hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/WannaCry[.]exe

Resubmissions

19-04-2024 14:51

240419-r8efbsga3w 1

19-04-2024 14:41

240419-r2pygsfg7t 8

19-04-2024 14:19

240419-rm5qdsfd6s 8

19-04-2024 14:15

240419-rk2kysed83 10

Analysis

max time kernel
400s
max time network
517s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 14:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/WannaCry.exe

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MEMZ.exeMEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 16 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exePCToaster.exeNostart.exeNostart.exeWannaCry.exeWannaCry.exeWannaCry.exeNostart.exePCToaster.exePCToaster.exe

pid	process
4964	MEMZ.exe
4076	MEMZ.exe
5104	MEMZ.exe
2572	MEMZ.exe
228	MEMZ.exe
4852	MEMZ.exe
4908	MEMZ.exe
5020	PCToaster.exe
2716	Nostart.exe
4964	Nostart.exe
4576	WannaCry.exe
3664	WannaCry.exe
1444	WannaCry.exe
1744	Nostart.exe
2876	PCToaster.exe
548	PCToaster.exe

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

4916 icacls.exe

pid	process
4916	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

WannaCry.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r"	WannaCry.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

70 raw.githubusercontent.com
71 raw.githubusercontent.com
203 camo.githubusercontent.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
70	raw.githubusercontent.com
71	raw.githubusercontent.com
203	camo.githubusercontent.com

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4084619521-2220719027-1909462854-1000\{ECCAD708-9242-4B87-85C0-DCD962D81DD8}	msedge.exe

NTFS ADS 5 IoCs

Processes:

msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 147052.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 489351.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 668453.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 209059.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 886099.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
1996	msedge.exe
1996	msedge.exe
4424	msedge.exe
4424	msedge.exe
4616	identity_helper.exe
4616	identity_helper.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
1240	msedge.exe
1240	msedge.exe
1192	msedge.exe
1192	msedge.exe
3568	msedge.exe
3568	msedge.exe
1216	msedge.exe
1216	msedge.exe
4184	msedge.exe
4184	msedge.exe
1112	msedge.exe
1112	msedge.exe
4076	MEMZ.exe
4076	MEMZ.exe
4076	MEMZ.exe
4076	MEMZ.exe
2572	MEMZ.exe
5104	MEMZ.exe
5104	MEMZ.exe
2572	MEMZ.exe
2572	MEMZ.exe
5104	MEMZ.exe
2572	MEMZ.exe
5104	MEMZ.exe
228	MEMZ.exe
228	MEMZ.exe
4076	MEMZ.exe
4076	MEMZ.exe
228	MEMZ.exe
4076	MEMZ.exe
228	MEMZ.exe
4076	MEMZ.exe
5104	MEMZ.exe
5104	MEMZ.exe
2572	MEMZ.exe
2572	MEMZ.exe
4852	MEMZ.exe
4852	MEMZ.exe
4076	MEMZ.exe
2572	MEMZ.exe
4076	MEMZ.exe
2572	MEMZ.exe
4852	MEMZ.exe
4852	MEMZ.exe
5104	MEMZ.exe
5104	MEMZ.exe
228	MEMZ.exe
228	MEMZ.exe
228	MEMZ.exe
5104	MEMZ.exe
228	MEMZ.exe
5104	MEMZ.exe
4852	MEMZ.exe
4852	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

Processes:

msedge.exe

pid	process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe
4424	msedge.exe

Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exejavaw.exemspaint.exe

pid process

4964 MEMZ.exe
4076 MEMZ.exe
5104 MEMZ.exe
2572 MEMZ.exe
228 MEMZ.exe
4852 MEMZ.exe
4908 MEMZ.exe
3328 javaw.exe
3604 mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4424 wrote to memory of 1528	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1528	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3956	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1996	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1996	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1500	4424	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/WannaCry.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0fff46f8,0x7ffd0fff4708,0x7ffd0fff4718
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1644 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3308 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5172 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6760 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1172 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,8839980379923668975,3372695664926917693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4964
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4076
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:5104
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2572
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:228
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4852
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of SetWindowsHookEx
    PID:4908
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:516
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:3604
- C:\Users\Admin\Downloads\PCToaster.exe
  "C:\Users\Admin\Downloads\PCToaster.exe"
  2⤵
  - Executes dropped EXE
  PID:5020
- - C:\Program Files\Java\jre-1.8\bin\javaw.exe
    "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\PCToaster.exe"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:3328
  - - C:\Windows\system32\icacls.exe
      C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
      4⤵
      Modifies file permissions
      PID:4916
- C:\Users\Admin\Downloads\Nostart.exe
  "C:\Users\Admin\Downloads\Nostart.exe"
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Users\Admin\Downloads\Nostart.exe
  "C:\Users\Admin\Downloads\Nostart.exe"
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Users\Admin\Downloads\WannaCry.exe
  "C:\Users\Admin\Downloads\WannaCry.exe"
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Users\Admin\Downloads\WannaCry.exe
  "C:\Users\Admin\Downloads\WannaCry.exe"
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Users\Admin\Downloads\WannaCry.exe
  "C:\Users\Admin\Downloads\WannaCry.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:4576
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 272891713538073.bat
    3⤵
    PID:3004
- C:\Users\Admin\Downloads\PCToaster.exe
  "C:\Users\Admin\Downloads\PCToaster.exe"
  2⤵
  - Executes dropped EXE
  PID:2876
- - C:\Program Files\Java\jre-1.8\bin\javaw.exe
    "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\PCToaster.exe"
    3⤵
    PID:2084
- C:\Users\Admin\Downloads\PCToaster.exe
  "C:\Users\Admin\Downloads\PCToaster.exe"
  2⤵
  - Executes dropped EXE
  PID:548
- - C:\Program Files\Java\jre-1.8\bin\javaw.exe
    "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\PCToaster.exe"
    3⤵
    PID:1044
- C:\Users\Admin\Downloads\Nostart.exe
  "C:\Users\Admin\Downloads\Nostart.exe"
  2⤵
  - Executes dropped EXE
  PID:1744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
8dbef1ae714f3fb167fe88000156282a

SHA1
246e681f35b775831d4afb18a8a7a75ef2e01776

SHA256
0d4e0c711c1df5f27a51ccf2346041366a3fbeebfa565eea12af4452b167653a

SHA512
09efeee1b5fa270463e21e3bb2530325fd7106b40f357be8c502e37b7d9d3da4f71c7505de310d61b07967ec01bb400dd981759e13566b52e38882d7a4f3b888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7af936e0-a70a-4ada-be45-8b105ea7198a.tmp

Filesize
12KB

MD5
88633e572bc086399b85f6bfcc6c3b25

SHA1
73f55e605a705f443395fd41fed8b48366e2939d

SHA256
d7584d1335cf751d3ce5bca4bcb572e81b1d704123e28d0cd3e9324b835b477b

SHA512
4484d477a74d95fdef64b6ed516929ea70c793908b52658f3528521c5279ce3c2df89fa6acb598c03b1adcf8a74b80586aad9c009844bfca2cb4c65cde1ab72d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
64836d9ed0fa36504e81806dfddba79d

SHA1
ce09ebf37aebaf90664fcf7f20d9361c7473a372

SHA256
ca4ff89e62d8fa19b959aee20a3eb90a032317329e392dc4e455dc7720651cb3

SHA512
99debdc52571e358b1da6c4086d085f818d5a27b8cddecf68aeff0aa4600d9952277d4578c5d411d4cc4024c54704f5f4583d2b8d2146aef00c031b1ebad412e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f89eacc173016441580a1298f148d46e

SHA1
7e27c79728f54be41984235f7bfdd8a0bdcd3a54

SHA256
68bc2993e25bb9f44bdd514acb1ad122806ffba33f21730a201ccc347f496625

SHA512
8c966c08f3decb560b58816dcc8115f927eb58b96e3acfc2b7cc512654479fda45a3de77f9d4639713c8bbce65f202696613bdc66bb33444e9b5451f6cd7481b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
36KB

