wannacry | hxxp://www[.]webmoney[.]ru/

Analysis

max time kernel
267s
max time network
270s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
29-05-2024 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.webmoney.ru/

Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Downloads MZ/PE file

Drops startup file 2 IoCs

Processes:

WannaCry.EXE

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDA57B.tmp	WannaCry.EXE
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDA574.tmp	WannaCry.EXE

Executes dropped EXE 10 IoCs

Processes:

WannaCry.EXEtaskdl.exeWannaCry.EXE@[email protected]@[email protected]taskhsvc.exeWannaCry.EXEtaskdl.exetaskse.exe@[email protected]

pid	process
4440	WannaCry.EXE
4612	taskdl.exe
4996	WannaCry.EXE
2008	@[email protected]
4320	@[email protected]
1424	taskhsvc.exe
3056	WannaCry.EXE
3140	taskdl.exe
4204	taskse.exe
2360	@[email protected]

Loads dropped DLL 9 IoCs

Processes:

taskhsvc.exe

pid	process
1424	taskhsvc.exe
1424	taskhsvc.exe
1424	taskhsvc.exe
1424	taskhsvc.exe
1424	taskhsvc.exe
1424	taskhsvc.exe
1424	taskhsvc.exe
1424	taskhsvc.exe
1424	taskhsvc.exe

Modifies file permissions 1 TTPs 3 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exeicacls.exeicacls.exe

pid process

3100 icacls.exe
4764 icacls.exe
2980 icacls.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
3100	icacls.exe
4764	icacls.exe
2980	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\obpfgsjmrmyjcf936 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\""	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service
T1102

Processes:

flow ioc

131 raw.githubusercontent.com
1 raw.githubusercontent.com
12 camo.githubusercontent.com
12 raw.githubusercontent.com
108 camo.githubusercontent.com

flow	ioc
131	raw.githubusercontent.com
1	raw.githubusercontent.com
12	camo.githubusercontent.com
12	raw.githubusercontent.com
108	camo.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

WannaCry.EXE@[email protected]

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	WannaCry.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

1732 reg.exe
NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier msedge.exe

pid	process
1732	reg.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exetaskhsvc.exe

pid	process
5060	msedge.exe
5060	msedge.exe
4152	msedge.exe
4152	msedge.exe
776	identity_helper.exe
776	identity_helper.exe
4388	msedge.exe
4388	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
1052	msedge.exe
1052	msedge.exe
1424	taskhsvc.exe
1424	taskhsvc.exe
1424	taskhsvc.exe
1424	taskhsvc.exe
1424	taskhsvc.exe
1424	taskhsvc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

Processes:

msedge.exe

pid	process
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious use of AdjustPrivilegeToken 47 IoCs

Processes:

WMIC.exevssvc.exetaskse.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	1400	WMIC.exe
Token: SeSecurityPrivilege	1400	WMIC.exe
Token: SeTakeOwnershipPrivilege	1400	WMIC.exe
Token: SeLoadDriverPrivilege	1400	WMIC.exe
Token: SeSystemProfilePrivilege	1400	WMIC.exe
Token: SeSystemtimePrivilege	1400	WMIC.exe
Token: SeProfSingleProcessPrivilege	1400	WMIC.exe
Token: SeIncBasePriorityPrivilege	1400	WMIC.exe
Token: SeCreatePagefilePrivilege	1400	WMIC.exe
Token: SeBackupPrivilege	1400	WMIC.exe
Token: SeRestorePrivilege	1400	WMIC.exe
Token: SeShutdownPrivilege	1400	WMIC.exe
Token: SeDebugPrivilege	1400	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1400	WMIC.exe
Token: SeRemoteShutdownPrivilege	1400	WMIC.exe
Token: SeUndockPrivilege	1400	WMIC.exe
Token: SeManageVolumePrivilege	1400	WMIC.exe
Token: 33	1400	WMIC.exe
Token: 34	1400	WMIC.exe
Token: 35	1400	WMIC.exe
Token: 36	1400	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1400	WMIC.exe
Token: SeSecurityPrivilege	1400	WMIC.exe
Token: SeTakeOwnershipPrivilege	1400	WMIC.exe
Token: SeLoadDriverPrivilege	1400	WMIC.exe
Token: SeSystemProfilePrivilege	1400	WMIC.exe
Token: SeSystemtimePrivilege	1400	WMIC.exe
Token: SeProfSingleProcessPrivilege	1400	WMIC.exe
Token: SeIncBasePriorityPrivilege	1400	WMIC.exe
Token: SeCreatePagefilePrivilege	1400	WMIC.exe
Token: SeBackupPrivilege	1400	WMIC.exe
Token: SeRestorePrivilege	1400	WMIC.exe
Token: SeShutdownPrivilege	1400	WMIC.exe
Token: SeDebugPrivilege	1400	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1400	WMIC.exe
Token: SeRemoteShutdownPrivilege	1400	WMIC.exe
Token: SeUndockPrivilege	1400	WMIC.exe
Token: SeManageVolumePrivilege	1400	WMIC.exe
Token: 33	1400	WMIC.exe
Token: 34	1400	WMIC.exe
Token: 35	1400	WMIC.exe
Token: 36	1400	WMIC.exe
Token: SeBackupPrivilege	2392	vssvc.exe
Token: SeRestorePrivilege	2392	vssvc.exe
Token: SeAuditPrivilege	2392	vssvc.exe
Token: SeTcbPrivilege	4204	taskse.exe
Token: SeTcbPrivilege	4204	taskse.exe

