Overview

overview

10

Static

static

3

winmugen.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    714s
  • max time network
    725s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-03-2024 21:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    winmugen.exe

  • Size

    728KB

  • MD5

    6ab193c70ef923b6154eafb1ee2e696a

  • SHA1

    53d593a6ddac66b983b1794f64ea97c98ead9913

  • SHA256

    92b3b971492599d2e1b08719dd5a7859431bc743292c3395621f2bbd215e6c16

  • SHA512

    964b880510669f1c8a7698027e706be4aefb3fc6db5115016ff261193f45f21b98f6d68d9a1c4d268b71251de483ac075a020118ae40a875f47bc6dc5e12c9a1

  • SSDEEP

    12288:ajIz30Z/s+e9+N4mYS0x0I2fEKs7hkpOxiO0yRB1ykhIKCPHr7dES6Ync8lL:ajIz3093Y+uDS06I5KFkxid6BogIKCDf

Score
10/10
wannacrydiscoverypersistenceransomwarespywarestealerworm

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �
Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Modifies Installed Components in the registry 2 TTPs 4 IoCs
    persistence
  • Drops startup file 2 IoCs
  • Executes dropped EXE 15 IoCs
  • Loads dropped DLL 13 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 6 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 3 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 27 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 41 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\winmugen.exe
    "C:\Users\Admin\AppData\Local\Temp\winmugen.exe"
    1⤵
      PID:3636
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3280
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff191646f8,0x7fff19164708,0x7fff19164718
        2⤵
          PID:3612
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
          2⤵
            PID:2540
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1888
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
            2⤵
              PID:2360
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
              2⤵
                PID:4656
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
                2⤵
                  PID:2004
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
                  2⤵
                    PID:2212
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
                    2⤵
                      PID:4408
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1
                      2⤵
                        PID:1940
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
                        2⤵
                          PID:3828
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
                          2⤵
                            PID:3520
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1720
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1
                            2⤵
                              PID:4996
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1
                              2⤵
                                PID:4088
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
                                2⤵
                                  PID:2828
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
                                  2⤵
                                    PID:4528
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
                                    2⤵
                                      PID:2884
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1348 /prefetch:1
                                      2⤵
                                        PID:4332
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
                                        2⤵
                                          PID:1188
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
                                          2⤵
                                            PID:3164
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
                                            2⤵
                                              PID:3880
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5284 /prefetch:2
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:4792
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
                                              2⤵
                                                PID:4296
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
                                                2⤵
                                                  PID:464
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
                                                  2⤵
                                                    PID:4808
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
                                                    2⤵
                                                      PID:5308
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6772 /prefetch:8
                                                      2⤵
                                                        PID:536
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
                                                        2⤵
                                                          PID:5612
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7208 /prefetch:8
                                                          2⤵
                                                            PID:6120
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7132 /prefetch:8
                                                            2⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:5140
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6968 /prefetch:8
                                                            2⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:6100
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
                                                            2⤵
                                                              PID:5956
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
                                                              2⤵
                                                                PID:696
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
                                                                2⤵
                                                                  PID:4256
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1
                                                                  2⤵
                                                                    PID:5160
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
                                                                    2⤵
                                                                      PID:5972
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
                                                                      2⤵
                                                                        PID:5272
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
                                                                        2⤵
                                                                          PID:716
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,8291025912812212289,10063342747334997377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6392 /prefetch:8
                                                                          2⤵
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:2356
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                                        1⤵
                                                                          PID:1056
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff191646f8,0x7fff19164708,0x7fff19164718
                                                                            2⤵
                                                                              PID:452
                                                                          • C:\Windows\system32\werfault.exe
                                                                            werfault.exe /h /shared Global\51dbf299cb2c49ab8d927feba54a54af /t 3556 /p 3552
                                                                            1⤵
                                                                              PID:2384
                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                              1⤵
                                                                                PID:1892
                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                1⤵
                                                                                  PID:228
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Modifies Installed Components in the registry
                                                                                  • Enumerates connected drives
                                                                                  • Checks SCSI registry key(s)
                                                                                  • Modifies registry class
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  • Suspicious use of FindShellTrayWindow
                                                                                  • Suspicious use of SendNotifyMessage
                                                                                  PID:1312
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:4464
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                  • Modifies registry class
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:1224
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Modifies Installed Components in the registry
                                                                                  • Enumerates connected drives
                                                                                  • Checks SCSI registry key(s)
                                                                                  • Modifies registry class
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  • Suspicious use of FindShellTrayWindow
                                                                                  • Suspicious use of SendNotifyMessage
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:716
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                  • Enumerates system info in registry
                                                                                  • Modifies Internet Explorer settings
                                                                                  • Modifies registry class
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:3868
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                  1⤵
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:3560
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                  • Enumerates system info in registry
                                                                                  • Modifies Internet Explorer settings
                                                                                  • Modifies registry class
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:6100
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                  • Enumerates system info in registry
                                                                                  • Modifies Internet Explorer settings
                                                                                  • Modifies registry class
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:972
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                  • Enumerates system info in registry
                                                                                  • Modifies Internet Explorer settings
                                                                                  • Modifies registry class
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:3936
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                  • Enumerates system info in registry
                                                                                  • Modifies Internet Explorer settings
                                                                                  • Modifies registry class
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:5724
                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                  1⤵
                                                                                  • Enumerates system info in registry
                                                                                  • Modifies Internet Explorer settings
                                                                                  • Modifies registry class
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:1468
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                  • Modifies Installed Components in the registry
                                                                                  • Enumerates connected drives
                                                                                  • Checks SCSI registry key(s)
                                                                                  • Modifies Internet Explorer settings
                                                                                  • Modifies registry class
                                                                                  • Suspicious behavior: AddClipboardFormatListener
                                                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:5592
                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected]
                                                                                    "C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected]"
                                                                                    2⤵
                                                                                    • Drops startup file
                                                                                    • Executes dropped EXE
                                                                                    • Sets desktop wallpaper using registry
                                                                                    PID:5900
                                                                                    • C:\Windows\SysWOW64\attrib.exe
                                                                                      attrib +h .
                                                                                      3⤵
                                                                                      • Views/modifies file attributes
                                                                                      PID:5936
                                                                                    • C:\Windows\SysWOW64\icacls.exe
                                                                                      icacls . /grant Everyone:F /T /C /Q
                                                                                      3⤵
                                                                                      • Modifies file permissions
                                                                                      PID:1660
                                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
                                                                                      taskdl.exe
                                                                                      3⤵
                                                                                      • Executes dropped EXE
                                                                                      PID:5812
                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                      C:\Windows\system32\cmd.exe /c 202061710971608.bat
                                                                                      3⤵
                                                                                        PID:5568
                                                                                        • C:\Windows\SysWOW64\cscript.exe
                                                                                          cscript.exe //nologo m.vbs
                                                                                          4⤵
                                                                                            PID:5976
                                                                                        • C:\Windows\SysWOW64\attrib.exe
                                                                                          attrib +h +s F:\$RECYCLE
                                                                                          3⤵
                                                                                          • Views/modifies file attributes
                                                                                          PID:6028
                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
                                                                                          taskdl.exe
                                                                                          3⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:3452
                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
                                                                                          taskdl.exe
                                                                                          3⤵
                                                                                          • Executes dropped EXE
                                                                                          PID:5516
                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
                                                                                          @[email protected] co
                                                                                          3⤵
                                                                                          • Executes dropped EXE
                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                          PID:4808
                                                                                          • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exe
                                                                                            TaskData\Tor\taskhsvc.exe
                                                                                            4⤵
                                                                                            • Executes dropped EXE
                                                                                            • Loads dropped DLL
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            PID:4256
                                                                                          • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\taskhsvc.exe
                                                                                            TaskData\Tor\taskhsvc.exe
                                                                                            4⤵
                                                                                            • Executes dropped EXE
                                                                                            • Loads dropped DLL
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            PID:2336
                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                          cmd.exe /c start /b @[email protected] vs
                                                                                          3⤵
                                                                                            PID:708
                                                                                            • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
                                                                                              @[email protected] vs
                                                                                              4⤵
                                                                                              • Executes dropped EXE
                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                              PID:3760
                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
                                                                                                5⤵
                                                                                                  PID:4972
                                                                                                  • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                                    wmic shadowcopy delete
                                                                                                    6⤵
                                                                                                      PID:1444
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
                                                                                                taskdl.exe
                                                                                                3⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:1720
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
                                                                                                taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
                                                                                                3⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:4576
                                                                                              • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
                                                                                                @[email protected]
                                                                                                3⤵
                                                                                                • Executes dropped EXE
                                                                                                • Sets desktop wallpaper using registry
                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                PID:448
                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "akgdoowspmymzqz517" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\tasksche.exe\"" /f
                                                                                                3⤵
                                                                                                  PID:972
                                                                                                • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskse.exe
                                                                                                  taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:4104
                                                                                                • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\taskdl.exe
                                                                                                  taskdl.exe
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:4616
                                                                                              • C:\Users\Admin\Desktop\@[email protected]
                                                                                                "C:\Users\Admin\Desktop\@[email protected]"
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                • Sets desktop wallpaper using registry
                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                PID:3624
                                                                                              • C:\Windows\system32\NOTEPAD.EXE
                                                                                                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\@[email protected]
                                                                                                2⤵
                                                                                                  PID:2244
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                                1⤵
                                                                                                • Modifies registry class
                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                PID:5928
                                                                                              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                1⤵
                                                                                                • Enumerates system info in registry
                                                                                                • Modifies Internet Explorer settings
                                                                                                • Modifies registry class
                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                PID:5520
                                                                                              • C:\Windows\system32\WerFault.exe
                                                                                                C:\Windows\system32\WerFault.exe -pss -s 572 -p 5520 -ip 5520
                                                                                                1⤵
                                                                                                  PID:5956
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                  • Enumerates system info in registry
                                                                                                  • Modifies Internet Explorer settings
                                                                                                  • Modifies registry class
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:5208
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                  • Enumerates system info in registry
                                                                                                  • Modifies Internet Explorer settings
                                                                                                  • Modifies registry class
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:1540
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                  • Enumerates system info in registry
                                                                                                  • Modifies Internet Explorer settings
                                                                                                  • Modifies registry class
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:3828
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                  • Enumerates system info in registry
                                                                                                  • Modifies Internet Explorer settings
                                                                                                  • Modifies registry class
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:828
                                                                                                • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                  1⤵
                                                                                                  • Enumerates system info in registry
                                                                                                  • Modifies Internet Explorer settings
                                                                                                  • Modifies registry class
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:2012
                                                                                                • C:\Windows\System32\rundll32.exe
                                                                                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                  1⤵
                                                                                                    PID:5368
                                                                                                  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                    1⤵
                                                                                                      PID:4204
                                                                                                    • C:\Windows\SysWOW64\werfault.exe
                                                                                                      werfault.exe /h /shared Global\ed4128591129403ba0d7643456ae9174 /t 4480 /p 3624
                                                                                                      1⤵
                                                                                                        PID:2620
                                                                                                      • C:\Windows\system32\OpenWith.exe
                                                                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                        1⤵
                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                        PID:208
                                                                                                      • C:\Windows\system32\vssvc.exe
                                                                                                        C:\Windows\system32\vssvc.exe
                                                                                                        1⤵
                                                                                                          PID:3824
                                                                                                        • C:\Windows\explorer.exe
                                                                                                          explorer.exe
                                                                                                          1⤵
                                                                                                          • Modifies Installed Components in the registry
                                                                                                          PID:5760

