@WanaDecryptor@.exe
2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of SetWindowsHookEx
PID:4732

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "lbwpvpfrj996" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\tasksche.exe\"" /f
2⤵
PID:2136

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "lbwpvpfrj996" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\tasksche.exe\"" /f
3⤵
- Adds Run key to start application
- Modifies registry key
PID:3760

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:4140

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@WanaDecryptor@.exe
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2184

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@WanaDecryptor@.exe
@WanaDecryptor@.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4020

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:2136

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@WanaDecryptor@.exe
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4020

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@WanaDecryptor@.exe
@WanaDecryptor@.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4792

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Inhibit System Recovery

T1490

Defacement

T1491

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
16B

MD5
dcc4f0fc36e2bb7364b46aaca6a2e780

SHA1
85a7bb4582139f11d8a60fce58756e7ece8103ca

SHA256
db1ed60fefb91ab2decd4179e5e36bda0770025be13fb76d358ce5a52d148711

SHA512
f656c0db024f1fedfbc4646fd99a35280e9dd9a7194b549c11e2aa7edcbde30f3cb7c4a6cec4d2643bc9a70db2637c6d112e0e66f16632304c8fe37fe50fbe20

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
720B

MD5
919907a4ed8d734ee83c60f8708566cc

SHA1
7bd3968d027839497d51e83a7671d155ce6409f4

SHA256
2dab48debedc4f74c7dcb9fd4180bff4db4b7a4e47eb86405b6e477a3590effa

SHA512
55f5d269f5c765ca40cf074e10e510346f8752a24c55d1178bcab7a93c02d31a66f90f09984a4470abc21b5eb1db03a4dc8da0765f05219653ed9d6fc5beb8ab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
688B

MD5
e5ac652e50ee3f9c9d40f056e25355e6

SHA1
ebeb45c84750761f5cd9718457722bacd5929897

SHA256
8bf6bfa266e54121f49afac1eda3ce5bfc53e6a68c03eb8e5dae5400719bb0c4

SHA512
785be9b7b27bfdd474b3534606f4eeebe922c075ca426f3c52c4ed00f21f1c12549051fe3e3544af42671bf39cd4fceeb3509276f5037c52a490782074bd8e7b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
1KB

MD5
49a1db33ee3d046830395b851b69c022

SHA1
9a2b8471efaae46c4ecf7ca14115531b17dc1c45

SHA256
b0f023db9ca956e21c48dd8101d36404c0d2466ed2762f43e1586f459fc1d660

SHA512
efca7eb9ffee712dfe1c89539890671f193e270f63dd3d5da6635fcc21c554c38ae3c221a57c7aaa015d9c04b101ed8f183ffe1aeb82a0037c2726bb1831eb62

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
448B

MD5
6c55f2d340a62a678aaa58263b37ba17

SHA1
2ff0bc4f5c07423089978a495fd37e60b18b2a98

SHA256
7fd15a4ca1dfd0efae7b1802ece7d8eee94f92d459acc5a13dd3a610492a824a

SHA512
615251031a2fe47f85e1a5acb14da4f0c97c108290ca2bc10e8554db3bf4ec46bc57b78836732816f74668ee5f8dbb9eababcc9e1c9fe6fa88899573238e6f3f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
624B

MD5
405c557c09572ae523bd7ab37ee5c41a

SHA1
74ce9c0e487564e6ced05d40ee24abcd889cbb58

SHA256
b84f09f6bc466cab718dd76edb4db5f6d41a0d1ce52a7995799b8f6f81ab7006

SHA512
aadbca51c035dc77805b3ab9e3bbd243ebad84fbc2b53901942302def220f6c3eb1fda65e1f3b1269c2f29cb13f38a0448789b9c9767c469717c3a922196ff59

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
400B

MD5
49aebc91751a12e9ddd8b43d6e4051b0

SHA1
596f7aa4b672dcdfdaf0ee2df5cb437a43be48f0

SHA256
34604802859fb9e4fb09af83537897ccf94cc9e2577ad602f124cfe7c2227659

SHA512
6d90dad27f5995e281a93c0945a7094406df7ff6a44110d1af369b3fb96ce46c65e6c9e0f8c2ec9c2c2d45806371ac784de375496bbbb777481cc4bf9c24d7b3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
560B

MD5
3c850df822974d4a3b3a35789e49dd4d

SHA1
bda360b336c02809801c7cd3f4c47e0d5e36bcd0

SHA256
a109cf5378adfe811fc8e13f424b06553f2a6abcb960ccca324db73c9dbce9e4

SHA512
97079aafd33c4a8eb8e248487e164b33224e9b9bdf0d739290148260c34b7109a38c0f0f5d073e53b655864a31c8c59a21cd39b098e849a45e284adb43a72120

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
400B

MD5
f51715807aeadfb405796a8d2c1604a1

SHA1
6651e9b91f26a7fadecf4f03238e1693a8f548c1

SHA256
386db09a5342401ee25cd6ee483c18400bf98e1ff55f7cb8d3bcca5d6ef2f10a

SHA512
f672310fe951b6d3fcf7125958fdbf0bcce554d3dbed3a37da3705906c1ec4e8e81378c89d41525bee17237d5fb8aee290314864cb2b0577849174acb09f36a7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
560B

MD5
c5b9b8999dd64414647dff279d16a862

SHA1
8c91859531b9eaf70dad831fe1c7b0ca595dc390

SHA256
1599dcb812a130eb857edbb92b5cd1f6e0231cb60e09182a3d92e26ad6561b79

SHA512
d3e01efd9cd6b2a49a9d13681cde92898716671da4d1b68c94478ffe706fbfc57398406cb9242ba64c94d01c0d903910cb37454c703ef68cda587fe9e5d5f8c5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
400B

MD5
0246299dfd627799b18142d63a32ea49

SHA1
ea42ff40b33ea5ff8bbb466a478f56964c2ae3c6

SHA256
942ff2cb3838812345f757b9f2e5dc8ce70527c8dff4ae8e3a018d3e3b74f9d8

SHA512
9ce3d1829525a8c07b5b390cc9d98555ac9d761d9e5ef110a24b2e28a7044960382ec1693cfbdf8ba4591b4121a47d9733e17529fe80f9e6fe9ed2017f2cf54d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
560B

MD5
532f9bf3a0f2ac7cc03e556bfc1bb987

SHA1
124a4526c6ba26c4dd851454ab26620bcc4a1536

SHA256
4d7f1793d3a79e255e92c5bece39b0a0d18066ebe443ff46bff182e543322373

SHA512
35683516cf141a1aa0fa7d6be23743d41ee878a05bf627acac910236bb5844478791c5d9a165a79a91397c23f1f90985b6ee80bed541c47503381b864e0ee056