MD5
19fd35a0194d0a34348e2a8af77afce6

SHA1
94faf9bc8e414431f7f986a3e761231753cabc04

SHA256
f087580889ff2f970f8a29771a2aae84cc2dc23263d1c50cff66b5ccf26e8677

SHA512
f2787cec9d67914e254c13011c4ef5d5222cef075dafe14b455eedcdc7f400139b4aafcf5094212953b84bf8a8fef1bade755a0db8d4c5aaf3370174a7cfe7db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
1.1MB

MD5
1f557ae943b3a1e823b56cf9d410e7c3

SHA1
1340fc7fa2cf9fade7bebcc8b4dc62a1686aad54

SHA256
40f47bca0281df7ada22465ba6c706a9ccf9580288915aad5d42c2949521a7bb

SHA512
32d8f83a30ed7179a74ebc7bdcd454d2f5895592f078910564c8bf40490d92c24a836f50b359345cdf4f0288f9a922b0185beeccbc4007205ba50f585de20169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c1055eea2ea024e3ff91d21065a985e1

SHA1
9ce816cd6f3d797e3e4f1fd839c9fdee339715ef

SHA256
dd362b8d3890c66eac7fee4f56e40b7f98c27bb289af37122af3340712d3f910

SHA512
73d65134b6a081d534983a985e8d00dc13c56f977666931d8693ca03d751625560d332a5276622e8e401126f97ea5c47ee59a0e602b5a5d1bd86dd15c18bc121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9d9d822f8e78c7eaff42af7a339644e6

SHA1
369e45dc330aa2715955e159934744c54a068c49

SHA256
a018b9b8a024ca82ef5b556c2ac743067ec00c05adcdc8a92ac205f587e8889e

SHA512
92a4ab5bde3f5852221951cbb79fe81fc9d29c80249a2fe8b84cf956cd102f3aaed10a01a9f86a8f744857ae5c53a98f093bb9efd3ad8477c19050e475f59b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
93b929a5f4fc5ac136bd32657bc7f927

SHA1
f7be2ad18502f77a9142382bf4166588b8d84dd0

SHA256
2c335df8fa6cd47bfad770d1054edc4f5c4f0190c99270035b697fec136560c5

SHA512
f65dd8afbcdb621cf29d790726779ab19c86ec0a1b7ed01e1ddf478dbaeaddd8715c47d1c69af32acc0093081b70682f5a22dcf0418e8a2c2478922def9bb087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
38f89199154e180c87efc6a43c67636e

SHA1
e681de8a40c64781fd0a35f6994f8f5fb439b17d

SHA256
55de933b68145e3ee9356748faeb77d4ce323824b5de71b12484205129c86182

SHA512
89c4157d3acc9ac6c83f5e5b46b2fb8e1af5fb93349e8b1f9cf669d10833b7190eb7a9fd2a760af74740d115fd2d474c7dcf0fa218dab9a1d0795d6e1f2d383f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
645f452d7503da4f968a2c858ce11b48

SHA1
912119073ab72b91353cdca9d66fe9c6ac5e355e

SHA256
cdbc210a89a8b2cea03b91e70aa48e4af4bb22dcae45d9fdc17545dee41e6034

SHA512
ffd635e83435016468080e185b384811216508feddbe218fad4b9c2f660cd05be644bc75fed024bcd873deafeee26fe6c1aa7693ede388b7bc0aa0eccf37cf74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
8d2e35ef5e680209262a2ac011f22a63

SHA1
3da604fe13d647f45c5236949de0a1cc3d3006dc

SHA256
9a51cbfc34a99cd5e8540827f9796364cbf35b01e6b535b7e06e51bd9778dcd8

SHA512
4eb414626c9fd3c013cf1dc2cc3303d25002505f97eb1f1f1420653277333b96710946b9b9bfde5dc3889b2259df5259fc23e23df29dbfd5df94c51b41fe8aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f5187b4f09b7c4975cbda4e6ea412c86

SHA1
53ab3119d9692f6d2892ff5045881e01e20f3c7f

SHA256
ecdb82fb6be4b3640e2a4157fc833ced54e52f00df7b5de7440c530b5fbbb60d

SHA512
60cb12f1b695cbdf43a1b27e2d3e533ca2e59c48f23d0d20c6c05a7e268d8a06d026300f17839545de41a101770828d3be9bea60e4333b1cce9d3b60af6ee2d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
758e5b6d1c90a158600fefd510036f56