                                                                                                        Network

                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                        Reconnaissance

                                                                                                        Resource Development

                                                                                                        Initial Access

                                                                                                        Execution

                                                                                                        Persistence

                                                                                                        Boot or Logon Autostart Execution

                                                                                                        1
                                                                                                        T1547

                                                                                                        Registry Run Keys / Startup Folder

                                                                                                        1
                                                                                                        T1547.001

                                                                                                        Privilege Escalation

                                                                                                        Boot or Logon Autostart Execution

                                                                                                        1
                                                                                                        T1547

                                                                                                        Registry Run Keys / Startup Folder

                                                                                                        1
                                                                                                        T1547.001

                                                                                                        Defense Evasion

                                                                                                        File and Directory Permissions Modification

                                                                                                        1
                                                                                                        T1222

                                                                                                        Hide Artifacts

                                                                                                        1
                                                                                                        T1564

                                                                                                        Hidden Files and Directories

                                                                                                        1
                                                                                                        T1564.001

                                                                                                        Indicator Removal

                                                                                                        1
                                                                                                        T1070

                                                                                                        File Deletion

                                                                                                        1
                                                                                                        T1070.004

                                                                                                        Modify Registry

                                                                                                        3
                                                                                                        T1112

                                                                                                        Credential Access

                                                                                                        Unsecured Credentials

                                                                                                        1
                                                                                                        T1552

                                                                                                        Credentials In Files

                                                                                                        1
                                                                                                        T1552.001

                                                                                                        Discovery

                                                                                                        Peripheral Device Discovery

                                                                                                        2
                                                                                                        T1120

                                                                                                        Query Registry

                                                                                                        4
                                                                                                        T1012

                                                                                                        System Information Discovery

                                                                                                        4
                                                                                                        T1082

                                                                                                        Lateral Movement

                                                                                                        Collection

                                                                                                        Data from Local System

                                                                                                        1
                                                                                                        T1005

                                                                                                        Command and Control

                                                                                                        Web Service

                                                                                                        1
                                                                                                        T1102

                                                                                                        Exfiltration

                                                                                                        Impact

                                                                                                        Defacement

                                                                                                        1
                                                                                                        T1491

                                                                                                        Inhibit System Recovery

                                                                                                        1
                                                                                                        T1490

                                                                                                        Replay Monitor

                                                                                                        Loading Replay Monitor...

                                                                                                        Downloads

                                                                                                        • C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          73e7253ca04b66500a2d3f968e203753

                                                                                                          SHA1

                                                                                                          2a3d349e3886e4f8199115c69abd8ec952153c75

                                                                                                          SHA256

                                                                                                          3b563ce4b2462c13ccb80aa079bbe9125e3df23201e54d94a70b969b9f10534e

                                                                                                          SHA512

                                                                                                          2bf885b0bc3a3e36ed3470fc79b134a3b3c5c9bbd04168bad29e1e656560384e1afdace839e868ca37127bc818d3945cb5a14476f2c79ffb82a8732015b0ed6a

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                          Filesize

                                                                                                          471B

                                                                                                          MD5

                                                                                                          abc8bd25a287a6d4f0db456ab8f9f44c

                                                                                                          SHA1

                                                                                                          ab31d75915fbefc74debc1713fca0484f6188aa6

                                                                                                          SHA256

                                                                                                          b93132eb8760aa06e9445f55717bae67df70935ff16e079e41a4fc9cfe1a7ee0

                                                                                                          SHA512

                                                                                                          01931716710cc6b7b07b50896a63d958a914d07d3a440c53f8e2a9d3e735c78d888b4621772172787e29f0e58ddf9dd5495b7a8c78b2ffe1ee0d23d46f05ee89

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                                                                                          Filesize

                                                                                                          412B

                                                                                                          MD5

                                                                                                          7c0daf482c63efb2c2ecd15877c8d91b

                                                                                                          SHA1

                                                                                                          612bdb2595af7c1fdc3460c0bd548008c9a43f6f

                                                                                                          SHA256

                                                                                                          6906f18fca5e2f4a5b4b4d7d0d20fa925b2c90fbcb6c40a9b92c28e690de41d2

                                                                                                          SHA512

                                                                                                          eb2b4a33941221d3139fea50c37f4eadcde4ebfd07c452b48adebbb82f1042530fc7247ed67cc1c501859bc43e37688114b63363a29a3496994f796f79b3f74d

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\44dba165-a042-47d5-ab6a-d1b7beb3a30b.tmp
                                                                                                          Filesize

                                                                                                          11KB

                                                                                                          MD5

                                                                                                          8a8698fef043495d64a88fdb07d29999

                                                                                                          SHA1

                                                                                                          ec5af825ab98cd1e963a53fa1e68cd7bfe8b35b8

                                                                                                          SHA256

                                                                                                          631ab0b0ae076edfa679ae468f70aaa7b48ceb2dcb0e96829c144654f14401b5

                                                                                                          SHA512

                                                                                                          62351809b9c47460d53edb0e7fd8ef61b50e21d6ccba73ae5f2fbba72237c5d257f83c122afc667a847b445453cad8f9049c7dc9e669acfaf44a11821fc430d9

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                          Filesize

                                                                                                          152B

                                                                                                          MD5

                                                                                                          36bb45cb1262fcfcab1e3e7960784eaa

                                                                                                          SHA1

                                                                                                          ab0e15841b027632c9e1b0a47d3dec42162fc637

                                                                                                          SHA256

                                                                                                          7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

                                                                                                          SHA512

                                                                                                          02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                          Filesize

                                                                                                          152B

                                                                                                          MD5

                                                                                                          1e3dc6a82a2cb341f7c9feeaf53f466f

                                                                                                          SHA1

                                                                                                          915decb72e1f86e14114f14ac9bfd9ba198fdfce

                                                                                                          SHA256

                                                                                                          a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

                                                                                                          SHA512

                                                                                                          0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
                                                                                                          Filesize

                                                                                                          19KB

                                                                                                          MD5

                                                                                                          2e86a72f4e82614cd4842950d2e0a716

                                                                                                          SHA1

                                                                                                          d7b4ee0c9af735d098bff474632fc2c0113e0b9c

                                                                                                          SHA256

                                                                                                          c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

                                                                                                          SHA512

                                                                                                          7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
                                                                                                          Filesize

                                                                                                          33KB

                                                                                                          MD5

                                                                                                          802bb9568efcd0fbad062fb0da7659f9

                                                                                                          SHA1

                                                                                                          302b4266eee77c2391a36791fd0a30990d7813a7

                                                                                                          SHA256

                                                                                                          89bca75089bbf56b83cb00492097d5a19c1d502ab88c136bd70bef0b5de1b42b

                                                                                                          SHA512

                                                                                                          29dd36e3250e39547069644182441b74edae3d2a2304061a8b762c90364a670705656af5cad556e8147352e1a81b259740cda852270a9fdf6ff3dfa8104e3b93