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
7KB

MD5
b810ea99748c6d3ba6445b6d4a566b80

SHA1
aebc3fa8577b8f2c9ff3eea9f76d23b86c29fd94

SHA256
c060ba67a27ab74c1a103f5ff55e19e6e642cf8e47f0e2a849a26dd4206b4da2

SHA512
a5f02894bce9745a7976e76021d0651159a4ed70ea5274b82d1c577c249a8ac16168e6460ff7de70ff9d68e78cab06a5d817e39025bf65c9d3aa9ab7e81ec510

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
7KB

MD5
f47f1a1b9b4daf70da710382cc75253f

SHA1
2ba07757cc51dcac55ef2cfe67a2991bb35ed8a6

SHA256
d5bd7a3d4670cfa605520d4ead836c5f8548aeaa0581025a13c4c121e10727a5

SHA512
b5d69f63868db4af1e66e272f3ce4e6928408e8fc83a89b1a1c59e565ca8eeb027736c0a56087441661a53d83df01c26c46ba63e8a28a16660bc57a118705d70

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
15KB

MD5
42d3a2b2a501b495e0d7d3f6172892da

SHA1
274f0beea2199dd7a7dbfd89a25f9c31c126bacd

SHA256
c875e93e4d53bff1837b5eb81efa1bb2efa4ee3b469d525436397901c7eb82a7

SHA512
2928bb71b74b58d6bbcf0c014311ef048fdf89836e29915f1607ce1cd077c08e9aaa01144a545c77c04751adff634b011e10fdb5d9824a95ab7163ddc982be81

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
8KB

MD5
718c5b1d17bd3590d68709140f406232

SHA1
71c3bc6efd7027a198bd87cc9f19b0089b76b416

SHA256
5caf5e9bdf602bca385fac47e8f99d4b3f166e0e8d5710f1502a21edb56eef60

SHA512
f38c89a0abd68a5fe11fbd1eaddb5c45a0517f23648cdf208696d9ce63ffaf883926731ac72902548e8a00d8d8104c26fff6804e04cf8f2ad74034aa8916d4e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
17KB

MD5
ceecb070f67a28f6733798207061fb8d

SHA1
49eafa37cc239ed242ea3e12655ea40015011008

SHA256
fac0861403275c482259bc328b6ee5cc2314cd36092b590818f3ffce5c6b5453

SHA512
6b01e71f34217c72faa3e6b9237b57ad2edb20404babcc7840c40f9ceb26cb7df53a9d2f7fb40ac9602cbbd1739366aaa8718f161d11943c0191a67ee7f61c3b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
192B

MD5
3abb6a9ced34c788abec79988ffe95a1

SHA1
fe0248cf7a33258526882ea47c718c66e612fa48

SHA256
6195557174dc6d145fe18e9618f338c1f5d220520ca8d8252bdbb0d67bdf8ac7

SHA512
7b1d27b90d8b32b90705bb87ad0569b78fa34fe277e15c021c4c4f189bf0183bbf88985d77293927adfc38ec34c77ff723d1f2d32486207dff268fa74438c689

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
704B

MD5
28584dadf3cc5df69f451c501e17ff2b

SHA1
40cf0a5f02142bd4b3f345225a9f87af4b70d008

SHA256
3cd5a7d33ad4f6c743a99fc910a6103fe72900b34f01638059a651f34a7afe38

SHA512
4c6fc7273c9ff7cf527eac0f765d2d4986074b08ab1e47cfdc28af8871031a67855f70bfc9d0bc12fbe7652ccc6f98ca9834e09ee2bc118fc2daf5c4a0f7c105

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
8KB

MD5
43f9d8fed0d5b1c39f2eb6e6967f6506

SHA1
54094d964eb95faf7b43f137f6c556f9bd4c500d

SHA256
9e3b1b8670d41aa526d73796d5254a7a97868fbca567e3a7ada86c99ad408cf9

SHA512
c433da86fbc1ab998c58df9839fb02aaa72a43c5c62f0aa33f31d79cbbd2e903c49a2430c7b118c31511fec261a4b765254ded940708b26a1c3501f6ebc54516

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
19KB

MD5
8c8c33e023d8e31ad1b704c5c00174ea

SHA1
9bddaffa3dffd6fed0dc7a3222beb52db0234430

SHA256
fa45a89c761ba68c8bd678edd6283582efa69050fbc672eea8ee8cabeea3cc86

SHA512
2ce7d2518f5a3aa7c9289ae8a5fda75e820ceab91c09ec90b877c0bd66296096275a3e057ece66867ebcfff49f74f02ae2495db1c869097713f7adeb0a76d2e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
832B

MD5
8f0897954d8a3da3d45326bad3b0123a

SHA1
8bbd7383a33bf54aa856fa07a0e7bf1cca642d06

SHA256
c13dc11c6f9556e46659b14efd131e64d0f64ab18bad2feea4bd86043b245df7

SHA512
f61ca7d2ef3319c7a0bf5614c0e55a89642bab7b9d90c9d788b906a23755ae87bcafb0b9dd695f87857838524a92a79bbcb30d764299105a4e205583dceb8131

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
1KB

MD5
e5f8847bb445ed00c4c265b7c9314f41

SHA1
0e8b56dff174cc52e50c95db9a172826a29ad865

SHA256
ae87c585b710f927f5ac1426dc34b54aab7f9c5dcc36f5598f55f661f85441c9

SHA512
0a37596658240eb6795dca07cf68d4819135bce4a063ff8343fedc01eb63dac16ed7bcb03588deb58c3fff5356997406a57a3b0baaa1d1c9c5863bd0da12ba82

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
1KB

MD5
84e8fa2b8990170df57da73a0247215b

SHA1
0943907f295416f40222737a6d24536f36d7b2c4

SHA256
d92c14d0bf78165eab7d2e7951e2d995e7f663ba8aaac5fc38ffa120379a4042

SHA512
b73c1fbe455503ba08aae6d7c184a784978490ad6a0fe5b0541c03a90b0d9a84f3c56c0f879999265daf8493bcadc165875a8a96ac336e0d9cef6ea19d9f87e8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
816B

MD5
24450c7f9e8034c5d4184e8dd805826c

SHA1
207e3ae5aa1bc5c4cc4675cb1536be04481068d4

SHA256
3f5266e8afe61f208ea53334341aaf94650738b5f3acee2ef7ec8ce832836bc7

SHA512
2e5787ec9ea93c3db63b820dd992adef4049c3f7384ca0dcae0db0c0a1394a5308b588cc17dbced90f51ed1fd7afcf0acd8ce0c362254034287b588dcb43b334