Suspicious use of FindShellTrayWindow 43 IoCs

Processes:

msedge.exe

pid	process
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

@[email protected]@[email protected]@[email protected]

pid process

2008 @[email protected]
2008 @[email protected]
4320 @[email protected]
4320 @[email protected]
2360 @[email protected]
2360 @[email protected]

pid	process
2008	@[email protected]
2008	@[email protected]
4320	@[email protected]
4320	@[email protected]
2360	@[email protected]
2360	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4152 wrote to memory of 2016	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2016	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2372	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 5060	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 5060	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe
PID 4152 wrote to memory of 2248	4152	msedge.exe	msedge.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Views/modifies file attributes 1 TTPs 4 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exeattrib.exeattrib.exeattrib.exe

pid process

1444 attrib.exe
2504 attrib.exe
1400 attrib.exe
1500 attrib.exe

pid	process
1444	attrib.exe
2504	attrib.exe
1400	attrib.exe
1500	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.webmoney.ru/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff848d33cb8,0x7ff848d33cc8,0x7ff848d33cd8
2⤵
PID:2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
2⤵
PID:2372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
2⤵
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
2⤵
PID:1496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
2⤵
PID:3020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
2⤵
PID:1172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
2⤵
PID:4992

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6376 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
2⤵
PID:648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
2⤵
PID:1136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2556 /prefetch:1
2⤵
PID:132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1
2⤵
PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
2⤵
PID:3888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1
2⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
2⤵
PID:2324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
2⤵
PID:1048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
2⤵
PID:564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
2⤵
PID:1400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
2⤵
PID:3888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
2⤵
PID:4192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
2⤵
PID:2244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
2⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
2⤵
PID:1968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
2⤵
PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
2⤵
PID:3392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
2⤵
PID:2992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
2⤵
PID:4284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6388 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
2⤵
PID:684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3972 /prefetch:8
2⤵
PID:4632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,12412983947666616403,14840192813251234535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1052

C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
2⤵
- Drops startup file
- Executes dropped EXE
- Sets desktop wallpaper using registry
PID:4440

C:\Windows\SysWOW64\attrib.exe
attrib +h .
3⤵
- Views/modifies file attributes
PID:1444

C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
3⤵
- Modifies file permissions
PID:3100

C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
3⤵
- Executes dropped EXE
PID:4612

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 106551717009317.bat
3⤵
PID:1820

C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
4⤵
PID:3704

C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
3⤵
- Views/modifies file attributes
PID:2504

C:\Users\Admin\Downloads\@[email protected]
@[email protected] co
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1424

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
3⤵
PID:4940

C:\Users\Admin\Downloads\@[email protected]
@[email protected] vs
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4320

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
5⤵
PID:5000

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
6⤵
- Suspicious use of AdjustPrivilegeToken
PID:1400

C:\Users\Admin\Downloads\taskdl.exe
taskdl.exe
3⤵
- Executes dropped EXE
PID:3140

C:\Users\Admin\Downloads\taskse.exe
taskse.exe C:\Users\Admin\Downloads\@[email protected]
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4204

C:\Users\Admin\Downloads\@[email protected]
@[email protected]
3⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "obpfgsjmrmyjcf936" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
3⤵
PID:3272

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "obpfgsjmrmyjcf936" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
4⤵
- Adds Run key to start application
- Modifies registry key
PID:1732

C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
2⤵
- Executes dropped EXE
PID:4996

C:\Windows\SysWOW64\attrib.exe
attrib +h .
3⤵
- Views/modifies file attributes
PID:1400

C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
3⤵
- Modifies file permissions
PID:4764

C:\Users\Admin\Downloads\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry.EXE"
2⤵
- Executes dropped EXE
PID:3056

C:\Windows\SysWOW64\attrib.exe
attrib +h .
3⤵
- Views/modifies file attributes
PID:1500

C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
3⤵
- Modifies file permissions
PID:2980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1964

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]
Filesize
585B

MD5
afe3c57279b5bd85c3f5a5ed0b634a3e

SHA1
949e5bab07c54dd29f16412bdc5a996c0c8bf0cc

SHA256
d861c1a05ee06987dfe7abe56c9a452670792449f39eff507255a8d1db686789

SHA512
45452e9d61d72fdb2483bd809da4a01bf926a2f6525bf6782e90cf73a5a70161b7d763a6f141f88374a44b7c0fba38f702138af90d3ff1019005d0d651de5ab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6876cbd342d4d6b236f44f52c50f780f

SHA1
a215cf6a499bfb67a3266d211844ec4c82128d83

SHA256
ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e

SHA512
dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c1c7e2f451eb3836d23007799bc21d5f