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                                                          Filesize

                                                                                                          64KB

                                                                                                          MD5

                                                                                                          d6b36c7d4b06f140f860ddc91a4c659c

                                                                                                          SHA1

                                                                                                          ccf16571637b8d3e4c9423688c5bd06167bfb9e9

                                                                                                          SHA256

                                                                                                          34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

                                                                                                          SHA512

                                                                                                          2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                                                                                          Filesize

                                                                                                          67KB

                                                                                                          MD5

                                                                                                          88a552e6be1ac3978c49143983276b3a

                                                                                                          SHA1

                                                                                                          dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

                                                                                                          SHA256

                                                                                                          927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

                                                                                                          SHA512

                                                                                                          125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
                                                                                                          Filesize

                                                                                                          65KB

                                                                                                          MD5

                                                                                                          56d57bc655526551f217536f19195495

                                                                                                          SHA1

                                                                                                          28b430886d1220855a805d78dc5d6414aeee6995

                                                                                                          SHA256

                                                                                                          f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

                                                                                                          SHA512

                                                                                                          7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
                                                                                                          Filesize

                                                                                                          88KB

                                                                                                          MD5

                                                                                                          b38fbbd0b5c8e8b4452b33d6f85df7dc

                                                                                                          SHA1

                                                                                                          386ba241790252df01a6a028b3238de2f995a559

                                                                                                          SHA256

                                                                                                          b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

                                                                                                          SHA512

                                                                                                          546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
                                                                                                          Filesize

                                                                                                          1.1MB

                                                                                                          MD5

                                                                                                          68304f53cc99561803794a2fda621d3d

                                                                                                          SHA1

                                                                                                          b980064accfe2b9d1fad634292c5bff5e627fb00

                                                                                                          SHA256

                                                                                                          5ad64060bbc6cb40de882aab23924dd53fc283e045d436466d6227a1cd26be5c

                                                                                                          SHA512

                                                                                                          8a249f2893882cf9d0bb628941fc39ced22fc8c661038ec0aaae79811e16e70e9868b788a3742305c24f2fb6a1ea51ba875f8efc6996a52976414f4a03d133aa

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                          Filesize

                                                                                                          96B

                                                                                                          MD5

                                                                                                          d6717a65ee65fadf69616fed60e53ac7

                                                                                                          SHA1

                                                                                                          98d96cc810a1fbf0394f22d4e7d4f3cb3e68c43d

                                                                                                          SHA256

                                                                                                          3c42e216222c6fc211dabc5e0200b81a0d8d956c4202f2940bd80a9f0f1b5e77

                                                                                                          SHA512

                                                                                                          cb304e8175854c923504bd4b9562283561b0f5ea5de3f3689ac36853176615fc84213fc44e3645e2f5c7ff438c40e94f4263906473f1d60a7ee9e521e5746145

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                          Filesize

                                                                                                          96B

                                                                                                          MD5

                                                                                                          42d6c13a0ceef6749395d0fa75a18556

                                                                                                          SHA1

                                                                                                          f439cad08abac94e77b7a1937109db1a879d145b

                                                                                                          SHA256

                                                                                                          ad4e8cd6ce0b01ec500ded87457fa72eebfd9841d51e0e5e90d68e7231f202d3

                                                                                                          SHA512

                                                                                                          7d73999c90421da0a1dc7da2b904a612f3291f0d5fcbaa578d043dceda8fe8ec903f4c36d66277841970652790c88f6ba3a9c51b58ecc3199a368e16924d8934

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          MD5

                                                                                                          fd107cf98f9b8aaae100f657555237ad

                                                                                                          SHA1

                                                                                                          5f7c286435130f856405b8666694b1e17c9df5fa

                                                                                                          SHA256

                                                                                                          791377fd35da9275662cbb35d6d34ca31f16fbc04a38faf606a572b068f1994c

                                                                                                          SHA512

                                                                                                          ffd2dfe18a07313f0bf09fa8def2056d751669b8314dc9ea6ad285a98bfcf13ac79b17116a7619a2e80b6f4ae73758fdb12981ea6b3ef38766e8a8b2d61a9188

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          MD5

                                                                                                          546ae72caf6bd7972b6f2acb5be7ae1f

                                                                                                          SHA1

                                                                                                          a0cf3ad3132d63adf2d19a152434cad010c5eb78

                                                                                                          SHA256

                                                                                                          6da90557d62a6208bde01dfff550120a2a5371913b2f1da3d3b76dd8f6e3508c

                                                                                                          SHA512

                                                                                                          08850193b830987be179478c41aa5f6502120e1e6adbb500b2739d51e957bf0542b608bcab16783ecec1d8d135d92a539096990525c63f6bc64705233f603707

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                          Filesize

                                                                                                          930B

                                                                                                          MD5

                                                                                                          4be3ce30de931215e35e7e87dd4bca9c

                                                                                                          SHA1

                                                                                                          ded810a9b88282d2000b67c9a52fca26d6c96fa7

                                                                                                          SHA256

                                                                                                          3e902e3b6fe21772c7febe2efd54a1e0f374da41e786fa34edbdc928bcc3b612

                                                                                                          SHA512

                                                                                                          34a7c29d3aafc4fd3d5cdd5e48ba531a14a501f8bbc0baf437a4a64cec7d1d58d6df39e7b226a03c78c871483f2e41dd4c2c6304d8c0ed25b3606cc622b82c2e

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                          Filesize

                                                                                                          248B

                                                                                                          MD5

                                                                                                          aa5c9ef101e0cca61678dcaed524270e

                                                                                                          SHA1

                                                                                                          94f9882349038ee458e04301b6ec123b0952860f

                                                                                                          SHA256

                                                                                                          cf77a8227d134ac5fec1aff2b71ab2d8ff3f89b588639ee06904b6578eabf404

                                                                                                          SHA512

                                                                                                          81717f814dbccb17f1dab5c07b48c63a43ab326bd764e7ffef704567a99356bdf66bc47e3a06b3cf9ae9c0d09e872d5d7415fff1282d7ef759278832a8fdfe1f

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                          Filesize

                                                                                                          248B

                                                                                                          MD5

                                                                                                          63f42f1c79e98255682111419bced474

                                                                                                          SHA1

                                                                                                          392a69cc46c562c9e64eca8816292a2fa62fabea

                                                                                                          SHA256

                                                                                                          b4961ea15fb968ed3aaa6eb5241233e07e85721d48a2448648f641f433064362

                                                                                                          SHA512

                                                                                                          fd54189b134af5d282743f6572bc86af41ff43e8f5c034c9c58cb96c3bb9160c8fe356c8d833ae96019b9834c5ac4c00043a91b97e8d3da6cac055605fa2e7e9

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                          Filesize

                                                                                                          930B

                                                                                                          MD5

                                                                                                          6a43902a96b8a4f81c66bc1f3335f69d

                                                                                                          SHA1

                                                                                                          2d47351df92a18c80b156109e5b49b0e9e39c471

                                                                                                          SHA256

                                                                                                          e02709d5e71d37a8ccca23e195320c62b3949abace9f04d4a8e00c63cac526dc

                                                                                                          SHA512

                                                                                                          566fd822578740eecc59f3f62acf78077acb2201708d7566e4ac980d0c2858babd9c99cceb4dd54730d2252fd085aa81a08ceb1087e5ac80f25bf73ba29f30cd

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          677d6ac11a925b409fb349683b9d5a32

                                                                                                          SHA1

                                                                                                          5dc770311dbd15b7c5fcd627a90ad7ec1136ffb2

                                                                                                          SHA256

                                                                                                          5230072e14270f24e59fbf3d80b168070e839c137e3b0259641268afc64e8992

                                                                                                          SHA512

                                                                                                          f9e1240a25e72adb6cf2676c3f4d682355f9b8de2e9aac099e76b97c3bd4a3244ac78e81dda6ea6556d6242abcd9a7f6604e16db98d4dfcdb980e5d341c77357

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          555c5798134ad23ba1f658e47d3a07e0

                                                                                                          SHA1

                                                                                                          720e6caaa185123d46cd9a96b0302cceba855c05

                                                                                                          SHA256

                                                                                                          d8de2d27abb865d504749d674370b0de16b5cc81e57905edb52a41cace71c270

                                                                                                          SHA512

                                                                                                          c20e301af03a0ec720c5009e168671c74457038cc8919ed4a1645dbbb4f98948d1e839f628bbac7f301ab1e6f0cc5cf61285bad0560967a6ae93435239987647

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          d5c431d7e74faa075fd8c8eb757ce5ca

                                                                                                          SHA1

                                                                                                          9cefa7223539f4a7a40abfefd9b2ef3a8ff248a0

                                                                                                          SHA256

                                                                                                          3202c4d58bf26649937fd0d7e1dd7edb9b9c462c3d32b5722cc6b37b3376ad4d

                                                                                                          SHA512

                                                                                                          b60731329b56dca8f96109b9e59471d0f5c4f8ba92ccad4e4fd3025c507ae948efbff6065876b62934346707e6631fec6e3a3d155f945c002b9ebe5578674b26

