Overview

overview

10

Static

static

1

URLScan

urlscan

1

http://google.com

windows11-21h2-x64

10

Analysis

  • max time kernel
    1000s
  • max time network
    1002s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16-07-2024 15:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://google.com

Score
10/10
wannacrybootkitdefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealerworm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\!Please Read Me!.txt

Family

wannacry

Ransom Note
Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1 Next, please find the decrypt software on your desktop, an executable file named "!WannaDecryptor!.exe". If it does not exsit, download the software from the address below. (You may need to disable your antivirus for a while.) rar password: wcry123 Run and follow the instructions! �
Wallets

15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1

Signatures

  • Wannacry

    WannaCry is a ransomware cryptoworm.

    ransomwarewormwannacry
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Downloads MZ/PE file
  • Drops file in Drivers directory 4 IoCs
  • Drops startup file 2 IoCs
  • Executes dropped EXE 17 IoCs
  • Loads dropped DLL 20 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 40 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 4 IoCs
    evasion
  • Modifies registry class 2 IoCs
  • NTFS ADS 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 49 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffcc093cb8,0x7fffcc093cc8,0x7fffcc093cd8
      2⤵
        PID:3724
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
        2⤵
          PID:3920
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3104
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
          2⤵
            PID:1424
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
            2⤵
              PID:4192
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
              2⤵
                PID:4832
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
                2⤵
                  PID:4260
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1852
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:980
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
                  2⤵
                    PID:3180
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
                    2⤵
                      PID:2780
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5464 /prefetch:8
                      2⤵
                        PID:4632
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5344 /prefetch:8
                        2⤵
                        • Modifies registry class
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1828
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
                        2⤵
                          PID:2480
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
                          2⤵
                            PID:3172
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
                            2⤵
                              PID:328
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
                              2⤵
                                PID:1556
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
                                2⤵
                                  PID:408
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
                                  2⤵
                                    PID:2932
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
                                    2⤵
                                      PID:2256
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
                                      2⤵
                                        PID:1028
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6608 /prefetch:8
                                        2⤵
                                          PID:4356
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
                                          2⤵
                                          • NTFS ADS
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:628
                                        • C:\Users\Admin\Downloads\WinNuke.98.exe
                                          "C:\Users\Admin\Downloads\WinNuke.98.exe"
                                          2⤵
                                          • Executes dropped EXE
                                          PID:4752
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6204 /prefetch:8
                                          2⤵
                                            PID:3852
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
                                            2⤵
                                              PID:3656
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
                                              2⤵
                                                PID:1180
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
                                                2⤵
                                                  PID:624
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7036 /prefetch:8
                                                  2⤵
                                                    PID:1308
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6676 /prefetch:8
                                                    2⤵
                                                      PID:304
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6940 /prefetch:8
                                                      2⤵
                                                      • NTFS ADS
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:4952
                                                    • C:\Users\Admin\Downloads\Gnil.exe
                                                      "C:\Users\Admin\Downloads\Gnil.exe"
                                                      2⤵
                                                      • Drops file in Drivers directory
                                                      • Executes dropped EXE
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:756
                                                      • C:\Windows\SysWOW64\drivers\spoclsv.exe
                                                        C:\Windows\system32\drivers\spoclsv.exe
                                                        3⤵
                                                        • Executes dropped EXE
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:3512
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7316 /prefetch:1
                                                      2⤵
                                                        PID:3316
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1664 /prefetch:8
                                                        2⤵
                                                          PID:3760
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6944 /prefetch:8
                                                          2⤵
                                                          • NTFS ADS
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:4924
                                                        • C:\Users\Admin\Downloads\Mabezat.exe
                                                          "C:\Users\Admin\Downloads\Mabezat.exe"
                                                          2⤵
                                                          • Executes dropped EXE
                                                          PID:3320
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
                                                          2⤵
                                                            PID:1200
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
                                                            2⤵
                                                              PID:4892
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7056 /prefetch:8
                                                              2⤵
                                                                PID:3516
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7108 /prefetch:2
                                                                2⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:5092
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
                                                                2⤵
                                                                  PID:4316
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6752 /prefetch:8
                                                                  2⤵
                                                                    PID:2868
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
                                                                    2⤵
                                                                      PID:2780
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7444 /prefetch:8
                                                                      2⤵
                                                                      • NTFS ADS
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:4948
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 /prefetch:8
                                                                      2⤵
                                                                      • NTFS ADS
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:3768
                                                                    • C:\Users\Admin\Downloads\xpajB.exe
                                                                      "C:\Users\Admin\Downloads\xpajB.exe"
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • Enumerates connected drives
                                                                      • Drops file in Program Files directory
                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                      PID:2448
                                                                    • C:\Users\Admin\Downloads\xpaj.exe
                                                                      "C:\Users\Admin\Downloads\xpaj.exe"
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • Enumerates connected drives
                                                                      • Writes to the Master Boot Record (MBR)
                                                                      • Drops file in Program Files directory
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:1348
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • Loads dropped DLL
                                                                      PID:3560