SHA1
11a25f6055210aa7f99d77346b0d4f1dc123ce79

SHA256
429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800

SHA512
2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6182371d-17e1-42d2-8752-6dce784417db.tmp
Filesize
2KB

MD5
b2feee661cd4bf764b4d23accbe82c51

SHA1
05047f040426ec4edb3bfc5d9c3a664075f49979

SHA256
3bb613c1a4be8931e8a2ef8407417ebd32c341b734624e265a91df3f22739ca3

SHA512
07f216cbbc2014db0e8ee2623f871ba78f9ea157c2c0cc654740e687218edc3616238dabf72ec48c66f21f5d63fc67b8c10b62f57b056c94577192a8de099dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
1024KB

MD5
70f4f2ef029e8143003d1851d51b9db1

SHA1
35bf824cb8c18eb21a6a188e9e5a0652c2840d85

SHA256
91a4db6617cc68cecdd4cbd5bf7d8febe4c8cefa4c030b8dbf62d94d0701d163

SHA512
d7410f9fd4595b455576907a9ae62ebd58ce62bbd1c2f5c7543b8941484e5b899bdb6488e8e9921fa62a2791d95574d0bbf5f1f2b9db944fc6437c6a3bcd22d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
Filesize
40KB

MD5
c9064e5728ce30490ffe57f2cc60ae47

SHA1
870e176d01d11460c36d146f8705184efc311009

SHA256
9e86c748174642678845f8ea20d2139a1c003a6b93537e55e351e79489168396

SHA512
361a91a045dd1052627cf6ff639ab0b3ff40b353e9e362e8e44702bc12421c763d47d18888cad060b3691a9d73f63fc26323a68660ecb1fbc5e80e96da1e3607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
628b86f689e44f7d1c7eb73657b17bf8

SHA1
59aca082349459fca4e7b01a4b553aca6af5d4a6

SHA256
cc48f0952a6047445b9af589eaa2e04e460a62b34c41b4de09e25e9a8b9d3cf6

SHA512
b1cd47b345e7d0345b3f13a4c55ce81943ace6066a4caee74a06032ea7b700f6e287ee97dbb5c1e18188869475a3db1213e5cedb7bf6d4e00a3e3c6905669de0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
e454d9f26f0e1d9df318435d71ca7225

SHA1
648127770f65fa4721db409e9ab92fa5ec0cf30e

SHA256
6407a6c9db1dee0cfe922b0e0433409a2c5d8e11f905e453604c1df4b9dcb1f0

SHA512
61465b3f5b7c2b5b138d1f14b57620a292b6f5c417229f12281ec4b3215324d5916d6bf0dfdb1a7f72ed5a6f237ea0f7b6a6f1d260ac5b255646b6c367e678a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
da576c7dc93c8bfb422e724aa8955956

SHA1
e665424b12b42585b53d10dc17231dc694fbc1ce

SHA256
f7039e9ebf9ddaa4cca0e3a18cf97a653378ae970abd1a8244c07acf32d15e31

SHA512
babebe99279297e33fe248ae54d91e9c9449d67b95d15b85b69ee8c3cdf5e59de3b0ffa5544d414cb5b4b077cd48ddc3869ad344805650398b818b929107ffa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
764e89e3a9441731a27cc48b02b82012

SHA1
a5aefe768945d3fa53ff976059552f681d46def8

SHA256
e54869d853504a490207d7a711b8467dc931532b8232538b482be98e51a1f1a4

SHA512
f9bba0fcf1cfe2f604dd038e6759c8d1fefab95ad0d8c5b9997db6c62a09da614e572235d66df5be144d63f111ffd2c65b544e14eaec24eed6398704e490aecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
09ef8c2d4edb6fa256060238c72810bf

SHA1
8ae19e019bf78beccb8cd9b03f61bcf97a75f4ef

SHA256
a3cf01dc78da68f6e8018a6222fd9b9d6439fb7f0ace286af20c10a45e97d38b

SHA512
23300b58efdc3637ba75b0a5539e9b60a64812b0b9b496948690787f7e8fe9f27dd98c1ec6354250e70f3ff6ffc36cdb0d0699cb159216ff449f53645d631192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
b5ce1b11c7dfb50fd7fcc82983fe7e31

SHA1
97936c37302295f1db4daefcdbc191b950aac96f

SHA256
639e5ec89fc2fdc451eff498e74129dec296a1527ad66b7192e36fcd0bef220a

SHA512
949d5188f9fcbb4f7ff2fc376a33f9149f0ac3190b4026b163fb5574613e1f4f7cfa510c5ab0dcafde90cd305ffffc8b4c2dcea1a50edf33d62fefca2fd01434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
e14b48133a08c364a35425a4e95067e9

SHA1
f674ab4fcdcabedf4c0d1c3bad25c29c92eb21a7

SHA256
2b9eec5daad30aec0831a3173492cb740e3af8829878c96c1cb879af494c26a2

SHA512
d2cae0662ea1a50e7eddcfbfc6588dc9a849c0cba1542fca2248ddb94dd31376cb31baad8eea7666d56ba96ce63157e7be96e53a32e2fde4f966f33fceb59b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
067a7408c7a1e99b5bd3c5f4f1c5925e