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          7KB

                                                                                                          MD5

                                                                                                          4d896b882ba4225e16525bad14ad5bc4

                                                                                                          SHA1

                                                                                                          f20a1bbfc61fadff3ca2274a80e7dff20ddf47be

                                                                                                          SHA256

                                                                                                          428e4b9e7ec0acef7e741ce992225db393d1c03e0f45ff372f1cf494e0acf955

                                                                                                          SHA512

                                                                                                          3110a89f04583b0a4de2d6d5a5473ac60a04783b72e56c0865e12735669aaf35ef4aebea5f231e967f1858bf5067e426a9ddfd5920d5be337f72a5bbade762c5

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          6KB

                                                                                                          MD5

                                                                                                          ce666d262302aaa33c77f33708d1e761

                                                                                                          SHA1

                                                                                                          c92bb8137a201fdfa7a2d15ee2baed7f33be9e2a

                                                                                                          SHA256

                                                                                                          190de039c3aafea7043e2e71b1e7ad93d4329c92640cb49d3848b801655de382

                                                                                                          SHA512

                                                                                                          08ff35877b550d237908e058eaf2b01ba9021f13c2588412fcf0431fbb8986d8a02570eccf3038faea5ec9a8703d3ff07780909f2bd76dfd09b68f66cc9fc0c9

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          6KB

                                                                                                          MD5

                                                                                                          c2eb63fb42d9fe4f385356bb814c5cb8

                                                                                                          SHA1

                                                                                                          d469e1f5f332f99aafba85c4376675fbb216ebdf

                                                                                                          SHA256

                                                                                                          439ac69f53cccb8babedd7061c133d0b2ccb9f35af552953d7f0e23ea4829a6c

                                                                                                          SHA512

                                                                                                          d4ebe1e17aab07daac2ea93a555dedeeb1d657096c790e3e5f4e558eb3f94382cf88f1b8894dfbbf84103ea7f60e79057d56945d7c17a2dd4ea818d621692692

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          6KB

                                                                                                          MD5

                                                                                                          2ecd34dbbd7437f9481c8d7defccec38

                                                                                                          SHA1

                                                                                                          3827422703fb6e19152b89d10b20f25d1219e2a0

                                                                                                          SHA256

                                                                                                          4241cc5702839a20b1816a22c76a139249595a85b72067f02d9b5930086dd6be

                                                                                                          SHA512

                                                                                                          eb0fbd84189d12dc6fa73452c40f536b76359fa6e8dbb9d17969eab436801ee58f780a28d7a611cdef626c225873b32105f4b0ac199d28a396390cdc6cf222af

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          7KB

                                                                                                          MD5

                                                                                                          f9c57b922009dd4448ff07f1f48d07b3

                                                                                                          SHA1

                                                                                                          cc5d025d13aabf462ffcb7985fc45b36457c926b

                                                                                                          SHA256

                                                                                                          0daca2bc3d319867981c3ac9914418d11c4f169b631252b4e660040e2796adea

                                                                                                          SHA512

                                                                                                          3fd176bcfa6a7e17f4bba9ad7842bfdaace66b4e839327bff20a98de71a0eb3c5c009c0f255ea40b4b2e20f26833e9d855fa520c6651f83c950d9ff16c36447f

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          7KB

                                                                                                          MD5

                                                                                                          7b9b98723e1dde8ec6e5e60d4305c7a8

                                                                                                          SHA1

                                                                                                          71ad77a4ea0251eb3b7007e211ce4be7b7dffd1c

                                                                                                          SHA256

                                                                                                          fb8bc9431d12547a45ab5a75212425a73472a9a18937b54ddec275d0f6bda1f9

                                                                                                          SHA512

                                                                                                          4e58c57c9acccc42dc0a4ff288f69b3d06a034a2cdfae72189808ffdec1e99f8a8f863d4b5bafe89cfb695551d91cb2606db78e0ade74c6972dc776cf7238439

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          6KB

                                                                                                          MD5

                                                                                                          721e9c772637efe399d348251f8dd808

                                                                                                          SHA1

                                                                                                          60d9f20f710c13be30d47a8a809fb019a770cc95

                                                                                                          SHA256

                                                                                                          58951da2f6eca1c154475fb0f7ef2db10d0fb49ea42c4a43dd66e5e77a69a77d

                                                                                                          SHA512

                                                                                                          8c5e9ee828f27c2c9554b1453f4d7f522fc8c192f182ec4fa25665a2192292a80a39dedb01b6886e1442f4ba8b0c20233ccd9e26b0bddd07d9dec38aa382af80

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          6KB

                                                                                                          MD5

                                                                                                          591819c4c3dfa8cd9c2e5a8f49c89459

                                                                                                          SHA1

                                                                                                          957c6d79b937209bd4ad2d14e7d380e465c71cdc

                                                                                                          SHA256

                                                                                                          e543fa78c23326c250af42589905e0a7ed9e710698f645250bdfab7046720a44

                                                                                                          SHA512

                                                                                                          9badcd912434a6bc0ea5d7d76ac8d545a57002cf91cc6390722e40e095d38b82ab8ebb9d25bdea2e037ae32a9612ebfbe2555ebe9ea4021dab8ac966630f3a55

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          7KB

                                                                                                          MD5

                                                                                                          c38ef1c7232df584b9a59388a93a5ad2

                                                                                                          SHA1

                                                                                                          daebe017b5a713d3592fcb496bed4191a5039097

                                                                                                          SHA256

                                                                                                          d846857461b895e4b22e5d1f2540116a093ee70279728333998ae868270eec0a

                                                                                                          SHA512

                                                                                                          7d877a3842bd47c7f4628e389765d578c3e0b610da0b2eac6534fc5b7dbf7f25d75ae57efd82684e141499d6e3d6ace0700f2cf16549ea8e625612b8284f1a0b

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          7KB

                                                                                                          MD5

                                                                                                          5c6fb61d6a301327b4caf6ad591c1710

                                                                                                          SHA1

                                                                                                          3615d80a1bd327dbff1da11089eba432c3257330

                                                                                                          SHA256

                                                                                                          9130ea16aae12d9bf293e73d84d6365dc65322c08aaaa965d25e8094fe52ee03

                                                                                                          SHA512

                                                                                                          77083fb2e6c1c37be865fa3e74d360603c8467b873e7a823acd42c2726b9cbd335d63142d84b22a42064a3e4d17616e3c7cc36a4655975bc25fac230c46aa42a

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          6KB

                                                                                                          MD5

                                                                                                          df6111fc0783dd53d72569448a1fce6c

                                                                                                          SHA1

                                                                                                          819a4b67bb255ff3d7964572d61d8cd583b776ff

                                                                                                          SHA256

                                                                                                          576362704b8ac38741d1e23e53a3c5274f1f63bedecaf6a51f30112efa342bf8

                                                                                                          SHA512

                                                                                                          fb4c37927bc0677b2292acbbfdb1143b265e1e57bf11b0fa042051aa90a62e61610e704c619f51a5e67534b1bb0d4e01fd604f685cd2a57d2bbc8b5617389578

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          7KB

                                                                                                          MD5

                                                                                                          460c54c2dd88f53f81484aedb5ee1bfa

                                                                                                          SHA1

                                                                                                          7161ad36ed7c02028e035663d0825443fbd38d26

                                                                                                          SHA256

                                                                                                          1f1fbe796a50d04ca0a4360fd7a65d5940d4e8fbb88545ab9690a14c115c04d8

                                                                                                          SHA512

                                                                                                          6cd4e1dbe7bfc0003e65eacf38f046f0cd55c034476edd3d8a07c23cec5a6ae157f8b0239a7257e42fe57e9e1b9df7c8e23ac6338cc7c77bb252a4a4ff2f38c0

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          6KB

                                                                                                          MD5

                                                                                                          2c1fd0f61f0dfbac23c2bed452784f31

                                                                                                          SHA1

                                                                                                          a2daaad514b4103a520417184dd605798c446afe

                                                                                                          SHA256

                                                                                                          ac7be6d00385fcd0735516a84334ab06035840f6b2f09da5867d5eedc21a9281

                                                                                                          SHA512

                                                                                                          e2f7a9cad07110c4d785a4d99316b96b466f61acbfb27778a51b500216c6c145969bb70cf4138cff452efca40f03ae5a94e8286c66e6f346258a9fa9377a9bfd

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          6KB

                                                                                                          MD5

                                                                                                          ee731c64f480454923b28f4f3ed3e29a

                                                                                                          SHA1

                                                                                                          013650681aca3c709b5a50d097af9e5a94fffa0d

                                                                                                          SHA256

                                                                                                          6c5be437357fa7b5b265792dfbd73990d8335b1a8a6a7a5afb46d7143ce3fad0

                                                                                                          SHA512

                                                                                                          b22250e017c52bcfe69e9913b9493a38c8d104264646470a7d35af7b3c6b81762f48c9b6b2f79d2033bf1f6bdb631bcb15592511707cc8f01ea9ca4344476c1e