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7356 /prefetch:8
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • Loads dropped DLL
                                                                      • NTFS ADS
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:3140
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • Loads dropped DLL
                                                                      PID:3308
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1052 /prefetch:8
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • Loads dropped DLL
                                                                      PID:5108
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3732 /prefetch:8
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • Loads dropped DLL
                                                                      • NTFS ADS
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:3736
                                                                    • C:\Users\Admin\Downloads\WannaCry.exe
                                                                      "C:\Users\Admin\Downloads\WannaCry.exe"
                                                                      2⤵
                                                                      • Drops startup file
                                                                      • Executes dropped EXE
                                                                      • Adds Run key to start application
                                                                      PID:4156
                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                        C:\Windows\system32\cmd.exe /c 231451721144163.bat
                                                                        3⤵
                                                                          PID:3528
                                                                          • C:\Windows\SysWOW64\cscript.exe
                                                                            cscript //nologo c.vbs
                                                                            4⤵
                                                                              PID:3068
                                                                          • C:\Users\Admin\Downloads\!WannaDecryptor!.exe
                                                                            !WannaDecryptor!.exe f
                                                                            3⤵
                                                                            • Executes dropped EXE
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:2492
                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                            taskkill /f /im MSExchange*
                                                                            3⤵
                                                                            • Kills process with taskkill
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:1376
                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                            taskkill /f /im Microsoft.Exchange.*
                                                                            3⤵
                                                                            • Kills process with taskkill
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:732
                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                            taskkill /f /im sqlserver.exe
                                                                            3⤵
                                                                            • Kills process with taskkill
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:4768
                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                            taskkill /f /im sqlwriter.exe
                                                                            3⤵
                                                                            • Kills process with taskkill
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:1088
                                                                          • C:\Users\Admin\Downloads\!WannaDecryptor!.exe
                                                                            !WannaDecryptor!.exe c
                                                                            3⤵
                                                                            • Executes dropped EXE
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:644
                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                            cmd.exe /c start /b !WannaDecryptor!.exe v
                                                                            3⤵
                                                                              PID:1124
                                                                              • C:\Users\Admin\Downloads\!WannaDecryptor!.exe
                                                                                !WannaDecryptor!.exe v
                                                                                4⤵
                                                                                • Executes dropped EXE
                                                                                • Suspicious use of SetWindowsHookEx
                                                                                PID:2220
                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                  cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
                                                                                  5⤵
                                                                                    PID:4100
                                                                                    • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                      wmic shadowcopy delete
                                                                                      6⤵
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      PID:4116
                                                                              • C:\Users\Admin\Downloads\!WannaDecryptor!.exe
                                                                                !WannaDecryptor!.exe
                                                                                3⤵
                                                                                • Executes dropped EXE
                                                                                • Sets desktop wallpaper using registry
                                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                                • Suspicious use of SetWindowsHookEx
                                                                                PID:5020
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,1924432373488030588,36804178383273503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
                                                                              2⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              PID:1360
                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                            1⤵
                                                                              PID:1080
                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                              1⤵
                                                                                PID:1516
                                                                              • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                                                "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                                                1⤵
                                                                                • Modifies registry class
                                                                                • Suspicious use of SetWindowsHookEx
                                                                                PID:1644
                                                                              • C:\Windows\system32\vssvc.exe
                                                                                C:\Windows\system32\vssvc.exe
                                                                                1⤵
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                PID:1744
                                                                              • C:\Windows\SysWOW64\DllHost.exe
                                                                                C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                                                1⤵
                                                                                  PID:1844
                                                                                • C:\Windows\system32\rundll32.exe
                                                                                  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,
                                                                                  1⤵
                                                                                    PID:3708
                                                                                  • C:\Windows\System32\rundll32.exe
                                                                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                    1⤵
                                                                                      PID:1904
                                                                                    • C:\Windows\system32\NOTEPAD.EXE
                                                                                      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\!Please Read Me!.txt
                                                                                      1⤵
                                                                                        PID:3492
                                                                                      • C:\Windows\system32\NOTEPAD.EXE
                                                                                        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\!Please Read Me!.txt
                                                                                        1⤵
                                                                                          PID:4856