SHA1
5a6049529119b28a032361fdc2624ef0ead1b225

SHA256
79a1e515dc28334fa528904cd394228ed80ce7fb3052ddfdf96053858b57c99a

SHA512
370d9026b1a5aec5ed13cd31ee44b92edf49d07a6181769258540405861b01b9f2df3bf207ec4434adf470b1b8e8b77465c41a5168bf74215106a3f295e40fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b9f475197f6fbca773d293a58385f7a

SHA1
69c35e5060613263315ed0a3b06c2bf46fb7886c

SHA256
9139e542ee6a7cf1ff40d29d30bcfe39ae11a3d308f04900cdcc6d324b0f7cbe

SHA512
8b934e2d00c8c42fda8955913a8ad745ca90788e3403cc381c243b015ff70a222060256cdf247c3da7854f775089ed4eb5e1e1ab8c2232e1c187495a099cee34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df58fc87850cddfa6a5b6a30d44b94ef

SHA1
5c6c9ddd7936b583db0724ffd383d9865c1e3527

SHA256
ec2cae0e3aab64ad9db0b05d582f53f5551abb6f94dfc60a968d0eaa4bfbbdbc

SHA512
6821cc0363a42e8f014680ec1cd79ce354f0798e5645fbf072dc89a61efa59d9c3ce15e0ef99beb3f61cfaa12d4b120a80d196f029ac3329a3eaa681ddedeae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5a1eba684e76b549f0662fbfacb93552

SHA1
28df20aedd4d1ff3e23ca8db31502ef5b0d07ae5

SHA256
f25394496b652bcad62659d28b532e64432d95b1886815c374fe704d7f6dac08

SHA512
502211e00f3524adfc8b126abbe673be58afd25d08f149c89ad7e91571a0ad2f135de64909f4a06edad94e7b7cbe09e4699534f6b5668136ec455320ea154395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2d3418e95e8203643dc3be2c5045a355

SHA1
dd878ef5bc2a10d4b903bcb5411d52ffa0816ec3

SHA256
c76038dbdad95994b774fa13370555488cabc18414a302d1f56ab8cff333b87e

SHA512
525234a87515007a71f62cbeda9ab8b1a6c6c820ffc3709129ef402d37f24fa758f29b2547a1caed111971e24deea0cddd238f23573864bcae1915d21add1873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d5bd091c064a47a0638cf214d442ea47

SHA1
0db7c6ed51683c1b02b1d71b6b30e2bbf6ad74df

SHA256
b71bca73ae4d680a0664a96bbd97e5893e6ed1c29403b4b8b689b475f75f2543

SHA512
32d5a4be9c4eb1e1ab6c08dd1ac70397654096bdad432123676a3c84d668d0912a87099fc28ed93a9a565b2871e24c97d9cf98bfdf5354df3807e9f6f533c74f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7ca67790ca7e24e6f40ab25656d68942

SHA1
2550c278ae5a3f0b43c926b08beb16657f5917a2

SHA256
65bb9d19ca765a7f6590015f5f16ab6e7a46c6dec01bbd146971517e3bea64d2

SHA512
9908fcf605d62f2cecc2a5d5c083029c4a19564915d96b246a61c4c7ab0c1960c03f2edc8b16f836b9870db7d89cb21becfe3727c84bbbf653cb0f44319f644b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5e5f9bd32aae6854212a031b6e300523

SHA1
cc8669258e1434751286afd57da411a05c9998db

SHA256
25750dcc8a27581ee9b900318146ab470cc1b7c57fb483eba9133cf44de6414d

SHA512
c32061bf863417242b480540c28fcda97cca5cc0d16d72d2d1523a35a087a7479d74ef9f871ae0e328c378af07e58eb1a6d17aa3cd1c41d426a61bb6a02b27a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
05ea0f63b6111c157109dde8800d3ea4