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          7KB

                                                                                                          MD5

                                                                                                          bc54e99ee3a0cd7dba67e9e9cc78ce17

                                                                                                          SHA1

                                                                                                          d2229f6e05ac50e829db5f43d1e843ca6d6067cb

                                                                                                          SHA256

                                                                                                          5fdf53817d7961cff084a6eb5344f7e62c1609abcfc18395493fe7bb0750407f

                                                                                                          SHA512

                                                                                                          8f9121f27bb13c79d2c290a2f7339c8fcc3ee47becf3295de0679be9798059e328c5e5fc2e8e1e5ea072116482cc76988185f95551825502d38d062d7ee3cbb9

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          7KB

                                                                                                          MD5

                                                                                                          91df47871f3b6b6a0df054fcd3f0ab77

                                                                                                          SHA1

                                                                                                          df870afba00208f52ccbf2fbd36ee85575204764

                                                                                                          SHA256

                                                                                                          30148fee6ca4932d71af47ec00f586fc9ad04915beef4742d39e3234f6d52435

                                                                                                          SHA512

                                                                                                          5d6e97664c1d341aef85f435e8ebdb753bf99bc8077786a7666755c51ad7f246367bb40cd619412e519ca18b1896d7c34a54124dccc7e0393b0c4eccb42d5533

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          7KB

                                                                                                          MD5

                                                                                                          c2fe422efcfa203e0d9384bc634c3550

                                                                                                          SHA1

                                                                                                          08ef2a4f131b74ecde7e24c91d6965f3cc5901e0

                                                                                                          SHA256

                                                                                                          fb3ec6fa4505c4ed308280bfc8db8a0f2e6b9573dc3ad7bea4b2da307195005a

                                                                                                          SHA512

                                                                                                          58daada60137588337c6e2f028bade27d54932370b03392aac4d2811951df603d1f18f4ade62b910e695832cbec018f079db1e58ba0852aed589e46daf2b58b5

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                          Filesize

                                                                                                          7KB

                                                                                                          MD5

                                                                                                          eba2d05047cf3da2fb9a122e80651422

                                                                                                          SHA1

                                                                                                          8e4e3c45d428646f9c4ff0360e5328547b0601d2

                                                                                                          SHA256

                                                                                                          b977f42d36aed403300bec5948c7bc4b1993735c094cbafd18c981b2006e3de3

                                                                                                          SHA512

                                                                                                          fcab1f9a2c1acdf0c83dde97bcb44f2d4c84bde83940a5116202bf8bc6b1f169bbdd0a6c6953c193c832ff42753a36b59656caa319ec38ba11c8420ba9385203

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          873B

                                                                                                          MD5

                                                                                                          1f03863e601fd94261a8c5e0176f30e9

                                                                                                          SHA1

                                                                                                          573e8985d647fa103a586194837f8eadfe34f614

                                                                                                          SHA256

                                                                                                          f9796eed7959f4b449595435821bf5582e84e0ecc927ceed7d46749f5be6343b

                                                                                                          SHA512

                                                                                                          29d86a34064cab28835a0094619a69d9676e87f5bec039c0f68229f2e6abe4fd37511b9fb02cf8be3b639dd44979b76e4e4e065d9dca0ff7ef4ee98092932423

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          873B

                                                                                                          MD5

                                                                                                          a2e49ffb7e8cbc8d9e0d81cefd342423

                                                                                                          SHA1

                                                                                                          bcb076d1f7599eb7ab498cc09f3451e5ca775b79

                                                                                                          SHA256

                                                                                                          ae396ab5931911642d524bd18bacfb2f9369a2094a10d93248f85edfe9d649fc

                                                                                                          SHA512

                                                                                                          6bd2d2fd9e3db30e6bf8f99ba1d29734ca9ac679f395f7c6b0089c3d55c71a03fc8762bef92d214d2608d917da588c7daa701dfdb48af9e5c9ed8605e42c30c5

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          6db9feb14da21d2eb3af61d07450ccab

                                                                                                          SHA1

                                                                                                          3bd25f756c0a7d91aa9198bbd5435c5431b5c05b

                                                                                                          SHA256

                                                                                                          9c47546a5b0c162b7c62dd3af14dcfd1c3c077d6c4b55f33ea60d167725eeb66

                                                                                                          SHA512

                                                                                                          8de6081e0df8a4e37776d5650be8457e1eca1fc50242d1698917616a7a0db78784dac8af5ad7c0c04f1d5d434f4d03dba7713db27fc82ba2f1bf11b4b7dea517

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          06e81fa9f236f00a55db8a25b0a7cc7d

                                                                                                          SHA1

                                                                                                          24385c71e9f78d7f47de477f6345a6f549bb5ca3

                                                                                                          SHA256

                                                                                                          33638044b4d9606a56499f5cf5f24651c1f45f9fce594437792a8db3d93f4ab0

                                                                                                          SHA512

                                                                                                          13c591c414843ef3dee37ad66de9a23d994096e47e4bff3ee0e3d96ed5728e58f552cc89cbcf368c83bb7489aa5f16dd81439f37b6b054bef39beebc50b44eba

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          6405f510f8fa5618d45d695f0c682ce1

                                                                                                          SHA1

                                                                                                          a3e07f09db9087a6c4a769b7a0307b7ce66535e2

                                                                                                          SHA256

                                                                                                          97223b6b8e3cb6b4ffb03f4454fab8ce36b11d58e46e3304d8d4a78aeed90510

                                                                                                          SHA512

                                                                                                          7dd7f04cd48dc933e47a4578f9be545db504fb1c15b31804d5f6fc1287e6afb2c65c3872ea5ef01fce6a780846d3de4ef61b63e6dff79e6a0a7809a04eed0c8f

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          103c45b8940abc988bf6922ba89e130b

                                                                                                          SHA1

                                                                                                          57bb69bac04a419282f7be365050917e0b262b54

                                                                                                          SHA256

                                                                                                          ec7bf3c6455b0c5c2f71fdb1a955363c521172f37408e8d630182193b65ba6a9

                                                                                                          SHA512

                                                                                                          4b0ce25937fab654b7d79f0745f903b05ad8487d31216ece2de0a64f9cef46a663e6dab668097df1078471300209b3493d99e1d92b237e727b138be52ec17ee4

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          961597bae9159a2ce39dcaf955e238e0

                                                                                                          SHA1

                                                                                                          92e80e190290b2b44621c788970cadc19e98d2e9

                                                                                                          SHA256

                                                                                                          4accdd646c3d6345f39ed7953d40f71dcb7f54bb1a65323658cff15d714a3adc

                                                                                                          SHA512

                                                                                                          a94ca5456f682d06bb6ea3825192fc0444da87364a87e4299fbe252fe96555d0e5311b0636cb3c17940fd5e8d34602f4c8c6264012ddc8f4e6bfdf18465c42eb

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          203B

                                                                                                          MD5

                                                                                                          69edc97d70fe92c4814f7fed3dbc2f31

                                                                                                          SHA1

                                                                                                          f6e30cd513775ce3b6a5883cc53fc5fb39a6134d

                                                                                                          SHA256

                                                                                                          8c33fcbc8b20ff25cef49d1a331f120c9a26ff1ad74a070daa98feb6afa9ad43

                                                                                                          SHA512

                                                                                                          9bf5ccd3aa7b997ec0fb2cefd157964cf5b9e559881a59265f046f7bb713c875d496428c5241acf963c8d45cce9f303182323379236b6c6fa690682f2e924643

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                          Filesize

                                                                                                          1KB

                                                                                                          MD5

                                                                                                          f716746ee876624fda48baefd371c830

                                                                                                          SHA1

                                                                                                          1690e57eacba8889ef666db74e0925a197262bd0

                                                                                                          SHA256

                                                                                                          c6d36c8bbb7c2b3f6756828af23da678ab8e730dc251e5d1922c1f03c2950efa

                                                                                                          SHA512

                                                                                                          ee469445829f1b494819269c4eaacf84336d20fff690e9e5f50972b25ab5ceec127dcd87b85a8654fa8fa1ad9bfa3f733b89078792c11ead544d623b4e188d93

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b4a63.TMP
                                                                                                          Filesize

                                                                                                          203B

                                                                                                          MD5

                                                                                                          8c074c2fc96857e9bb9349b0c2d508b8

                                                                                                          SHA1

                                                                                                          6677dac41b97a3ab4fd194bc26e9ff6920d15d1c

                                                                                                          SHA256

                                                                                                          f33762806ac767d90217cf8863fa3c3dd96f5451a81493a0e35c7a3d3a2cc978

                                                                                                          SHA512

                                                                                                          f69a906be14dd87dd2f56e5902d1b9f72f4262ab4aaac7a894bec5bf468c0a3a8a8fe765a522c859679614a44504d97bedb264bb327db735af3e45434ad0c1a0

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                          Filesize

                                                                                                          16B

                                                                                                          MD5

                                                                                                          6752a1d65b201c13b62ea44016eb221f

                                                                                                          SHA1

                                                                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                          SHA256

                                                                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                          SHA512

                                                                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                          Filesize