                                                                                        Network

                                                                                        MITRE ATT&CK Enterprise v15

                                                                                        Reconnaissance

                                                                                        Resource Development

                                                                                        Initial Access

                                                                                        Execution

                                                                                        Windows Management Instrumentation

                                                                                        1
                                                                                        T1047

                                                                                        Persistence

                                                                                        Boot or Logon Autostart Execution

                                                                                        1
                                                                                        T1547

                                                                                        Registry Run Keys / Startup Folder

                                                                                        1
                                                                                        T1547.001

                                                                                        Pre-OS Boot

                                                                                        1
                                                                                        T1542

                                                                                        Bootkit

                                                                                        1
                                                                                        T1542.003

                                                                                        Privilege Escalation

                                                                                        Boot or Logon Autostart Execution

                                                                                        1
                                                                                        T1547

                                                                                        Registry Run Keys / Startup Folder

                                                                                        1
                                                                                        T1547.001

                                                                                        Defense Evasion

                                                                                        Indicator Removal

                                                                                        1
                                                                                        T1070

                                                                                        File Deletion

                                                                                        1
                                                                                        T1070.004

                                                                                        Modify Registry

                                                                                        2
                                                                                        T1112

                                                                                        Pre-OS Boot

                                                                                        1
                                                                                        T1542

                                                                                        Bootkit

                                                                                        1
                                                                                        T1542.003

                                                                                        Credential Access

                                                                                        Unsecured Credentials

                                                                                        1
                                                                                        T1552

                                                                                        Credentials In Files

                                                                                        1
                                                                                        T1552.001

                                                                                        Discovery

                                                                                        Peripheral Device Discovery

                                                                                        1
                                                                                        T1120

                                                                                        Query Registry

                                                                                        3
                                                                                        T1012

                                                                                        System Information Discovery

                                                                                        3
                                                                                        T1082

                                                                                        Lateral Movement

                                                                                        Collection

                                                                                        Data from Local System

                                                                                        1
                                                                                        T1005

                                                                                        Command and Control

                                                                                        Web Service

                                                                                        1
                                                                                        T1102

                                                                                        Exfiltration

                                                                                        Impact

                                                                                        Defacement

                                                                                        1
                                                                                        T1491

                                                                                        Inhibit System Recovery

                                                                                        1
                                                                                        T1490

                                                                                        Replay Monitor

                                                                                        Loading Replay Monitor...