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
2KB

MD5
441ccf3a554f71b91d8b690da46e2a8a

SHA1
fe093237888c0ffb9e63779caf43abd260b28bb0

SHA256
4b9cceec1e41cfcba6b3b5a4c8316d1575c7dd005ab7f89ccb8e34491b7c1815

SHA512
e80b595d02ffeed953efa6bf7a5fa5712296fd93d7e15100d614d9d4601e6f1191495e2c26c75416ce618edf283a822e5c237cce709d574bc23972ae943988f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
2KB

MD5
9cd7a6b8119c6a627218508fdb9c28cc

SHA1
d00bea1d8e07a2bd419d978b12d1575996ce9997

SHA256
9b0425a778d2bdb6f96929ceeb2b81dd73d22b52da68dbdfa992248e300a1a32

SHA512
ee85d3c362c7d0feb47fe5df2fcbf79fc8d043ef7c79956c2a9686dfe83e95e1985b59adf5a28c22cde6663745b3dd9cfa5eb467a94f933c7f610b0198295a0b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
4KB

MD5
c383c70c28b4714cbb56ac80bdd9cfbf

SHA1
77ebd4be163136c975e8123b19a7dc8d4f44985d

SHA256
ce2aa309071e284ba1a77d9de7bbc80de618981abef3b1548d1b995c2e276845

SHA512
56e6788762b1304bbd7dab1fff016f8959049336b80c53b618a0cc221c54ef297821f16af7c002a8773dc838616ad4df6bfeb5cd59b983428f74e6c42ed8c84d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
304B

MD5
867c918505de5d772679dd1c7412f5fe

SHA1
d29cf353f4613888a810dc3f1863d65883272872

SHA256
f2ca4ed17c4b8784296b2028087122f190a39c142e2c0b362faa37f21b64fc36

SHA512
64348ca9d0f0ba80b5cd8de2bd448ef453fe04ff1949442786d3936afce3aa7a4a3787c65babac21130f4c29bf443eeb4b1b9ac4983f983863f31acdc9f4ce5c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
400B

MD5
912be30289d4294a716e7b1b0029d7bb

SHA1
f6c621da31a42b5b803d033dbc7cadb34a727b22

SHA256
8c791817f7f6c37f868317224c82ba5bf8d6d048f4c33080a01e3e05237454ea

SHA512
c3ea0a660b0fbfd17127115af2e829f7c545b9b28be1b6059cbe0c3ade477b5e400ec674e120090c2d5cb2aa358c4f6ac60c6951b929abda8a1d2e251d3fdec8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
1008B

MD5
26949515b2904f91b62271704a3abe65

SHA1
bf9a4efd7040c6f9554d703d11ddf7745269b489

SHA256
e4bee063f25bf20276e9ae3d7e95a2c8d92fabd2a7c5c096a4ea82ace1ef836a

SHA512
2e992a9dd1a40f155711e0d8c7066be27e7d1b289e94db4a87f646ea1b9e9fd2416723f3b358a374ca69cc6d786ea6f93c25e17e58a20568fb3d8a390962da6f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
1KB

MD5
614853064bf53f5d256e54552168ef46

SHA1
d8ff47741eafc8e34ae256b689165e8fb78fe35e

SHA256
7c196f9149688241e59ae10d2a8fdffe43edff928ca5fa67797523f541c1340e

SHA512
edf6bfa139f6a8decc19f9f56e376c6b62a02f92e1d05d42641419c7dee9cf284636f0cd023fd22237ffded64927c9043d731abed8f3d6c9a697a6fef6c25946

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
2KB

MD5
1e5809a1ded20a3519295512a420c345

SHA1
c3035149da5eaa44480a6fa03a639cefecfdb208

SHA256
c9941f86ec785bbd0a4ad6afb93b0a486c09f285b0bc8572a970fc11abc6a0a4

SHA512
4504af34b4c7604f57582d178d024d2131ce1f2d78460ffd6f5a23b3340a90807653126c1028afaad4ef695bb0ad1830192f57e1a6f1c93b4d597deef9bae5f3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
848B

MD5
8ecf92cb09e49f34eb05c095378ebf89

SHA1
7901a78ca8574e8e993d95380e66a02b5942df15

SHA256
becbcd44af2ee46d0ffea4008a66202737226b9c54790c87c57dead737770940

SHA512
e86834c45b3fb41133a1fe745f233fbbee096f20b7d1dd4d340ab8f380d12810b3932a6807f95527489eeabb3f956c67ef0200ce33a11a84f60cd5bbee6d9d4d

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
32KB

MD5
599b0696674eef78d286511c29d3e28a

SHA1
de38fe5eabe88d816552a9458df340c252d99ec7

SHA256
c146ee41224135188aa881abcbcee64a4f21f2ae9b6b3ea08020ff3c713b90f3

SHA512
0111ce689cd60711994f8f46163cfb57b45647e66757a6f5a8977ad2cdc0b31160cf1e74867874ef380a9d73626ed61edc52ddf1847a930ef40865c05134c374

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Mu\Other.DATA.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
48B

MD5
04d810ee94570b2cf83dc549e6391ebf

SHA1
03404414d18a57034df9a744ba4abfdb91f953a3

SHA256
c44ec979cded14b1a9e8fe68dc50d631666cb15e751119dc4d7dce818d9c441b

SHA512
c778b69ee138dc7c6f74f46f0be27d106bf1191c9e4f043ea474a3df66d957f530a29de9407e48059996bbe0698573db02e79a27d3b4734280b6a089ee75ab77

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\identity_proxy\identity_helper.Sparse.Internal.msix.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
55KB

MD5
92f0a214f66ff78c2a3c76d5d0d7e26d

SHA1
cbf372ff0263b784ad0f9f5ebc1442d614535894

SHA256
985ebc968b4fa7d2a26a21ff89d1db8991e4ff9e64954272d04b1b87eb8aa319

SHA512
8f91439ce91f6f2e143efff4a9431a939f4edc3a9e72880d214ff7d56ee4dacbb61146b1a6165596bd440bee1c87b844e2639a65dc60dd09a363bf11658a18da

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\notification_helper.exe.manifest.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
1KB

MD5
8bc6a32b01ecba59adb2ab6150b63656

SHA1
d969dcc96ad943f0e72c29c728c9703311ee8e45

SHA256
e83b2ec83ea4bf4ec7fa6d50b6b54daf1a2c2df38c7c19bfd30e7aa87e82019d

SHA512
206b8b3cf6dea305edb2fe87da5fb14d40533980b0e95439d99ad312d1ac4a643cba0ee6afa47cec11c3a03b73c60525ddbcf59ea2e6a9e939242371ee2f9789

Download Submit
C:\ProgramData\Microsoft\AppV\Setup\@WanaDecryptor@.exe.lnk
Filesize
1KB