SHA1
cfb79898e336a6f6ea8d77bd2052bde2caf20a27

SHA256
d26c3438cdde534fab9b199491b163c0ab9539b1a9a89f6cfa776fe2c74ecc6d

SHA512
329847211b034d138cee69b00b9cbd64e3dad706ef56a278aa4906b060215a558879db3edb0fe69231a2221b6a3fc1a953d5da684658b005f818a980ec200843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
78a5ef31b61bfadb23f7337f5c6bac1b

SHA1
3ccd839d96861c535619f22aca9bee4d7ae9d7b1

SHA256
ad361954f29f47d78e52d4bbb92e160feb34e74656efdda388cf7c6e9dea87c9

SHA512
f95322a5693297763959d171180875dac4abae557f090243dc480de1bea15c7fa022af1a6014dcdd414c7389ce2d226bcc1c82eac06ac7748a84780a4c179dae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
611bc61a670c9d9ba3ca763edcd3fccb

SHA1
48231f0dc4716c290012935ea900f8bf5a273692

SHA256
8210defeec2ddbd84e1811cc1a340462c08ce3247ade184d8e3c9dfa786f3370

SHA512
34001f5a671a44b43744888c5f7539b4bb552d2a68b4c6a7dd9d2b5e1f5e8b2691daf1b59311ef05068530641dca6d4777f5d101ba1d6809c11b07d80a0ff1e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
89c1ce7fccacf0f0870090421edcabe6

SHA1
3d7b79da203c3817abf4759f248ee17e04c4559b

SHA256
19e3e9f80934043458b61861e46b5e52c939e1daec6e9700b5012bc008bf4b0a

SHA512
f0229859369583049150f2acd494065b46d81020f9a161577d9c1694d127a194c7e47ffc0832d3fcb22bde2de1b5e64047dc121c5446e69bbb825887f88a8056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b6e0a19cd78d20ef1bbebb050673c0d8

SHA1
38480e1ff6544bb23a1b73eaec39f57f0fe0142e

SHA256
37ccd891e596e1bdc8d5b9c1be3a97ad609940cd8261f764a4c350b54db4832f

SHA512
1e5ad19dddd374a2319afb47f5bc83935dd0940b1e2b7b87179823a3092b8d61475889d16afb36ee2bac35774b2eb7d480f1aefe4f8d6fba012be5162f6d4770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b7650c3ff9f2a93221f03ed5fc1368b3

SHA1
f9e07a9fcce205a4ff06d322b1aee29c6875d753

SHA256
caa4adb979dc1f7d211e5e308513f84a95db47cc55e7a994865804e3cdbf58d8

SHA512
d79269dab4f88d9bdd2342094e1db35c381c00b3c7884cedcb582a733cf1dd84131adc24c3c776974a645116912b1ec1578eae8e0895d3b40da809072287373c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b3219f3da53c6ffcbea0719283efcda3

SHA1
082ffc014833adc2a30e666c5336e64ab64d145c

SHA256
5aa2d6fa0443db460396dc7fb8015c48ff44c593d031a49eacc99fb7c81feb07

SHA512
aa127b7e660c610c5119f43298fd8f34e59d69e28b90bf84faa34da6d3b851f7052a2c43e2456eab884e9917e8dd4dace9d2ccfd788dcb1a28e42db7052ad202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5fcb97ab7d2c2f0d624e01f3cc8ee5cb

SHA1
d64bba47860773bc7ecab102f60477ad3b5678be

SHA256
d2e43b1f048f8d36202d11395bb99bd1e7d0e3101f2f8d109ae99faf12093d10

SHA512
0ee8a5892f39e477bf57ad06d28d2776f19268d6715ab43983db712842c3c689182e974f050573ba24e885e58113633cad2facc5b6ab7ad81f115459f6a0b931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
df7452d90c4c6194ee233230ee14bfa5

SHA1
58e8fae9682b4394c648afef49927f4946306f71

SHA256
95640c74850e6f6d80fac5ef64ab7d39546c7b959004d3e9a3ee3af1fa49afbf

SHA512
2527342f4bf5e075e5699af090bec8bfb7fba3b5ce929288640f2d660b54858643758c6ea2d0b78f3f28e7638f624c2f3b5a0a8a7c9027e496eb77e64dce6296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e80c1e4b8385c8dd31a4da33faddeafe