SHA1
83e24d71f00e20113025b36390f535d4e3cbfe27

SHA256
1ac9d4833380112c525103bb37ea8b754c2aa09487bbea9dccfda27ddb6ffeb0

SHA512
ea338ca802f685a6467b6d976633df1691c00b349759e4fc61f291eec57794fe2799a86516b56790258f40e738068951e6aa8fe3a48e74c42f135b91fb9a6fbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
165c59cde92ecc0ad3652982bbc146aa

SHA1
3f261f2c8bfd90fdce451fff8b00425b40e37da6

SHA256
c8b6ca564212ab64722b5274513f82db427b607f5251b5a859df7e215ff2fd56

SHA512
b37edc7922ae1a4e9cc262edd5f6c22b17e9739e475ddac8ff06976ddebae86430fa175d2a4d5fae5594b38f183171079243e6a1a299819845a78672dfeefacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
31088379ecc9ecdda42ef40c04642006

SHA1
1ca58362f6e587add49c5ff28418fde280eecc7a

SHA256
b344ca43a486695d3a39cbee21332bc2df0f98aff784fa53442f6795ad71f8e9

SHA512
7a2b9be78418cff60ec5ac7f541d429d37d109fa8b5eaf8cc8b5c1a80f0dbb731f46605c4ca78491aec3f24406d350a29cbccd2a4f01eaffd42f14ccd9ea66a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
c542a8ffbff3e5a5811f86593d26d809

SHA1
f4ac9db7194e707b2856123bd639776cab29a631

SHA256
ee67364ad0b3fc5abf0faa7d28300820093465f6c95ea916389a73ac55c81c50

SHA512
304357a2b6fe044ff96be289dd0280b412c229c8112525b5f5cdef0da77e86f3f65a01bea068e704d69c85ac8f9deb905679d7d7ef9fd2f5626c8f747ce4c50d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1d9c3c93522f35edc6547f427b765334

SHA1
fe1c6c5683d1245c7423a7f977dc7715fd4aba29

SHA256
41294d4ca50c499a0bb1ffae9a7a2b21419f915526ef03b5b487c6e9297dc39f

SHA512
ecabc9fe4e2ea0acde27206284dfdce71421ad2e885678fd3c049a9f869b458d4332b4760027ed02ec8240443027c415cbe3dcdeb836cfe6d40454e822e1b822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
cc34bf3d3f6511a19fb838080a398b55

SHA1
00718576b0cc410de513be106951013a081c1959

SHA256
3eb979345e9d0f794175d7bb96913254442fd1a7b034a3ac5934ed8cb36f9886

SHA512
0f84d2efe2079d7871d0cb653a5e25914712e7d8d925909cedb5655e29ad4d52fd52c6095ee48ab0929eb062aa71adeea4e57ed5ca2b1776616761e6328d8da7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
49664e62146db88f806be0f13cb96df5

SHA1
b6d5219bbdbdfeb1f1824276ba0a9f4b416b852a

SHA256
db3f7801de4e5b7a105b39d63f23cf71994068d1eef172eeb43abbf27094a443

SHA512
8ae0cf1f8c026b80ea79ca6bcc29a91b85eb7aedf4d4b2bbe9382b9cc2abf258841fb42eedd493ffb6f11b53e793254fdbd769757ea130a640778b3409f75436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
efaaaa4fff95eb2df5c6a53000672940

SHA1
121ce3f43aae6176368576e372412b3282d949a0

SHA256
4bcb1d3b6c9922948e384a218c5efe72e3469f5c8ed79982ef9f0131e289d202

SHA512
12c69643212601a94899df43c268aa6890c6db524df7eaa1065951254c554080b19a752766ec4e6e4b39a3fd8883f20dd7caa08e01886f9e9fbe9c238f75fe9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
d2960a3a1edcb7310b832f4fe42fcbb1

SHA1
05ad496e4d0a077cd1a57ee26ede47f0b301adae

SHA256
d489f11f3403050208b081911dc434ab143fc2a7a699beb16c6e900a83f43563

SHA512
a2079606baf23abb68836a712baf4b25cd0443294106470ace34a3640466ac7aa1a9ae88ee896bdbd9376957ce91058c31102055a82c44d35b577622436988e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
869B

MD5
519b6d5e60d5ce17f3d4b180debd4b92

SHA1
4040cd3ca0624aedf92b36eef041b3551f3f72e6

SHA256
8c1592c3595ac29b27d7885e1e4a4a42be78bb683b0ce19fca0058186fb5169c

SHA512
62a497927df17457cc1d394c413f417365fb6d9aa349f68fe8e56442491b683b18094f696bc3661826a907a15a069a0e0a2be37d343a43ea81663f233af34e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
869B

MD5
d1727c489a0ad319a30bd0b388c92515

SHA1
dcb0c11b601ba34bbe27b92f21284c8a1b49bd8d

SHA256
6f4f9862fc1bf9a25628dbcb03c0dee51c5562751a264ba7d2d3ced8377d1f40

SHA512
25ce67aef9b9ca2950503cd5ed304f4bd570ebd11b5b208a133a6cbd7717343fec939ac24ec544cf501e887c9cb60187300aa448b28ab44a2c65b1b266edb3eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
33bde79d5369a4b77905fbbc2ed26d5c