MD5
73b5a7e533683a658c73647214bd84f5

SHA1
794de75ead1bf32857b8c097861ae248af46ed99

SHA256
38ad230e61a2b59643ba2bc1ec82ec83488967526ae1e4dd3756241e71a35627

SHA512
b94403562867d1b4d873c90699840a649b6fa7fe1f8015fc1216db148f576de94678bf4327aa908933b6296cac0da46ca892df6f81c0588165ab690f518b204d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4d638c8f-e388-42df-8921-d7a7fc072e19.tmp
Filesize
11KB

MD5
ec7440d4ffd40fa9fbf321711af664b8

SHA1
9e81733fbf4d4040968811d4ee5141a72e700329

SHA256
374a2e1133350d4a598f59f400e5da6fbf152633e3232b3ef49930f3b17b7147

SHA512
28245fa06b88b6cd5ca461b3006bd070c24af227929be4ff780a65d5c10485ab28daa9bdf837e3840a7f5d042c06990f35fa15dc46962c56c25b0745c6ac857e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
caaacbd78b8e7ebc636ff19241b2b13d

SHA1
4435edc68c0594ebb8b0aa84b769d566ad913bc8

SHA256
989cc6f5cdc43f7bac8f6bc10624a47d46cbc366c671c495c6900eabc5276f7a

SHA512
c668a938bef9bbe432af676004beb1ae9c06f1ba2f154d1973e691a892cb39c345b12265b5996127efff3258ebba333847df09238f69e95f2f35879b5db7b7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7c194bbd45fc5d3714e8db77e01ac25a

SHA1
e758434417035cccc8891d516854afb4141dd72a

SHA256
253f8f4a60bdf1763526998865311c1f02085388892f14e94f858c50bf6e53c3

SHA512
aca42768dcc4334e49cd6295bd563c797b11523f4405cd5b4aeb41dec9379d155ae241ce937ec55063ecbf82136154e4dc5065afb78d18b42af86829bac6900d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
Filesize
31KB

MD5
1fddfdab08937ca30e43dc454840c64d

SHA1
25af586ab7462e30465c9306426062b9d10bd058

SHA256
c578d1b5c5f608df3926d2658217ae728beace6455244c0cd9e3e3d15e455013

SHA512
b0f5666b0fed1321f525f72b5950b8c694032160e6e5fe101201f4fda3ea3c04fae226a997f949478a93705c8a2f25e3567eb69e35dd7bb6bff85d4bdc481fb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
Filesize
67KB

MD5
88a552e6be1ac3978c49143983276b3a

SHA1
dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

SHA256
927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

SHA512
125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
Filesize
1.1MB

MD5
60021246cef1f0978983114d1fd51250

SHA1
b4cd22c3fa223376820c53fab738473732a0682e

SHA256
5cf8acb556090e2c26d420340e174d7948ca191e0334ddb1258da8844d4a2f3f

SHA512
ba1395b1814e266915c44e7b72f6f4d3a9528eb60948a1d9a6b501d129dcee6d8fe22125e569a618c25bd89b9128e088b3ba6c0ebcad3804a128f38f0e614b66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
a3da209c6102360106d8468f3e62b24f

SHA1
bde0dd7b48ed79803284c3f6539a2d95dd5ca0a1

SHA256
5f9afac16e6ea40712b5616e8924873f728538096e94d5c2d3e83568bfe5d248

SHA512
c250ec8efb9a3be5d97eb046ddf2e00e8c3e675dbe0655f60864feb5ad92e8d8a52dd532d26201ea794d57e44c5bd617ade2f672ee79a99e0893041eee1d02ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
a208d4c06d13a4d274269b9dd5ba87dd

SHA1
a73c96258338af769bf4c8e7ec1fe31102ea581c

SHA256
15c889cc11d90c0d3de82972b62abcc2437d16541ddd0e022356ab62d88b31a0

SHA512
0010aa5684e87e317ad88776aae8f1ef4ded15f1017896068116021dde2ee5e600e0e8b9cb7c2fca145cd4a696049b249164a091e072fcd17a43dac84aaf42db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
20b72030530b99c7dae74591addc38a3

SHA1
1d8e0e3164e119454662810ee1931a55a959e838

SHA256
17d896175319dec1f7fa9f419536b6b6915f6e955e46b5e8bac62484178f5d85

SHA512
1ce71f1d1e5142bce8556d7afe93a88d3045708aaf63fd03b1e24e156de4aae218577a5552bb2700135da7607ff500c8490385b72014426b39e9f26cd51a8a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
666e14d5b1fd52b71657d76694078b1a

SHA1
db6a36049ee0bc8241cc8298031b8d4b806a70cd

SHA256
69ccc4cd457de1a97a17677f19e907d8182a3572a38a79cc3a2ca9e8979fd01e

SHA512
e05d444ecfbb33c4a5803a8b73d3f28efc30ed609669caf7360e011cb5054a8474f1eb781a081ca5f9edf2434d3e9c272e124902b7f2c871ef4a2feea9b3c567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
314b22873726e8ca9f4f5a02c087ddd2

SHA1
404c5a15e99a4bcbc7d4a1e070fd0caf4e2e4c88

SHA256
580000d3abbd3c540e7a53d332e72a43932e14c9a6d54eb4b8ad2c8d1e49e1c3

SHA512
a1606555036da55e733328980b8daa5b3e13888a193edfb8e163371e53c2ef9bdc63f8226d0ff59c62a5d3e1e6a308d97a79ae1b223a6144ef7c376a160134a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
f27d35d59ffe7ec91b1926003f5e6bed

SHA1
4b0011c01feeb2412ee221d28c8f70e95f565c4a

SHA256
e564be1b243d57fdd6066a7ba85d3fde961f23b9cf191a75972b0e61c932b438

SHA512
593286609c540498b3bf4921421b5730054aac30d2342772a9918db537735addbb46ce85d4f4aa3b977335b570e2359fbf1f6f81d0b44c0b11f22d7241794b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
3c10361fa5eea84bc29993355bc4ea60

SHA1
50f745e9e1628983fb5fe9b11eb8a364890065c1

SHA256
00a3ae1b8429fbfb6dac12844fab4575230cebaeec474a1ffff67ee9abe9becd

SHA512
9921819c203594b0c85ff8f3b105c3f20a3726da6b08784803b8c09fed4a7c0c950db26beff1472dd6c30acf0d8c938a22db570a75819cfd4a48026709cd2591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e71ef56aff8aa015089fa96d30dfbf87

SHA1
bd303054eee52484d17c60bf0bd125f970520743

SHA256
bb930dbe05dac88aff4ee1052994555f703c065c745b30e859c7cf0f42d6b15c

SHA512
d7e4bd7d6af197f0525753acb39819d924328760556b546acd08a44853227f4cfec9f8b4bec055176f972d0981bdb54cb896f931495bc097ac0b39afbf6ca67e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c11d7572d97234b441a0a77f5c4e029d