                                                                                                          11KB

                                                                                                          MD5

                                                                                                          7e184a70d277d5c399cf92da874cfabb

                                                                                                          SHA1

                                                                                                          c5523865e73b50571e8b9d97bd23acbd26a0456e

                                                                                                          SHA256

                                                                                                          641c0e85614edbdcc71733179506c2cea93a5b43bb498579d0189b425128b59d

                                                                                                          SHA512

                                                                                                          bc2bbcab319874449a8af3029289481c7419a45829aa868d302e5e9c81b4c2d5593365048d7e5619cbe19e51ad654a3bfc0a539ecce0da845f93e300307fe8f0

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                          Filesize

                                                                                                          11KB

                                                                                                          MD5

                                                                                                          b6189a030f1185d360c79b5c8516231e

                                                                                                          SHA1

                                                                                                          dc54cf010de2277ff94e4177b12b919e3af6a3b9

                                                                                                          SHA256

                                                                                                          ebb64438b022cada760cf773fda0900282d528fb5b62ad115aa2c16d1254c562

                                                                                                          SHA512

                                                                                                          e8e02f42a12f67c9111ba15b46f5ae830402ea9dcf406b2ad53945ec05734539c920c92cda0de0a4ad05f430b0ffd64fbc2092543bcaf7c84377df0b05b673cd

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                          Filesize

                                                                                                          12KB

                                                                                                          MD5

                                                                                                          10c17d1d42e69a3db6ed49284f57ba85

                                                                                                          SHA1

                                                                                                          9f0abd62b875c6dbab2e0768e2969bb1ee8731dd

                                                                                                          SHA256

                                                                                                          7a912d5de1c6052bebd93b7b7334de4588082813be2b1265b6d36866388cbd4c

                                                                                                          SHA512

                                                                                                          2cee4e2c022b18e6c8bc4f07f27dffe5bf543c669b0baa964abe1ef14fac4a19ad7dbe3c175daeb94a130b8801662dfb8e2d35860e01b9f70f6e35f40add90e9

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                          Filesize

                                                                                                          12KB

                                                                                                          MD5

                                                                                                          49d44c8293e622d4c0495243a53f33f6

                                                                                                          SHA1

                                                                                                          e80f4ebcfaddf5b866467537d49e49e5c60169d3

                                                                                                          SHA256

                                                                                                          fa031f14255d46d0cdb5ebd87494b83952fc592bf3850af42dad0e4b82b98bdd

                                                                                                          SHA512

                                                                                                          452124a96fe8bad24d153063f9364aeec038eeb8bf71a2c5e8fe403dce0065fcec69042c1a957c4c0c783662fe85556bf6027aa746795b888af46b8b0cf92ac0

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{2F519BF2-C697-59F8-8F6A-1E19509CE66B}
                                                                                                          Filesize

                                                                                                          36KB

                                                                                                          MD5

                                                                                                          8aaad0f4eb7d3c65f81c6e6b496ba889

                                                                                                          SHA1

                                                                                                          231237a501b9433c292991e4ec200b25c1589050

                                                                                                          SHA256

                                                                                                          813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

                                                                                                          SHA512

                                                                                                          1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_ControlPanel
                                                                                                          Filesize

                                                                                                          36KB

                                                                                                          MD5

                                                                                                          fb5f8866e1f4c9c1c7f4d377934ff4b2

                                                                                                          SHA1

                                                                                                          d0a329e387fb7bcba205364938417a67dbb4118a

                                                                                                          SHA256

                                                                                                          1649ec9493be27f76ae7304927d383f8a53dd3e41ea1678bacaff33120ea4170

                                                                                                          SHA512

                                                                                                          0fbe2843dfeab7373cde0643b20c073fdc2fcbefc5ae581fd1656c253dfa94e8bba4d348e95cc40d1e872456ecca894b462860aeac8b92cedb11a7cad634798c

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{7d62a9a4-0ab8-4d21-a251-40feb08a4dc9}\0.0.filtertrie.intermediate.txt
                                                                                                          Filesize

                                                                                                          28KB

                                                                                                          MD5

                                                                                                          bb7640183196f554caf076ff2ca0e12c

                                                                                                          SHA1

                                                                                                          ccc92a16fda19e15631083fd81b02f0ea6e732ed

                                                                                                          SHA256

                                                                                                          80b1c12d18e49cf0ebfa4b380028b6f9e1791f4800a6bfb657e140714c3e8f3d

                                                                                                          SHA512

                                                                                                          1e2ab4baac6458e7149f6bc8a1a649a1e8d7edf41309e0b1a8cbc8f2b392cc8e3ab8dc77de98763ab3879c86dbe6a6207dabf3284c1b7799428a10d2fae612a1

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{7d62a9a4-0ab8-4d21-a251-40feb08a4dc9}\0.1.filtertrie.intermediate.txt
                                                                                                          Filesize

                                                                                                          5B

                                                                                                          MD5

                                                                                                          34bd1dfb9f72cf4f86e6df6da0a9e49a

                                                                                                          SHA1

                                                                                                          5f96d66f33c81c0b10df2128d3860e3cb7e89563

                                                                                                          SHA256

                                                                                                          8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c

                                                                                                          SHA512

                                                                                                          e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{7d62a9a4-0ab8-4d21-a251-40feb08a4dc9}\0.2.filtertrie.intermediate.txt
                                                                                                          Filesize

                                                                                                          5B

                                                                                                          MD5

                                                                                                          c204e9faaf8565ad333828beff2d786e

                                                                                                          SHA1

                                                                                                          7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1

                                                                                                          SHA256

                                                                                                          d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f

                                                                                                          SHA512

                                                                                                          e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{7d62a9a4-0ab8-4d21-a251-40feb08a4dc9}\Apps.ft
                                                                                                          Filesize

                                                                                                          38KB

                                                                                                          MD5

                                                                                                          a2bdb51b1b1ea8360bc64530ab16d7cc

                                                                                                          SHA1

                                                                                                          95b7724c7506e17a6cfb38a29d5cac95f0ae14e6

                                                                                                          SHA256

                                                                                                          59d9a0ad8f3a55b1f83aea35ee590e2ef70f06939eb7beb8f77af9c40ce2ca84

                                                                                                          SHA512

                                                                                                          dee7aacd0e11d2595d7bc32dcb21fe78afd8f2f3f88f6a5142f14e22de60c1117906b72d6ace9bad8ccb035575b9ff3136a5a8729919a8cee13142c40559e5ba

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{7d62a9a4-0ab8-4d21-a251-40feb08a4dc9}\Apps.index
                                                                                                          Filesize

                                                                                                          1.0MB

                                                                                                          MD5

                                                                                                          bfcaa14dffd4f012957064bc236f3164

                                                                                                          SHA1

                                                                                                          569e9c9102f03ca1ea83f7f4ae479f8e3a116ec8

                                                                                                          SHA256

                                                                                                          d9325550e42b994a9eafa97df42e55a6dde97e393ba1d7734d02e42d7b4aeb08

                                                                                                          SHA512

                                                                                                          d0dc537859cef13e9ed1932403fa98973cd81345be999cb7fb006e7a1c39aa31edd98b3069813cedea541a554c9f127192aef152563b8f3548f32bd967d50ec2

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133554448498485405.txt
                                                                                                          Filesize

                                                                                                          74KB

                                                                                                          MD5

                                                                                                          80dffedad36ef4c303579f8c9be9dbd7

                                                                                                          SHA1

                                                                                                          792ca2a83d616ca82d973ece361ed9e95c95a0d8

                                                                                                          SHA256

                                                                                                          590ca4d2f62a7864a62ccb1075c55191f7f9d5c5304ea3446961bb50f9e3916e

                                                                                                          SHA512

                                                                                                          826b97a4de7c765f8f5ebc520960f68381fd9f4bfe68c2fbe46c6118110c9c14a87dcb8ed8102e60a954b4b3c408f72e7a93fd96317be3d51120a2ddd2faa3ea

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133554449558092824.txt
                                                                                                          Filesize

                                                                                                          74KB

                                                                                                          MD5

                                                                                                          f687e59b0249a34bf4ba6888960e7dac

                                                                                                          SHA1

                                                                                                          060ea31fbbaeab6a135ea64f5888888ae978a2ac

                                                                                                          SHA256

                                                                                                          de45af5eb6672ef2fdb05c1e8cc5f640f31d6bf0f603b115a9a2b45d636d4a15

                                                                                                          SHA512

                                                                                                          201f20fb5cdbe5addf1874ba2989483a7baff18aad925effc82bb1c2767fb4696a791298f4ab2a35965f635b179f64feaf73ddd31beb8ef16bf0e4276e9d6674

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json
                                                                                                          Filesize

                                                                                                          186KB

                                                                                                          MD5

                                                                                                          437a496d4de0199801d042cda9606aee

                                                                                                          SHA1

                                                                                                          e4e10547e432e1771c36ac96132f39de5649bd6c

                                                                                                          SHA256

                                                                                                          d9060a2ae86121ee84962c71055bf4d0dfa5b9fc241df4d76ffaf650477d6e59

                                                                                                          SHA512

                                                                                                          f31c79f02a9051a7c530b3f10d2ec1c4b727e54d5916da9563b911f31216a0b9df2aee91b412a8ef162bcac1ad0c2146e9dc878e67a79c4707a1e231fbaf14ae