SHA1
0db1e72a02eea0ca9734eeb22c198b156a236427

SHA256
4505faecd62673b810491625a1ee63247cc3b929d20c43471a655efc092a1164

SHA512
cd31cc4c6cca5ad7257bf85dbf2946c175051760e27ec61c6f09fffa3cd69415a6d405cdebedd6796d173d41dee19d8edae9c7b1c00069fc6ac27506a70a57cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
bf66f7c14edbb941d4c9e5ebef5ac70f

SHA1
32c9f90fd671db09e44568b23f5807119ed909b5

SHA256
8cf8860ee445bde92c668bad40b8e218cdc429fa838b015fae9a67637b90c223

SHA512
c34285255404f41be0dac6cf96f930481b5edbe3168036f81eb0010e882bde834e9a2371742a55b12142a50ed11b8ceadf26b98400bb193cdb07d092c54a925f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
c38935a48afa064fa513373a603acdf0

SHA1
dfa102485b5db39ee9b4e077c98b9e75b5a1d3ce

SHA256
5ee5568ff7fa644c68d33949d960a97539eac16bb9871ee94c0ff09160ff2be6

SHA512
62e220c3755656bf10e667b89ff010971b891e9fcc2d26cc18ed7b9bb43a9713b3037358503edcc9df10f34eb4ef08008c6a245d815a27188b7bf448e41a1abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
13d83c97490425c92b241b9b8c56fde2

SHA1
197e73d0a6da2c832c32ef62c4f437f61aed8f08

SHA256
5869a7ed84410d503eacfafcf1607f3afa9a56e3098a31c5b807be75b51bc2c3

SHA512
fb5b8acb3d7cef9a482bdfdd999efef0a2e9b019f9bc77f6c5bbba14d3161cca55c7a95284c285e3aa848a904eaf377dcaac9c12db67c40aa46f68cd13795209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
869B

MD5
ddf000e232b75ee4b87cb8f2c61672bf

SHA1
02f217040baa5ceec05ca73cc07deff7ed7a37aa

SHA256
89bce2b22394f6ed5681f2400d7525303fd140d0cb9a75c286295c0ab1327357

SHA512
c06b0c5b4472fd4447d7915f5cfdb0f86295f09c87089d02aad3e7b099d226c8d64a68ba3b14235d26d32b4772cbb94c334cbb63a77dd1029f312ebbfa7997c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
869B

MD5
80ef7ad839f12f50c1b3810206525dee

SHA1
3a9ae907ddef32dfa67d7215bd56ab8f37b9b015

SHA256
46c32d55a00f44578d7ff1e37558aa713bd1b82c060f2a340f1c234f88edd57e

SHA512
5ccce85861d5f74091931f0d5ec49a594fe4936df5431c31dd4b473e9aa4efef7a233f682cfd62d6bf2c81f68c5bfa045b10076eda0b981d79ea36703dac1036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
6bbb63ca7011dee0eb4e1dc17c9e0fd3

SHA1
e40ec16d01103016e7901c4da6e9f8158a869e52

SHA256
d10b2b87dd50d3dde86a2b850cef23c0cae8b8c11519ccd76d2ab41fe5e1794a

SHA512
aaff84d76c5147f87592547ecf35f2c1c8bc4f113cdfcc8abab8efabfbb96ba42ac3609a17046d8df62695fcf067e61140c75592fe8e6a054c02c93edd51dbe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
a9ab622d4caf77e6bbd9bc745ccfa51d

SHA1
b2b72a56656c9087b363bc24a22653d7b3bb0760

SHA256
97c5dbd0b94d8319c23b46a21d0fc7760da3029aa9027c6d4e126c4a81039052

SHA512
52654775287d84b5b128912c25275be665c64721eac23f405b382461402cd643f2051d2b972d5188b9ba6ba426148e707a4635b79272ea6d281648e1c7b7ccfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
3c4e3ddf65e9397348bbaf2a49eb95d7

SHA1
b13db4acab8506029230f6760b9a0935c9249db9

SHA256
798adf42907cd8082223781fc9b9d984cbbce37720ab094266a5cf9b2a85e611

SHA512
657033b562754b805e2a93f5efe8c6087e8bad034e808533ae585cfcfd74bc3d7605180112c5776070562713891a0b4144ce84a3c6e5663c8c479160f5bc5fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
66d46bd185573698f24621584fef6d76

SHA1
9502f1e747ddfc08a4815eaeefecb35dd1fb2629

SHA256
6a5c834896b35768d7d50386e0a08a02a1cd3f4ed1df7b3c819fbf3dd441732c

SHA512
7231de2b12a08ee31c8ca4bb3904d0ace1d45ba3cb03d5c503b82a5829d7689cd056fbed6296588f92aa1aa3d264804f76e48c5866d271550482e2df791024cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
290d2f5be5c49881fec387d2ff4b2595