SHA1
06e45c1a5a98bd300b5a76ae49c8031a5d89ebfb

SHA256
4ea51d54a97975cb20be385ebcff2c7e1123e4cb7996372f432e2abe25e16e8e

SHA512
cb09829e74fab402e72e5e75e05b735e8d2abd1f547cfc60895f90630693c0e47926adfde64fb64a4d9d150050633e95d63acb3eb0f29b845a6e5ba32d52c21a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
14b1f8ffe1c3bd8a25ad06013ba65f3d

SHA1
dc8c7423c738e03880976be70c2120db7969c15b

SHA256
8747cbc39b526c33c00e5a5cd968df0b287abf6df331e2247631d734e3ddec35

SHA512
845d08762ba2eab49c9f7299a78bdde0aa2f1ebec208ae82713db8fefc5fc62ad64e09e61672f2f066b20b7bfab85a7c920f6059263aaf768eff113b87c333be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
12eac46a9c23a76d748e81151c0ff54e

SHA1
4e85d0c9eae90745b04a3fe96a2efd6f2481ecd9

SHA256
cd8de62c79cfb3dfb7bd95dc2896c301f13f726835034c5c92e803dead55d7bc

SHA512
93a49f4063e4e1a85173259072e7ab645889c9c54f2eeb12912fa601e57c94d70f3d094f99e782b6db673ed51fd8cf1bf0b799a8d859382cd820f6ed2dd55940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
71d7c249ff30da5c8c0c87c720e357f8

SHA1
25caad82d61f6eb409568960766780a600d6fafa

SHA256
2a8a025a85524ff950be6a3ba0901db1083ab3746a1c3585fff1c689d83fcb9a

SHA512
c782d1619018498afc06f27b136d0b59c083f7cfa9a6e133d036efb10253eb3a94be3e8d8fcd3e004ec8bf7b75254c4e3ad07d55ea66a70527410182ffa9bbf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
81650c322d475afe6e389c3c0489c888

SHA1
4d60477ee5b8ee53c6ced0b7183db3971dd8ea8e

SHA256
2873ba31d81ffab143916cb84a05f7a0e4fddad60e43e5043471b84a6c5cd697

SHA512
4fbe080059b7a169463c029fa5847664c955267519e0672781632d1aa3d3cf9d1e9955d7adb0d1cbed78fe81716bf1c16e329bbfc8bcf7e9b34b2c9612a26dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
daa27f3f50ba8688e303fd968a19f849

SHA1
adc933678c1a37e23ddc4a4dfec670f5353db3d7

SHA256
4d7f4e8d215924f6cd9cc246e5ee53cc56c77fa7a0f062b0627152320fe04329

SHA512
bb429bafcc13d2cc3947e52aeec62da93b46e1296e88cb229f7e1aa2c6c27373c1a146de9a38f1e54ce0b7c814cfe58fa7fdce98d8d4dc18e9c94854dc625db4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
477e3171f6449b3f3850d62bbb6f15df

SHA1
a680ed511843c6636e7ce100b0fccb8018e504c6

SHA256
b91c0103270fe71229305039230f23c642d133f845b4c983c0e4450c0d48cfd3

SHA512
4fcfdf2fcfe99f7423e27d1a342b5a2c75bfdd29f741adc07eec9f91f2bc4da87492a864ef3995ec87aec187905350ae8d2e84eb321d95284b86b62ee218c456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
541eb1afa2a8e54f5aeaf8b02845befd

SHA1
8953cc1a0c393392f6c7ddb9cd03f4663703e775

SHA256
a975e16ad5b3c969208ed0bcda1c1c9cb2eb39b3d6991d8ef6e7e181966a2390

SHA512
33e285e6153d360b9f9030b45c8f2b5232e3cb39ea8ff5048f6e6a2bbcef7f8be1a0982f32d79c155f630a5185f7dc3da1aa6f49c2ffe93365da53b4df189668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
03cfc43d8941a2661884703678955532

SHA1
c3a279ffb24dd3148e419e832f1346d7dd6c2092

SHA256
82ec8c98c0b94c01bf27e38b552cafd98735711bf04c6655576939917460e20d

SHA512
05fb82057669e5fa1276a3ea6f83702b6c3789b3fc2635ec5e0a96ee56d2327248479de91aed7d3c4839e595bb785939a8a13d7bfdc61b22cc3d5c9725b170b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\beae6c66-02b7-4b66-8f43-27a35f0473f4\index-dir\the-real-index
Filesize
864B

MD5
6e3f73c80d5009c94df9a8383696a7f7

SHA1
1fde81fca9c0a70f1cf7610314b72dd279f4c1dc

SHA256
363d23fe7d70074d0449c3028abdab7f5ef0fb2acf3cb5a9ed5707dd29ceb7fe

SHA512
cee64377f1209b1c2f4008cc47e37492dea02f6ec8e9afff532059faac31697dcafd92667af4cbd3b5ce944ed00a8427e1aa3cd57e8473d839f08db75ef35b8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\beae6c66-02b7-4b66-8f43-27a35f0473f4\index-dir\the-real-index~RFe58215e.TMP
Filesize
48B

MD5
b902c91bfee3fd3055aa5ab29c87002f

SHA1
8bc43a7765df58104d66fe5a35f100e6b46abd05

SHA256
d3f5b4f70ce299985c8495f3e079393b8c4d151a1cd1d8d720172bf6427e9396

SHA512
bad374d389c70886dfe50b781d7843cc44237d24edd5e1719d9fc4160b37c68a0ba56ef69469af813d248b96c2281de79a801758b11d860476ce9938dbf13cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
89B

MD5
8953bdf8efbf66fa64d10f709586ef2c

SHA1
0b644a0d5131c05b9636a8d954bb69d204312148

SHA256
bff1ad1f751d50f42e6c7da6ea5417cd8ca0c18f8b8bd9c08c3564fe6a8e4128

SHA512
481a047fcdc50c39b97da98b9eed1faf4fda047f4cb865eb8fdd437ca115dc564125d3ab186f62b16a063992585d116aae2e67581afb6fc117656f80f7b04e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
82B

MD5
ee74e3e91995cde82baeb3ad52c2f3d6

SHA1
8a3f8256355c6ec9af5b4b1977cedf7649ff5c0c

SHA256
7c4e6765d621bd7fadbf467d89f91a3b29872e75af00106ba3b4056beb0861ed

SHA512
46be22de4a67807f73618fa89c95885939608779fe7ca45a5cdb6d3e470aa33e69a95f4ad59b54be3ab3c82bc97be99579e485eb40aca34383ee5ecbc63b4ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
84B