SHA1
1782f33d42c9b289ffda67b2bd16f863310e8673

SHA256
fb0c2c1c1e3971e063fef5ce7c50ecd4a68a578775901dd7047ff5dee932e54e

SHA512
dd0f3cb2fe7d13b78037a2a3de3f39fd48c3711ce4ce03777d4f97c9bf115bb6edc41ab1bd1903046c430e58929265a97d6b3197a8db447ea2cee4ee06678dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
366d48b2296750572c51b2ff4c8fe3e5

SHA1
5e7f0b6be9704338ef0ea6a6b62ff0acccddc285

SHA256
9f1efee7c3ea566a2dd2e9add6915b8f0db90f044370f8357fe4e7b253e1051a

SHA512
2d413d1517d1543dc9b07768704175992207b058009b9c083472d45b67283de6e6dbd581e5c2ae1f96db77795d1e9255fa2c73130d4c8bace45228d72feeb463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c12d.TMP

Filesize
874B

MD5
3e7625bf3eccb34f6251bb127599dc39

SHA1
fc9725b5bd5c340791a9159e775b66eee55cc3dc

SHA256
a109c63d8ce7d7b21415f466208cc6094ea14d7e0b992f8b46da69ead16c5d28

SHA512
208fff668f33de0f0fccd30cd7c1d58329624d46a2b2623cd0374286db969aa86a7a29caa96c625cb76fb225eb785ea5cf7fd2d33aad620b72511b8fea0c9303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d01b5cb0-23df-4d5c-9399-14fae8ed273c.tmp

Filesize
2KB

MD5
ac5bb7a13a79b0104462c00d6b65a8b8

SHA1
4af9110bd094cdb71f656b236c962038dc3deb85

SHA256
4d65d3e245fc07f41aa051776e2e510d6f9773e880b1edfb14ed8eb24dfdcaec

SHA512
03f322636487fd28f784b60556c7253ec35b157fde3afcb3b1ddb2092db97a1b564c5fffff52d4dfa01149281ca9267f1c11c1aea073f2f69d448df3e93edc4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d22b5e59-944d-4f96-b749-0f336bbdb838.tmp

Filesize
5KB

MD5
2eba382768426ca59298014ba55305d2

SHA1
686a39b6e9ddd835ddb7f45df7518c09d0a1f068

SHA256
02331c188886ef9765eb7884ca3e1c2958d70036acf59a7cc499855257090149

SHA512
4962bdf6ec391d6c1031c0030e0067662d32f235789f325236a978862ab69f4e62c664b7f14eb6b77787793c1b68cbafcb1292bca0f07da6d1e16b4f1024f9b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
022d247a1c14e90d5b8706b125b1e51a

SHA1
fd0c4e5540c731ee5098b697766da6aea6247198

SHA256
a56313c99d151314d459cc69144b40aafc019fe7af20ae0673faf040dacebf18

SHA512
66f91264a09eaeb90648d2590063015b69dd1f6b55915a94700646871de3d04e54bc291f47eaac38f53737964c8354add0982d2870664101c0e4e7a10bb5de0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
65f3671223fe97cb389fd53b7e9704ac

SHA1
6539d685a9cac1a1f22232ffb108af7a29ee3138

SHA256
15af315e66afaa7b7cb9a900801c0097b948dc26498edf721bd2e67595a35417

SHA512
269e99ceb4d1fa7df5bc795aeaa608810be284d2bb015ce34c0d737099a04e53649c52c1c69851f7339ea6a8c8f92998fa6a5feb4b198a26cd49aae1f965eba5