SHA1
fa9c05832ff78a73f454ae629c271967e444e6cc

SHA256
805cb9d13acbf322f163f65990da9621623ecad62d33fa331a787569d443ac47

SHA512
6640ca96f893a11c71a57acf4a0db3072fd1415abe5f3d1af00d04b27e97a95edbdc5f3cd8359216e956fa7fb7abbc2df64bdce26d3394a5b1714313c5d9f662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
97fbd6f4281729a7ab772810850e7e34

SHA1
19d91c3195b7aeeb1fba357cb3d89bd8e1fb67fa

SHA256
ee1e3cb77acf7360daa9278edba5ff6d015b20a17270e4964caf514138d7151b

SHA512
3c7668ddd2d4260f3c6776db587b2eef999812f08a107f712402462070cd5914e792d717802ff402179c759d7f54147411ffe3a19fc507d36eabb28eea1c08ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
708B

MD5
fec615dfe43d5c440dae2bb72b4cea38

SHA1
7e25e6895b0017bd0d67413a6cdf32d3b6194b37

SHA256
041a76f4b0d46216abe5c9e0898302e77c895a37c81f75cffe1a70dfbe550e2e

SHA512
da4d673fe29da7539a8623977bdd95a475bc1589867cbb811ee08b26a22d7bdd500d752e54737e7fc4bfbf6915757f1652fcb10cb862349384501f6b1cb3737f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
1183781f56e2dff88371e1ae8a6647f0

SHA1
f4eeff1cacd0c0c573a0e4548e3fb9867c54a37e

SHA256
fa4e1a228b2ae7714f578fd00d74f464c1914eb6fc367cee8320c8065b8bb2c9

SHA512
e60e8442ef948e37ea98b77c277475699ae641f859f611a0a91af0384c49f03059cbeb30cfa5b5ea8395f5fe2437c7dc7a72a18b668e8b9d8a855d0d063066c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
a9764ac2c42b6a9e6bc3d8af71f3c90b

SHA1
02f54044a487ca3d5bc6ffbc38ee2a74ee986da9

SHA256
5726957aab4a95ca3a63700175e05fc60e6578818003497a92da0e802f67eafa

SHA512
4426bbabc9b0df2571a5eba4c829e3c181fd575248f248ef6be22da56c71d096f83a7bdc0f09e242c6486c5a0a9151716ac013a414751a18fbe78e24b48d4973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
84f7b41e6aa8ed6ee8fdb0c74543be49

SHA1
5956b88395ca284db6a27dd93bf3fa2d4a3799f2

SHA256
5db7d25138548fffca9a758014ed06a99de30f9415f773fd68d3aca2432170f2

SHA512
e4136933c44ec3622173ed07a17e198ed0dfc83569b45bd407c4b76a0d27b5e0cc60033dd28ede94f84385249d689ee80d81efc3376e5cc4cf8fac20925f1ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
e02262435e10b2d25fc88493d2960fa7

SHA1
aacf1a6482feb76a133c699b5108c13021d959e8

SHA256
ff8e4373dd622a2fd0428fd495324ab3c07ae0f259bf037e0d4dafa8c81c0c61

SHA512
98efb7a1f991198d5b04363e286e65dfdd1fbd0cbe3b9d63892c7bd05a815f626d014506b1ffff63b1fa2017bdbf41f2bfecba77ac1e3f66b5a6f8868518e9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
cb18d38de9996bc1c4c0525e12e63950

SHA1
004dfafeca13e760aee8a72fdb2eb8134060ca85

SHA256
95136c9344b71a5bf126c8057fd8ce69bae83ee8fac82aac91badf43990f8ea1

SHA512
a6d58a53a522c6a7d18ca476f79061a58d55304074d33fff3bfd497c0c3afc8837da0a35c0175fd39712cfe2fb0cab16ff8f25acc4ac31fc7b355a8d9af079ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bf49.TMP
Filesize
708B

MD5
88031ab53e47f39685ff82840b5a4b9c

SHA1
b911797f0917aed5c46f8b70f98b2a0582df1d55

SHA256
2f5baf4dbd32d71bcf3d0d42ed7bf8eb1b804b828fedeaa27e78473d49f5288b

SHA512
f747d3da91b57b8d20b6031f9893ca4a7decd3b7d1fdafede31e18b8a90939addf86559b0331f5b91665039b05f48023778d7d2f83e6e253fec40f1bc7db9a67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
e61e13d0cd88e45e0d41ce8b8e7d2a5d

SHA1
d275021abc8165700b0a96b17699f678f5658f64

SHA256
de31afc79cdd24695c16db9a3494fe27f0b172cd89061fdc120a44750015d1be

SHA512
20c85839fcb11034877275f43ec3697ba6d9870172f3998eb8263fc427bf075e8b47045d158ac3ddeaa4df8a2af2e6aac31f8d85ece2ec25ef79eea193eaf6e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
38a79dfe6c81fe4e5e3bcec9c61fb13a

SHA1
9b86cb6844fa9ef972c33f269ba81e5a9ad36057

SHA256
d60e5c6bb790bb3196ba8fee5fbaca388c36091afc8308c5d78f39f24c7fd1e0

SHA512
958e15df638e624e804e0b0a0dbcdb3b998be6e7d4a755bf92dcd7437c66187b04e759a9bf276da4129b1408e75e9ab5b816f94b754994053ddcdb932e413d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
11ca5c6a3ad5f68695f1cb16ab71da95