MD5
6f23988bf5c15aa7ebfc16ce60db42ce

SHA1
f4ab4e57a355ffb1db4a902c5f40b5cd6442ba0f

SHA256
f506a0d95b74ccaa2d4e75c202f4ee4a5163b522f4de700d5c77010ccbe819ca

SHA512
62ab2e40a8673345bd00b304f22017f1da45e86246d40d45b67cdac8c82e07f838aa47078fdb883ec6be1d8ed8cf4eb833c07c4907a8763cc72ab5342f11e139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
ff3c5fd1be7b0ad6147e317910810f49

SHA1
3b6b31a9ca664d0ca3cb10bfb7703da5fcca5f3e

SHA256
a9c477e8befa2b2d33fabc8d25bee2d535659cba0a8de7c0165acfec080f43b4

SHA512
f9977a2e1ecb486f85e90389b3901dc35b2829ade4ce3cdcabfd0e0fecc22e83a96982a492ba537aa401ead105ebaa37a127878eb5a41a0be8aa419af586c7cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
48B

MD5
dba5943b8ce4518f5092fdf52108f3ea

SHA1
e7e95a33ac7b38cd9354ffb6edf95bf15d6a4b2b

SHA256
5dc49c427fbe8f6debcea562ee15c4879dff6fa6484b4d258453613acfcaf92d

SHA512
19d099057768c61ac32b02236eb08859672abdd3ea77033dc530a4c69a16fa3e29ccd5ff1921f3cbd45186ee0bd0c36f6d38548f1a021a128fb68f552303948b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58079c.TMP
Filesize
48B

MD5
a5726b2335692c613247c728001b9b6d

SHA1
373a67e3fd2928917f325a464ec4a08ecd18674e

SHA256
93d1617c491e8378bad55839020c826ceec060355e883a028d1fd23168d6ca2f

SHA512
f954c40ffb3c0a7e3c553e941e6aa8d44dc41747f23df323298533afce4c3f048fed424934d382d47ba0c98ff20a0cf8900dc8b857ed723b48e37b6f5923474d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
f017c5446ae630ac9bc4b5b748a3a559

SHA1
7fe18b302c6d3cacb50e471e89df8a863232beec

SHA256
f485ae4e51ceb0b94d85483f79f0623fae3b434e78af6f1471927a1dba980000

SHA512
54f5dd5443a816c34c973e98faafbfb4e2dcc1c1a501e989a4bf9383364ef0cee5aa745d8c305837cc1659a47a8e6eeec9ad542f7ec343181d526dffedf40b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
b3e42cba4e419ff594b1234798cc0b99

SHA1
8e14b7fbaddb4f2ddcc8024c68af6cdd21130636

SHA256
8d95ed5573f7d79310639f36a903a105205f9ceab64b6fa524301e1ef37f32c2

SHA512
811e5651660e56ce3e4c11f6578dc44b4470b252a96c0934c72e1140a9e73fa11440b1b36148eeffdf16ffba584c26855edc0676bd97fb14c875e9b57c7ca95a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
61547325f45c004995cdfaa8b2e066fc

SHA1
6e97adf0c4005fcb74978001c003e130a071d761

SHA256
5a3ab74ead0772339956019fde1f0ca39f31065edaba074d3497125d29787173

SHA512
fba4ae268e39b5dbf9c8d7f948bfeb611549fbdbf050a22b613ed5d78d884540bfda53652736612ead01ba35f9f3e6945a3e6134809fb6f030748b985e7d6d79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
d1c8a440440cf2b08e1e09502c0a8efc

SHA1
681ab30fb02e36e860877f7c0f4f2fc244778e2d

SHA256
1c429741f8bfa2de83ea341d386b0fddf2e9d3d3adb42e3213c27efe4c282a71

SHA512
34bcfdaed88ec61435e3d5f7ce78bba32e96ca440813b5b236f64135077a8c688de0c5886cd7c61fcd8512307ba2227b84785d07bddd97e6beaab678c0cc53f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
5d53a17fcdd0c49038b03ee94f2f4734

SHA1
9e9afa72c84872a15aec1c668e0f11feabbb906d

SHA256
745616cf6ace9a7e5cf36f5b627cacda624ec99bf8e1b75e9c31fc65074bfa50

SHA512
e4fd3afb18c7cccb8212512b9eb50fcd71e6565c57091bdeea49b6887877a1be818da140c609de66af5360592481f29238c46f2729966bd76e1159f06ffe52c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
871B

MD5
3b73272f08964323ca0cec969cdd44b3

SHA1
4cde7b557a9983ea04aff50ab0d4a8ca4d64d71f

SHA256
0a78211d87d47963e18cefdfcb3b0faabbeddf5de6b9707892300bba33f2636d

SHA512
d9884d7b86c326cd477162f7591fe67ebc8fdb9ad766fc48feff6b9c312d2bfbaa06f50b129bdb6455e6cfd325df8a079ad2c32affdb3a194ff8010dac09c733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
84834c4137f92607fc42bc07412573fc

SHA1
3b35fadd0029843b9f97170f01da5a3cb45b0238

SHA256
2c43e29058d24f701f9e39b35f290ae1b98f16ff8c3baec121ee4c2936119a88

SHA512
9a2a9603f58326304926d54460449404648caa2d90d3e9012ff022e9dd2cf34eeab26c7d8ce4c008f17630be3db542b6db920ccb700688652a267299122d2af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
dfd52334b6465fbb402d80d91e3de91d

SHA1
ce0cc51d91e9c0ab773755722e4be64c32ca07aa

SHA256
25bbe01acf4c43210502724d8af4b671f6a950253d347d1e521e9b0e43c8f1e1

SHA512
d50be6fe0a87834ecbcc6d1c61c9e43ba5a44b2a2228a1a7a7cdc58d456ca889ac1bcdb88e862c53e5336b45afe19ee4dd4ac669e829132b68393a41119b4ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
5bbd450fcdb12d84fd297d325aaa8141

SHA1
ee99b2a5e4bcf46d3f1b1fa023d7e3c4d58ed260

SHA256
6a7f37532d00b2a5bd709c2169109b055ba02aaf87ccfc69480f2a1ffac01837

SHA512
0a51d8a4d810774124abb58aa666ee797ad1baeadbe2cdae50305e4e23a7c9d87dee4800c311d2f7c1fd579da07c28a085737303d94b6855b0c5daf6029ff5c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583479.TMP
Filesize
706B

MD5
9f6a53eaa80168a769765d4d211afd08

SHA1
127ffdf82527fb63dd15ad19bad331d5f869cdae

SHA256
73513ed15735c0c897144d16ba52d78bbdceebe994d34c8b157bbaa1343759c6

SHA512
4e0e4368a1a3a443b30a61941de4c755b997583bdd356b6296b7abfc38aa25bc61a0a3eb10273d8b9f0c8208c0445a413d563f527659ef4e76c9d6836046cc76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
944950742b36600846269bfea01c9aba