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json.~tmp
                                                                                                          Filesize

                                                                                                          175KB

                                                                                                          MD5

                                                                                                          10759ef54eae69df7062e89f2c86aeba

                                                                                                          SHA1

                                                                                                          a7a28e93a36cca365ac34abcad9cbfe050b5e877

                                                                                                          SHA256

                                                                                                          b8780ab9365f9947cda4f28571aea103c339d7917ba6b9e7a2d88f21c8d9eaba

                                                                                                          SHA512

                                                                                                          c07106024f722ae2d5dc2e534bae6ff44afe243b8ea04bfc9a7c2eae3621ea5ccf329cf23edc3f44434281d40cfb5996992da0e3f6251a0a71137bd08dda13cb

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\Q5ROSPP2\microsoft.windows[1].xml
                                                                                                          Filesize

                                                                                                          97B

                                                                                                          MD5

                                                                                                          bdb8a591dda2dd9c96d20d4b44a5d041

                                                                                                          SHA1

                                                                                                          9e75f7deb9825c0cda7e25f66f0221f5c74c8d72

                                                                                                          SHA256

                                                                                                          7fcf82e6510873bad2d4687d21bc368fdc7e8576a8d54fc94284e1dbedda172f

                                                                                                          SHA512

                                                                                                          79166507556413e667d3bc7d5f24f1d87aed86d7b03e04b5591343cf307468b7b0446adfdf0452edbd657e97e840fa446314be0250d2b2966bff67d1261db439

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
                                                                                                          Filesize

                                                                                                          933B

                                                                                                          MD5

                                                                                                          7a2726bb6e6a79fb1d092b7f2b688af0

                                                                                                          SHA1

                                                                                                          b3effadce8b76aee8cd6ce2eccbb8701797468a2

                                                                                                          SHA256

                                                                                                          840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5

                                                                                                          SHA512

                                                                                                          4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\@[email protected]
                                                                                                          Filesize

                                                                                                          240KB

                                                                                                          MD5

                                                                                                          7bf2b57f2a205768755c07f238fb32cc

                                                                                                          SHA1

                                                                                                          45356a9dd616ed7161a3b9192e2f318d0ab5ad10

                                                                                                          SHA256

                                                                                                          b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

                                                                                                          SHA512

                                                                                                          91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected]
                                                                                                          Filesize

                                                                                                          3.4MB

                                                                                                          MD5

                                                                                                          84c82835a5d21bbcf75a61706d8ab549

                                                                                                          SHA1

                                                                                                          5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

                                                                                                          SHA256

                                                                                                          ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

                                                                                                          SHA512

                                                                                                          90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected]
                                                                                                          Filesize

                                                                                                          512KB

                                                                                                          MD5

                                                                                                          1b783fe733e7fa7882b069d80275e76c

                                                                                                          SHA1

                                                                                                          061ff3b8e6a5564b7523914f79debdb1a28ec89a

                                                                                                          SHA256

                                                                                                          e30cd8abff0d848018e7566801aa945e8865458369d5cbb2f5214ba9529d95a4

                                                                                                          SHA512

                                                                                                          4302e9722f1e079c7c90d6abe8066a094b36bb7b1dc69c4bf1270361f1a41e82ef7dfeb02de75786fe93a5ff3450ca1ccb6cc95b91cba4954d2279f6930ac49a

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\[email protected]
                                                                                                          Filesize

                                                                                                          163KB

                                                                                                          MD5

                                                                                                          cae55d629447b50a59d8651724f05072

                                                                                                          SHA1

                                                                                                          d71a949ca0b1065151447a268999478e65e5c6c0

                                                                                                          SHA256

                                                                                                          7e458c788bec34a561f116daf329bd4747e17fe3dfa8876cf14d7c97edfe308f

                                                                                                          SHA512

                                                                                                          86c9ae9bdb02a800094554c92ff7dbac91c3c5300ccb1ed13f33abe062cf4ec1554a3735ef42df5b1964efa78611a2202f250c6604c6b77f5665f71980b5a10d

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\TaskData\Tor\tor.exe
                                                                                                          Filesize

                                                                                                          3.0MB

                                                                                                          MD5

                                                                                                          fe7eb54691ad6e6af77f8a9a0b6de26d

                                                                                                          SHA1

                                                                                                          53912d33bec3375153b7e4e68b78d66dab62671a

                                                                                                          SHA256

                                                                                                          e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

                                                                                                          SHA512

                                                                                                          8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\b.wnry
                                                                                                          Filesize

                                                                                                          1.4MB

                                                                                                          MD5

                                                                                                          c17170262312f3be7027bc2ca825bf0c

                                                                                                          SHA1

                                                                                                          f19eceda82973239a1fdc5826bce7691e5dcb4fb

                                                                                                          SHA256

                                                                                                          d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

                                                                                                          SHA512

                                                                                                          c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\c.wnry
                                                                                                          Filesize

                                                                                                          780B

                                                                                                          MD5

                                                                                                          8124a611153cd3aceb85a7ac58eaa25d

                                                                                                          SHA1

                                                                                                          c1d5cd8774261d810dca9b6a8e478d01cd4995d6

                                                                                                          SHA256

                                                                                                          0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e

                                                                                                          SHA512

                                                                                                          b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_bulgarian.wnry
                                                                                                          Filesize

                                                                                                          46KB

                                                                                                          MD5

                                                                                                          95673b0f968c0f55b32204361940d184

                                                                                                          SHA1

                                                                                                          81e427d15a1a826b93e91c3d2fa65221c8ca9cff

                                                                                                          SHA256

                                                                                                          40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

                                                                                                          SHA512

                                                                                                          7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Local\Temp\Temp1_WannaCrypt0r.zip\msg\m_finnish.wnry
                                                                                                          Filesize

                                                                                                          37KB

                                                                                                          MD5

                                                                                                          35c2f97eea8819b1caebd23fee732d8f

                                                                                                          SHA1

                                                                                                          e354d1cc43d6a39d9732adea5d3b0f57284255d2

                                                                                                          SHA256

                                                                                                          1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

                                                                                                          SHA512

                                                                                                          908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
                                                                                                          Filesize

                                                                                                          7KB

                                                                                                          MD5

                                                                                                          f89c9eaa02a987a6f02b0836b4df8b74

                                                                                                          SHA1

                                                                                                          edff2dc84cc790446b1e007c710c92e75d772d80

                                                                                                          SHA256

                                                                                                          c240f39bec07da435e07af429a3e5bd3bdc3e19bd8ae7cc863b0df597bc875c4

                                                                                                          SHA512

                                                                                                          a7926780a8c82f79a54e7bcc13b4b417dc695f6e140341da904651bd58839ecfa4e5e89c8e0c94b52d0344241413c759c6cfe426b0d9bd9a72c9735c0435697f

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                          Filesize

                                                                                                          11KB

                                                                                                          MD5

                                                                                                          67066d44f052f4fffec3022a81523088

                                                                                                          SHA1

                                                                                                          31c91bf11f30c772c1e2bb639cb03a168b393fa3

                                                                                                          SHA256

                                                                                                          14f81bda30fc3d25e0b120e87663fc667d7e01f024a2711b67bf409eacaacc5f

                                                                                                          SHA512

                                                                                                          135840fca24cb92d602e20b444843c9b7a6338efe63ef93a89823201f80987a461222c6b49620506b9387744d22e946e1c1e84f3cb7c450b1cca1680cd7d9ab5

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg
                                                                                                          Filesize

                                                                                                          81KB

                                                                                                          MD5

                                                                                                          205a9681209bd58cd433bcbb8faf96df

                                                                                                          SHA1

                                                                                                          792213c4a115cdb4e8a8cdfbf8d01cd61fc7c11b

                                                                                                          SHA256

                                                                                                          bcf48a3f1935662314756ca6b07083b14bde67bc3fce05406e65fe2fbd26aa6a

                                                                                                          SHA512

                                                                                                          caa62868935766c6ae3291c09fed22e9e65f3b4e3f8de9c3108b6c3ac506758754fa8941356e41d7c4201735778f5bc8b704b01f32958a19af72ed8a3c4e9c7a

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
                                                                                                          Filesize

                                                                                                          45KB

                                                                                                          MD5

                                                                                                          b019d0ac7ca5013efbc9714eba41bd18

                                                                                                          SHA1

                                                                                                          5c91cb8314319dc24b667be28793ff017ca3d155

                                                                                                          SHA256

                                                                                                          e4e9895d943bdb73b7a3831a01780d2e910cfc4bbe578745644793eb907d7484

                                                                                                          SHA512

                                                                                                          f834673282dc2023cee6f3fd3424d68ac65cc0ed61e5ef65c1c7b5a805443b08c476e2aeec8a1b4a950f0ea8cf87b14d82403524595fed21829f270d908adf11

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 148005.crdownload
                                                                                                          Filesize