SHA1
fe5be6709769bbd6f0f07312d8dc591e6994c1ae

SHA256
28fa9cb720c32a7055bec5bb1570a2560382de3fde4d2ccaa7ca090175b98525

SHA512
7f45a07956397d498dcb7464b878e83059c7080b964e901f3d666a40f6f4b2f543d5c944e45a39f870bce18c193a65c4f6b593d071cf8020e0515e47a58565df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
3e8252547d1d0145d9068d6a7ec08406

SHA1
3d4169304efef0e68bf0b0658eaae49ced4caa90

SHA256
80614b59ed3b05116d261f51ee02fd204db920a245911f805bf456e507b50092

SHA512
2387c3b20d604158629a4fa13ddc25aa94eafdcd65bebd12f1afec9174739b918dff16df1e075bc0024a8d0ba5de368be1ac43189b30d947a821d4b9c33d5386

Download Submit
C:\Users\Admin\Downloads\@[email protected]
Filesize
933B

MD5
7a2726bb6e6a79fb1d092b7f2b688af0

SHA1
b3effadce8b76aee8cd6ce2eccbb8701797468a2

SHA256
840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5

SHA512
4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

Download Submit
C:\Users\Admin\Downloads\@[email protected]
Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe
Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 631676.crdownload
Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\b.wnry
Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\Downloads\c.wnry
Filesize
780B

MD5
8124a611153cd3aceb85a7ac58eaa25d

SHA1
c1d5cd8774261d810dca9b6a8e478d01cd4995d6

SHA256
0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e

SHA512
b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17

Download Submit
C:\Users\Admin\Downloads\msg\m_bulgarian.wnry
Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\Downloads\msg\m_chinese (simplified).wnry
Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\Downloads\msg\m_chinese (traditional).wnry
Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\Downloads\msg\m_croatian.wnry
Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\Downloads\msg\m_czech.wnry
Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\Downloads\msg\m_danish.wnry
Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\Downloads\msg\m_dutch.wnry
Filesize
36KB

MD5
7a8d499407c6a647c03c4471a67eaad7

SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

Download Submit
C:\Users\Admin\Downloads\msg\m_english.wnry
Filesize
36KB

MD5
fe68c2dc0d2419b38f44d83f2fcf232e

SHA1
6c6e49949957215aa2f3dfb72207d249adf36283

SHA256
26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

SHA512
941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

Download Submit
C:\Users\Admin\Downloads\msg\m_filipino.wnry
Filesize
36KB

MD5
08b9e69b57e4c9b966664f8e1c27ab09

SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa

SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

Download Submit
C:\Users\Admin\Downloads\msg\m_finnish.wnry
Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Downloads\msg\m_french.wnry
Filesize
37KB