SHA1
fc515a9ea681c22380540e38b2804a70606ed527

SHA256
505b2c60d6b1e6c6a92e73e6d61035c1b5f27e8cbeab2a53c26757713f624373

SHA512
cc4836613c36f245f0a1e2ea5a386302b9cea4fb039dce59361715aa651151a5ed433ffdea98356ec9337975b2038ec7672d7e72c9d90582433c5bb58bb60661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
29153c10f825597189f766e8ad5ab021

SHA1
4fb664045a66e9df134706f82f5aa6a59628bd6a

SHA256
8bb9a5f4bf0fc8e0648aa85399cf6dd9fae7b39e9dec786b7ce61b31eaa0a9ee

SHA512
fa8b1ca53e36ed8ec6cb489b9239fe1db846a04c015e5e3461fe463585fe148524d48c55ca7f7e532c46d9ed07c71f9814bd2786c2fa85d95075d83301b1d2c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@Please_Read_Me@.txt
Filesize
933B

MD5
7e6b6da7c61fcb66f3f30166871def5b

SHA1
00f699cf9bbc0308f6e101283eca15a7c566d4f9

SHA256
4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e

SHA512
e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@WanaDecryptor@.exe
Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\tor.exe
Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\b.wnry
Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\c.wnry
Filesize
780B

MD5
93f33b83f1f263e2419006d6026e7bc1

SHA1
1a4b36c56430a56af2e0ecabd754bf00067ce488

SHA256
ef0ed0b717d1b956eb6c42ba1f4fd2283cf7c8416bed0afd1e8805ee0502f2b4

SHA512
45bdd1a9a3118ee4d3469ee65a7a8fdb0f9315ca417821db058028ffb0ed145209f975232a9e64aba1c02b9664c854232221eb041d09231c330ae510f638afac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_bulgarian.wnry
Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_chinese (simplified).wnry
Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_chinese (traditional).wnry
Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_croatian.wnry
Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_czech.wnry
Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_danish.wnry
Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_dutch.wnry
Filesize
36KB

MD5
7a8d499407c6a647c03c4471a67eaad7

SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_english.wnry
Filesize
36KB

MD5
fe68c2dc0d2419b38f44d83f2fcf232e

SHA1
6c6e49949957215aa2f3dfb72207d249adf36283

SHA256
26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

SHA512
941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_filipino.wnry
Filesize
36KB

MD5
08b9e69b57e4c9b966664f8e1c27ab09

SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa

SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_finnish.wnry
Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_french.wnry
Filesize
37KB

MD5
4e57113a6bf6b88fdd32782a4a381274

SHA1
0fccbc91f0f94453d91670c6794f71348711061d

SHA256
9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

SHA512
4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_german.wnry
Filesize
36KB

MD5
3d59bbb5553fe03a89f817819540f469

SHA1
26781d4b06ff704800b463d0f1fca3afd923a9fe

SHA256
2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

SHA512
95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_greek.wnry
Filesize
47KB

MD5
fb4e8718fea95bb7479727fde80cb424

SHA1
1088c7653cba385fe994e9ae34a6595898f20aeb

SHA256
e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

SHA512
24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_indonesian.wnry
Filesize
36KB

MD5
3788f91c694dfc48e12417ce93356b0f

SHA1
eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

SHA256
23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

SHA512
b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_italian.wnry
Filesize
36KB

MD5
30a200f78498990095b36f574b6e8690

SHA1
c4b1b3c087bd12b063e98bca464cd05f3f7b7882

SHA256
49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07

SHA512
c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_japanese.wnry
Filesize
79KB

MD5
b77e1221f7ecd0b5d696cb66cda1609e

SHA1
51eb7a254a33d05edf188ded653005dc82de8a46

SHA256
7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

SHA512
f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_korean.wnry
Filesize
89KB

MD5
6735cb43fe44832b061eeb3f5956b099

SHA1
d636daf64d524f81367ea92fdafa3726c909bee1

SHA256
552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0

SHA512
60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_latvian.wnry
Filesize
40KB

MD5
c33afb4ecc04ee1bcc6975bea49abe40

SHA1
fbea4f170507cde02b839527ef50b7ec74b4821f

SHA256
a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536

SHA512
0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_norwegian.wnry
Filesize
36KB

MD5
ff70cc7c00951084175d12128ce02399

SHA1
75ad3b1ad4fb14813882d88e952208c648f1fd18

SHA256
cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a

SHA512
f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_polish.wnry
Filesize
38KB

MD5
e79d7f2833a9c2e2553c7fe04a1b63f4

SHA1
3d9f56d2381b8fe16042aa7c4feb1b33f2baebff

SHA256
519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e

SHA512
e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_portuguese.wnry
Filesize
37KB

MD5
fa948f7d8dfb21ceddd6794f2d56b44f

SHA1
ca915fbe020caa88dd776d89632d7866f660fc7a

SHA256
bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66

SHA512
0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
902121984e27601ddf59432e4b9c6079

SHA1
b82c6af6b09377f605c2376c68da209cd1444cdd

SHA256
e3d955d86642c64d10407ef987424d000b2684fe80a27ccfbce4e7716a8efa71

SHA512
202c257cded95df25c97ce8f54d1e796ab814f6c4a43cde615d092133e0b6e50d7effd7e35789ed58bb8540e7e33e2f23f8981dd1661ab74f739db5d7e6e8e40

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
Filesize
3.9MB

MD5
4041dca9ad85852d696570fcd5da893c

SHA1
b7ec9a6967960450fa6202671f1f9f4a3630fad5

SHA256
e009cf8c60d5e5b77e5ecf6a6e17568b7681f741aebc83aa5ac94a11ca2049d7

SHA512
8d91bfc8636e0029d1a444824b5f81ed73f7c5ba16f19fda34b8222ac49076aaf15fc51279f647fd42c1df60a4d8bc00f1ed66a562166caa791ab393341cc451

Download Submit
C:\Users\Admin\Downloads\@Please_Read_Me@.txt.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
944B

MD5
f98f48d9e40103b73103321f662da84b

SHA1
06a87122d2e9b8f8243bd5020651e43f2c237024

SHA256
08ab606ad2bdcd4b35d25f935a4e1b3431c3d15e3e080311bda61f93cd29470a

SHA512
247edc67c7cf154b07577007dc430e14417ff0e547facb6bbcb314bcff3e3db54c409fbcdfa874369dca445e28e4c3f73d7552722b589fa3f656ddae13b7b004