                                                                                                          384KB

                                                                                                          MD5

                                                                                                          1dd7097f37140fe343d195f981dbc830

                                                                                                          SHA1

                                                                                                          27b264103b67472158e6ffa4b0eb3264e5ccbadf

                                                                                                          SHA256

                                                                                                          c4a9d5d0a83c9067a6d6feb5d8b6d47ce28189f9f9ce435da190bba23ad1b7b4

                                                                                                          SHA512

                                                                                                          63b10d23b2b81144aaa73998298217fd309255499746e251d9cdd88a3c16df03fa4d36bc313bb4c57934a5a30768d6262d1d25772a44eb8ac34f566082a9b897

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 902543.crdownload
                                                                                                          Filesize

                                                                                                          2.3MB

                                                                                                          MD5

                                                                                                          5641d280a62b66943bf2d05a72a972c7

                                                                                                          SHA1

                                                                                                          c857f1162c316a25eeff6116e249a97b59538585

                                                                                                          SHA256

                                                                                                          ab14c3f5741c06ad40632447b2fc10662d151afb32066a507aab4ec866ffd488

                                                                                                          SHA512

                                                                                                          0633bc32fa6d31b4c6f04171002ad5da6bb83571b9766e5c8d81002037b4bc96e86eb059d35cf5ce17a1a75767461ba5ac0a89267c3d0e5ce165719ca2af1752

                                                                                                          Download Submit

                                                                                                        • C:\Users\Admin\Downloads\WannaCrypt0r.zip
                                                                                                          Filesize

                                                                                                          1.6MB

                                                                                                          MD5

                                                                                                          7f2ed2f9e8d7385d760575e08643b36a

                                                                                                          SHA1

                                                                                                          c532b6353550bbb4bac7fe73084f09c635dce237

                                                                                                          SHA256

                                                                                                          a97a8dda768549c8be2106aafa7f41409a2abb8220aefe6295212af9652d6667

                                                                                                          SHA512

                                                                                                          c0fd228e5084523620522edb6a5a6805828e49159df6f912232141f31bc9e73b441c26c1035b4234231a2922b3643a15346d6722f84f2e7871323cc7e1faa8f9

                                                                                                          Download Submit

                                                                                                        • \??\pipe\LOCAL\crashpad_3280_WROHYIVFBMWEEOPV
                                                                                                          MD5

                                                                                                          d41d8cd98f00b204e9800998ecf8427e

                                                                                                          SHA1

                                                                                                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                          SHA256

                                                                                                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                          SHA512

                                                                                                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                          Download Submit

                                                                                                        • memory/716-464-0x00000000043D0000-0x00000000043D1000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/828-1310-0x000001F536FD0000-0x000001F536FF0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/828-1312-0x000001F5375E0000-0x000001F537600000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/828-1308-0x000001F537220000-0x000001F537240000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/972-881-0x00000218F54E0000-0x00000218F5500000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/972-860-0x00000218F4EC0000-0x00000218F4EE0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/972-858-0x00000218F4F00000-0x00000218F4F20000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/1468-1107-0x000002C4D02B0000-0x000002C4D02D0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/1468-1105-0x000002C4D02F0000-0x000002C4D0310000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/1468-1109-0x000002C4D08E0000-0x000002C4D0900000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/1540-1241-0x0000026030720000-0x0000026030740000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/1540-1235-0x0000026030360000-0x0000026030380000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/1540-1237-0x0000026030320000-0x0000026030340000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/2012-1334-0x000001B85A490000-0x000001B85A4B0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/2012-1336-0x000001B85A450000-0x000001B85A470000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/2012-1339-0x000001B85AAA0000-0x000001B85AAC0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/2336-3391-0x0000000073330000-0x0000000073352000-memory.dmp

                                                                                                          Filesize

                                                                                                          136KB

                                                                                                          Download

                                                                                                        • memory/2336-3388-0x00000000736C0000-0x0000000073742000-memory.dmp

                                                                                                          Filesize

                                                                                                          520KB

                                                                                                          Download

                                                                                                        • memory/2336-3389-0x0000000073400000-0x000000007361C000-memory.dmp

                                                                                                          Filesize

                                                                                                          2.1MB

                                                                                                          Download

                                                                                                        • memory/2336-3390-0x0000000073370000-0x00000000733F2000-memory.dmp

                                                                                                          Filesize

                                                                                                          520KB

                                                                                                          Download

                                                                                                        • memory/2336-3392-0x0000000000B40000-0x0000000000E3E000-memory.dmp

                                                                                                          Filesize

                                                                                                          3.0MB

                                                                                                          Download

                                                                                                        • memory/3828-1277-0x000002B6789D0000-0x000002B6789F0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3828-1274-0x000002B678A10000-0x000002B678A30000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3828-1280-0x000002BE7A090000-0x000002BE7A0B0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3868-476-0x00000261FB800000-0x00000261FB820000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3868-480-0x00000261FBDE0000-0x00000261FBE00000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3868-478-0x00000261FB7C0000-0x00000261FB7E0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3936-938-0x0000013C5DBF0000-0x0000013C5DC10000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3936-936-0x0000013C5D750000-0x0000013C5D770000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/3936-933-0x0000013C5D7B0000-0x0000013C5D7D0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/4256-3340-0x0000000073400000-0x000000007361C000-memory.dmp

                                                                                                          Filesize

                                                                                                          2.1MB

                                                                                                          Download

                                                                                                        • memory/4256-3354-0x00000000736C0000-0x0000000073742000-memory.dmp

                                                                                                          Filesize

                                                                                                          520KB

                                                                                                          Download

                                                                                                        • memory/4256-3367-0x0000000000B40000-0x0000000000E3E000-memory.dmp

                                                                                                          Filesize

                                                                                                          3.0MB

                                                                                                          Download

                                                                                                        • memory/4256-3364-0x0000000073400000-0x000000007361C000-memory.dmp

                                                                                                          Filesize

                                                                                                          2.1MB

                                                                                                          Download

                                                                                                        • memory/4256-3360-0x0000000000B40000-0x0000000000E3E000-memory.dmp

                                                                                                          Filesize

                                                                                                          3.0MB

                                                                                                          Download

                                                                                                        • memory/4256-3359-0x0000000073330000-0x0000000073352000-memory.dmp

                                                                                                          Filesize

                                                                                                          136KB

                                                                                                          Download

                                                                                                        • memory/4256-3358-0x0000000073370000-0x00000000733F2000-memory.dmp

                                                                                                          Filesize

                                                                                                          520KB

                                                                                                          Download

                                                                                                        • memory/4256-3357-0x0000000073400000-0x000000007361C000-memory.dmp

                                                                                                          Filesize

                                                                                                          2.1MB

                                                                                                          Download

                                                                                                        • memory/4256-3339-0x00000000736C0000-0x0000000073742000-memory.dmp

                                                                                                          Filesize

                                                                                                          520KB

                                                                                                          Download

                                                                                                        • memory/4256-3356-0x0000000073620000-0x0000000073697000-memory.dmp

                                                                                                          Filesize

                                                                                                          476KB

                                                                                                          Download

                                                                                                        • memory/4256-3341-0x0000000073370000-0x00000000733F2000-memory.dmp

                                                                                                          Filesize

                                                                                                          520KB

                                                                                                          Download

                                                                                                        • memory/4256-3342-0x0000000073330000-0x0000000073352000-memory.dmp

                                                                                                          Filesize

                                                                                                          136KB

                                                                                                          Download

                                                                                                        • memory/4256-3343-0x0000000000B40000-0x0000000000E3E000-memory.dmp

                                                                                                          Filesize

                                                                                                          3.0MB

                                                                                                          Download

                                                                                                        • memory/4256-3355-0x00000000736A0000-0x00000000736BC000-memory.dmp

                                                                                                          Filesize

                                                                                                          112KB

                                                                                                          Download

                                                                                                        • memory/4256-3353-0x0000000000B40000-0x0000000000E3E000-memory.dmp

                                                                                                          Filesize

                                                                                                          3.0MB

                                                                                                          Download

                                                                                                        • memory/5208-1202-0x000001E987400000-0x000001E987420000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/5208-1205-0x000001E9873C0000-0x000001E9873E0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/5208-1207-0x000001E987800000-0x000001E987820000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/5520-1172-0x000001AEE07A0000-0x000001AEE07C0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/5520-1177-0x000001AEE0B70000-0x000001AEE0B90000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/5520-1175-0x000001AEE0760000-0x000001AEE0780000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/5592-1165-0x0000000004910000-0x0000000004911000-memory.dmp

                                                                                                          Filesize

                                                                                                          4KB

                                                                                                          Download

                                                                                                        • memory/5724-1059-0x00000188B3480000-0x00000188B34A0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/5724-1054-0x00000180B1EA0000-0x00000180B1EC0000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/5724-1057-0x00000180B1E60000-0x00000180B1E80000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/5900-1741-0x0000000010000000-0x0000000010010000-memory.dmp

                                                                                                          Filesize

                                                                                                          64KB

                                                                                                          Download

                                                                                                        • memory/6100-801-0x0000012118920000-0x0000012118940000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/6100-803-0x0000012118D30000-0x0000012118D50000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download

                                                                                                        • memory/6100-798-0x0000012118960000-0x0000012118980000-memory.dmp

                                                                                                          Filesize

                                                                                                          128KB

                                                                                                          Download