MD5
4e57113a6bf6b88fdd32782a4a381274

SHA1
0fccbc91f0f94453d91670c6794f71348711061d

SHA256
9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

SHA512
4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

Download Submit
C:\Users\Admin\Downloads\msg\m_german.wnry
Filesize
36KB

MD5
3d59bbb5553fe03a89f817819540f469

SHA1
26781d4b06ff704800b463d0f1fca3afd923a9fe

SHA256
2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

SHA512
95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

Download Submit
C:\Users\Admin\Downloads\msg\m_greek.wnry
Filesize
47KB

MD5
fb4e8718fea95bb7479727fde80cb424

SHA1
1088c7653cba385fe994e9ae34a6595898f20aeb

SHA256
e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

SHA512
24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

Download Submit
C:\Users\Admin\Downloads\msg\m_indonesian.wnry
Filesize
36KB

MD5
3788f91c694dfc48e12417ce93356b0f

SHA1
eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

SHA256
23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

SHA512
b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

Download Submit
C:\Users\Admin\Downloads\msg\m_italian.wnry
Filesize
36KB

MD5
30a200f78498990095b36f574b6e8690

SHA1
c4b1b3c087bd12b063e98bca464cd05f3f7b7882

SHA256
49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07

SHA512
c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

Download Submit
C:\Users\Admin\Downloads\msg\m_japanese.wnry
Filesize
79KB

MD5
b77e1221f7ecd0b5d696cb66cda1609e

SHA1
51eb7a254a33d05edf188ded653005dc82de8a46

SHA256
7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

SHA512
f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

Download Submit
C:\Users\Admin\Downloads\msg\m_korean.wnry
Filesize
89KB

MD5
6735cb43fe44832b061eeb3f5956b099

SHA1
d636daf64d524f81367ea92fdafa3726c909bee1

SHA256
552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0

SHA512
60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

Download Submit
C:\Users\Admin\Downloads\msg\m_latvian.wnry
Filesize
40KB

MD5
c33afb4ecc04ee1bcc6975bea49abe40

SHA1
fbea4f170507cde02b839527ef50b7ec74b4821f

SHA256
a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536

SHA512
0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

Download Submit
C:\Users\Admin\Downloads\msg\m_norwegian.wnry
Filesize
36KB

MD5
ff70cc7c00951084175d12128ce02399

SHA1
75ad3b1ad4fb14813882d88e952208c648f1fd18

SHA256
cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a

SHA512
f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

Download Submit
C:\Users\Admin\Downloads\msg\m_polish.wnry
Filesize
38KB

MD5
e79d7f2833a9c2e2553c7fe04a1b63f4

SHA1
3d9f56d2381b8fe16042aa7c4feb1b33f2baebff

SHA256
519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e

SHA512
e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

Download Submit
C:\Users\Admin\Downloads\msg\m_portuguese.wnry
Filesize
37KB

MD5
fa948f7d8dfb21ceddd6794f2d56b44f

SHA1
ca915fbe020caa88dd776d89632d7866f660fc7a

SHA256
bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66

SHA512
0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

Download Submit
C:\Users\Admin\Downloads\msg\m_romanian.wnry
Filesize
50KB

MD5
313e0ececd24f4fa1504118a11bc7986

SHA1
e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d

SHA256
70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1

SHA512
c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

Download Submit
C:\Users\Admin\Downloads\msg\m_russian.wnry
Filesize
46KB

MD5
452615db2336d60af7e2057481e4cab5

SHA1
442e31f6556b3d7de6eb85fbac3d2957b7f5eac6

SHA256
02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078

SHA512
7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

Download Submit
C:\Users\Admin\Downloads\msg\m_slovak.wnry
Filesize
40KB

MD5
c911aba4ab1da6c28cf86338ab2ab6cc

SHA1
fee0fd58b8efe76077620d8abc7500dbfef7c5b0

SHA256
e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729

SHA512
3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

Download Submit
C:\Users\Admin\Downloads\msg\m_spanish.wnry
Filesize
36KB

MD5
8d61648d34cba8ae9d1e2a219019add1

SHA1
2091e42fc17a0cc2f235650f7aad87abf8ba22c2

SHA256
72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1

SHA512
68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

Download Submit
C:\Users\Admin\Downloads\msg\m_swedish.wnry
Filesize
37KB

MD5
c7a19984eb9f37198652eaf2fd1ee25c

SHA1
06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae

SHA256
146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4

SHA512
43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020

Download Submit
C:\Users\Admin\Downloads\msg\m_turkish.wnry
Filesize
41KB

MD5
531ba6b1a5460fc9446946f91cc8c94b

SHA1
cc56978681bd546fd82d87926b5d9905c92a5803

SHA256
6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415

SHA512
ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9

Download Submit
C:\Users\Admin\Downloads\t.wnry
Filesize
64KB

MD5
5dcaac857e695a65f5c3ef1441a73a8f

SHA1
7b10aaeee05e7a1efb43d9f837e9356ad55c07dd

SHA256
97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6

SHA512
06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

Download Submit
\??\pipe\LOCAL\crashpad_4152_PNTCEVJMMYNNUFEN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1424-2447-0x0000000073A90000-0x0000000073B07000-memory.dmp

Filesize
476KB

Download
memory/1424-2468-0x0000000073B10000-0x0000000073D2C000-memory.dmp

Filesize
2.1MB

Download
memory/1424-2445-0x0000000073D30000-0x0000000073DB2000-memory.dmp

Filesize
520KB

Download
memory/1424-2446-0x0000000073B10000-0x0000000073D2C000-memory.dmp

Filesize
2.1MB

Download
memory/1424-2441-0x0000000000D60000-0x000000000105E000-memory.dmp

Filesize
3.0MB

Download
memory/1424-2444-0x0000000073DC0000-0x0000000073DE2000-memory.dmp

Filesize
136KB

Download
memory/1424-2443-0x0000000073DF0000-0x0000000073E0C000-memory.dmp

Filesize
112KB

Download
memory/1424-2442-0x0000000073E10000-0x0000000073E92000-memory.dmp

Filesize
520KB

Download
memory/1424-2463-0x0000000000D60000-0x000000000105E000-memory.dmp

Filesize
3.0MB

Download
memory/1424-2386-0x0000000073D30000-0x0000000073DB2000-memory.dmp

Filesize
520KB

Download
memory/1424-2384-0x0000000073E10000-0x0000000073E92000-memory.dmp

Filesize
520KB

Download
memory/1424-2385-0x0000000073B10000-0x0000000073D2C000-memory.dmp

Filesize
2.1MB

Download
memory/1424-2387-0x0000000073DC0000-0x0000000073DE2000-memory.dmp

Filesize
136KB

Download
memory/1424-2497-0x0000000000D60000-0x000000000105E000-memory.dmp

Filesize
3.0MB

Download
memory/1424-2502-0x0000000073B10000-0x0000000073D2C000-memory.dmp

Filesize
2.1MB

Download
memory/1424-2505-0x0000000000D60000-0x000000000105E000-memory.dmp

Filesize
3.0MB

Download
memory/1424-2510-0x0000000073B10000-0x0000000073D2C000-memory.dmp

Filesize
2.1MB

Download
memory/1424-2388-0x0000000000D60000-0x000000000105E000-memory.dmp

Filesize
3.0MB

Download
memory/4440-913-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download