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 147052.crdownload

Filesize
224KB

MD5
5c7fb0927db37372da25f270708103a2

SHA1
120ed9279d85cbfa56e5b7779ffa7162074f7a29

SHA256
be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

SHA512
a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 209059.crdownload

Filesize
233KB

MD5
20fa439e1f64c8234d21c4bc102d25f8

SHA1
ba6fc1d9ba968c8328a567db74ef03eee9da97d8

SHA256
2f10f1384f3513f573a88e1771c740a973a5a304387e23aa4bf310794532fa8e

SHA512
19e9d62a852293ffa99a412ba8fa5dd0336a7753af4975e06cd53c02ee6f0058485160f8f8a64a8bca19d88eb426a4a2785885c02a494f33f2b6e383204a7f39

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 668453.crdownload

Filesize
411KB

MD5
04251a49a240dbf60975ac262fc6aeb7

SHA1
e211ca63af2ab85ffab1e5fbbdf28a4ef8f77de0

SHA256
85a58aa96dccd94316a34608ba996656a22c8158d5156b6e454d9d69e6ff38c3

SHA512
3422a231e1dadb68d3567a99d46791392ecf5883fd3bbc2cae19a595364dac46e4b2712db70b61b488937d906413d39411554034ffd3058389700a93c17568d2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 886099.crdownload

Filesize
51.7MB

MD5
e1dfc4f445c9d5eb075009970c116128

SHA1
46b9604d6c5cd96204bf51a754520003455f1aa3

SHA256
83ddf34331d00285918cff184a6a8ff26fc8d6682018bdee6cf54cb7824fe8d8

SHA512
fec0cde77d6accba6976b3864302ba801f450df440bbc8b38386bc3fbf2cf3b12773d04c32480f67ede4396bafe3a34b0500d776d9d7d489c466eac80b2180de

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 886099.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\m.wry

Filesize
42KB

MD5
980b08bac152aff3f9b0136b616affa5

SHA1
2a9c9601ea038f790cc29379c79407356a3d25a3

SHA256
402046ada270528c9ac38bbfa0152836fe30fb8e12192354e53b8397421430d9

SHA512
100cda1f795781042b012498afd783fd6ff03b0068dbd07b2c2e163cd95e6c6e00755ce16b02b017693c9febc149ed02df9df9b607e2b9cca4b07e5bd420f496

Download Submit
C:\Users\Admin\Downloads\r.wry

Filesize
729B

MD5
880e6a619106b3def7e1255f67cb8099

SHA1
8b3a90b2103a92d9facbfb1f64cb0841d97b4de7

SHA256
c9e9dc06f500ae39bfeb4671233cc97bb6dab58d97bb94aba4a2e0e509418d35

SHA512
c35ca30e0131ae4ee3429610ce4914a36b681d2c406f67816f725aa336969c2996347268cb3d19c22abaa4e2740ae86f4210b872610a38b4fa09ee80fcf36243

Download Submit
C:\Users\Admin\Downloads\t.wry

Filesize
68KB

MD5
5557ee73699322602d9ae8294e64ce10

SHA1
1759643cf8bfd0fb8447fd31c5b616397c27be96

SHA256
a7dd727b4e0707026186fcab24ff922da50368e1a4825350bd9c4828c739a825

SHA512
77740de21603fe5dbb0d9971e18ec438a9df7aaa5cea6bd6ef5410e0ab38a06ce77fbaeb8fc68e0177323e6f21d0cee9410e21b7e77e8d60cc17f7d93fdb3d5e

Download Submit
C:\Users\Admin\Downloads\u.wry

Filesize
236KB

MD5
cf1416074cd7791ab80a18f9e7e219d9

SHA1
276d2ec82c518d887a8a3608e51c56fa28716ded

SHA256
78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

SHA512
0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_4424_EUVFWEWTMTIZGBNB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/548-1330-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/1744-1336-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2716-1285-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2876-1326-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/3328-1181-0x0000019524110000-0x0000019524111000-memory.dmp

Filesize
4KB

Download
memory/3328-1160-0x00000195259A0000-0x00000195269A0000-memory.dmp

Filesize
16.0MB

Download
memory/3328-1273-0x0000019524110000-0x0000019524111000-memory.dmp

Filesize
4KB

Download
memory/3328-1244-0x0000019524110000-0x0000019524111000-memory.dmp

Filesize
4KB

Download
memory/4576-1260-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/4964-1290-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4964-1339-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/5020-1155-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download