Download Submit
C:\Users\Admin\Downloads\InfinityCrypt.zip
Filesize
33KB

MD5
5569bfe4f06724dd750c2a4690b79ba0

SHA1
05414c7d5dacf43370ab451d28d4ac27bdcabf22

SHA256
cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527

SHA512
775bd600625dc5d293cfebb208d7dc9b506b08dd0da22124a7a69fb435756c2a309cbd3d813fc78543fd9bae7e9b286a5bd83a956859c05f5656daa96fcc2165

Download Submit
C:\Users\Admin\Downloads\InfinityCrypt.zip:Zone.Identifier
Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\WannaCrypt0r.zip
Filesize
3.3MB

MD5
e58fdd8b0ce47bcb8ffd89f4499d186d

SHA1
b7e2334ac6e1ad75e3744661bb590a2d1da98b03

SHA256
283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a

SHA512
95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c

Download Submit
C:\Users\Admin\Downloads\WannaCrypt0r.zip
Filesize
1.6MB

MD5
a145306b516589fe213217da2aa69237

SHA1
8c30fb0c27b25cb5ae07142b81d980470e199dc6

SHA256
4b858f5b052791ed802a72f02ab753186503e44126b0385d8114a619a483ba4a

SHA512
9433d64075ebfe639bcbb8edc7dbf5fb47ff9efcfb3a695cb0867b3f5a80556d5f8bd91c006d20958ec4346d763afa364b6f6f1786999a8f11bc43f671a0813e

Download Submit
C:\Users\Public\Desktop\@WanaDecryptor@.exe.F9794648423B22AD4D894FE27EBBF565794BDEBC16EF5CCDBA216128578450AE
Filesize
240KB

MD5
1c649e3ee65e20ccabea9be624ce27ef

SHA1
47a3e451157662b36b76a1548d134c7a81a9ebb7

SHA256
ad6789d8d24178d42d35497e516846e64347715b96d7bb29ca91e7d55d0b14c5

SHA512
055a13ebe92423ab95818f43ec5d3003bccad64f832715f410155d0f6ba3e34dd3e5e883d1f29fd48e5cf25d19f566e408d192448abaf56205de7edc9a4b3283

Download Submit
\??\pipe\LOCAL\crashpad_3808_UITQMEQVSMARXFEY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/924-4198-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/1104-5684-0x0000000000790000-0x0000000000A8E000-memory.dmp

Filesize
3.0MB

Download
memory/1104-5862-0x000000006F370000-0x000000006F58C000-memory.dmp

Filesize
2.1MB

Download
memory/1104-6604-0x0000000000790000-0x0000000000A8E000-memory.dmp

Filesize
3.0MB

Download
memory/1104-6599-0x000000006F370000-0x000000006F58C000-memory.dmp

Filesize
2.1MB

Download
memory/1104-5672-0x000000006F5B0000-0x000000006F632000-memory.dmp

Filesize
520KB

Download
memory/1104-5674-0x000000006F370000-0x000000006F58C000-memory.dmp

Filesize
2.1MB

Download
memory/1104-5682-0x000000006F2E0000-0x000000006F362000-memory.dmp

Filesize
520KB

Download
memory/1104-5677-0x000000006F2E0000-0x000000006F362000-memory.dmp

Filesize
520KB

Download
memory/1104-6596-0x0000000000790000-0x0000000000A8E000-memory.dmp

Filesize
3.0MB

Download
memory/1104-5687-0x000000006F2B0000-0x000000006F2D2000-memory.dmp

Filesize
136KB

Download
memory/1104-5689-0x0000000000790000-0x0000000000A8E000-memory.dmp

Filesize
3.0MB

Download
memory/1104-5681-0x000000006F2B0000-0x000000006F2D2000-memory.dmp

Filesize
136KB

Download
memory/1104-5714-0x0000000000790000-0x0000000000A8E000-memory.dmp

Filesize
3.0MB

Download
memory/1104-5717-0x000000006F590000-0x000000006F5AC000-memory.dmp

Filesize
112KB

Download
memory/1104-5719-0x000000006F370000-0x000000006F58C000-memory.dmp

Filesize
2.1MB

Download
memory/1104-5716-0x000000006F5B0000-0x000000006F632000-memory.dmp

Filesize
520KB

Download
memory/1104-5721-0x000000006F230000-0x000000006F2A7000-memory.dmp

Filesize
476KB

Download
memory/1104-5859-0x0000000000790000-0x0000000000A8E000-memory.dmp

Filesize
3.0MB

Download
memory/1104-5860-0x000000006F5B0000-0x000000006F632000-memory.dmp

Filesize
520KB

Download
memory/1104-6537-0x0000000000790000-0x0000000000A8E000-memory.dmp

Filesize
3.0MB

Download
memory/1104-5865-0x000000006F2E0000-0x000000006F362000-memory.dmp

Filesize
520KB

Download
memory/1104-6005-0x0000000000790000-0x0000000000A8E000-memory.dmp

Filesize
3.0MB

Download
memory/1104-6006-0x0000000000790000-0x0000000000A8E000-memory.dmp

Filesize
3.0MB

Download
memory/1104-6009-0x000000006F370000-0x000000006F58C000-memory.dmp

Filesize
2.1MB

Download
memory/1104-6111-0x000000006F370000-0x000000006F58C000-memory.dmp

Filesize
2.1MB

Download
memory/1104-6104-0x0000000000790000-0x0000000000A8E000-memory.dmp

Filesize
3.0MB

Download
memory/2124-1629-0x0000000074360000-0x0000000074B11000-memory.dmp

Filesize
7.7MB

Download
memory/2124-1330-0x0000000005C40000-0x0000000005C96000-memory.dmp

Filesize
344KB

Download
memory/2124-1325-0x0000000005930000-0x00000000059CC000-memory.dmp

Filesize
624KB

Download
memory/2124-1324-0x0000000074360000-0x0000000074B11000-memory.dmp

Filesize
7.7MB

Download
memory/2124-1327-0x0000000005AB0000-0x0000000005B42000-memory.dmp

Filesize
584KB

Download
memory/2124-1323-0x0000000000EA0000-0x0000000000EDC000-memory.dmp

Filesize
240KB

Download
memory/2124-6578-0x00000000017F0000-0x0000000001856000-memory.dmp

Filesize
408KB

Download
memory/2124-2256-0x0000000005CA0000-0x0000000005CB0000-memory.dmp

Filesize
64KB

Download
memory/2124-1326-0x0000000005FC0000-0x0000000006566000-memory.dmp

Filesize
5.6MB

Download
memory/2124-1329-0x0000000005A20000-0x0000000005A2A000-memory.dmp

Filesize
40KB

Download
memory/2124-6603-0x0000000005CA0000-0x0000000005CB0000-memory.dmp

Filesize
64KB

Download
memory/2124-1328-0x0000000005CA0000-0x0000000005CB0000-memory.dmp

Filesize
64KB

Download