                                                                                        Downloads

                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\msedge_elf.dll
                                                                                          Filesize

                                                                                          1.2MB

                                                                                          MD5

                                                                                          91536db5336c0ce4bbb425975d8eb769

                                                                                          SHA1

                                                                                          f6558c8e372e9e3e540e215af954aef10a8d80db

                                                                                          SHA256

                                                                                          fd041eec63e66e87ed7a7e77a06256f0f6f50201431ad916603e1f7d48c62a6e

                                                                                          SHA512

                                                                                          31f587666e6a01191fad7180f1262ac55993dd213d91e8fcd0c9fef4712df55808c4f5a10ed62494ed5018b5d0d5ae9dfc0bd02e4333810a42fe6507b937a44a

                                                                                          Download Submit

                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          Filesize

                                                                                          3.2MB

                                                                                          MD5

                                                                                          7faa5ffa86c7629b995db9db9de5840e

                                                                                          SHA1

                                                                                          a5b83fe6745288cb6fa18450b3f9ad918fe90970

                                                                                          SHA256

                                                                                          ddda6f7397e8ebe11981b6ba137af2d99a72fe3ac1b14afee00737eca6738ed3

                                                                                          SHA512

                                                                                          7aa8e32117951be916c8f829f1f7ebae999292edf45abd4dc8ffab5a21a87ffdc956246b1c2aa62ece63fc39ef9eb7ee0d51fc1a797d0f5051ce0b9216e2633c

                                                                                          Download Submit

                                                                                        • C:\Recovery\WindowsRE\!WannaDecryptor!.exe.lnk
                                                                                          Filesize

                                                                                          590B

                                                                                          MD5

                                                                                          0ea6035008524c76fd26faf33573c543

                                                                                          SHA1

                                                                                          91bd80777494caee34546ae498e4ac46856dc633

                                                                                          SHA256

                                                                                          7a5b86f4997fb7742028f4017c7a009b8e8eaa234373921e212782f6736cf342

                                                                                          SHA512

                                                                                          d9de3f8d233141395d792473f88863f03b87897a820e0b1f5fb06ab11b1cf7536b2897d707d5a7d14a166fcf0c814c5715042eb8b0afa5c2d329153a562c6692

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                          Filesize

                                                                                          152B

                                                                                          MD5

                                                                                          f1d33f465a73554cd1c183cbcd0a28a2

                                                                                          SHA1

                                                                                          f5c16fc4edff600cb307f762d950500aa29a1e8b

                                                                                          SHA256

                                                                                          22d8c228cdcfd3e05431d7377748014035a3488ad3a0d4aecc334e724245a1f9

                                                                                          SHA512

                                                                                          7cc94f77f3943143ee86eabbfddcb110ce52c6ff0975842e3a3d06072f51f2c48914ee61f24484a539888ad19a7e6a1becfb029485cd5984bc736434a63cee95

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                          Filesize

                                                                                          152B

                                                                                          MD5

                                                                                          575466f58c7d9d3224035d23f102d140

                                                                                          SHA1

                                                                                          2fce4082fa83534b3ddc91e42fb242baee4afa1c

                                                                                          SHA256

                                                                                          9da0e657652daa1ef86af7c3db62b0af9cce372a5f765c98c68479922ccf1923

                                                                                          SHA512

                                                                                          06503e718fe967076dd8a061b57debdc663b9616b005f8567099a84fc7184880633079335d622c243918efc3356b40e683708fb0583084abeed7db6168a212ab

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
                                                                                          Filesize

                                                                                          211KB

                                                                                          MD5

                                                                                          151fb811968eaf8efb840908b89dc9d4

                                                                                          SHA1

                                                                                          7ec811009fd9b0e6d92d12d78b002275f2f1bee1

                                                                                          SHA256

                                                                                          043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

                                                                                          SHA512

                                                                                          83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                                          Filesize

                                                                                          62KB

                                                                                          MD5

                                                                                          c3c0eb5e044497577bec91b5970f6d30

                                                                                          SHA1

                                                                                          d833f81cf21f68d43ba64a6c28892945adc317a6

                                                                                          SHA256

                                                                                          eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

                                                                                          SHA512

                                                                                          83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                                                                          Filesize

                                                                                          41KB

                                                                                          MD5

                                                                                          9d3881d3c9400536a0b3d78c867ab8be

                                                                                          SHA1

                                                                                          8544210a4e0bb56e91b98a7615e0144432fa4a06

                                                                                          SHA256

                                                                                          147e0558bde7300e6fadc9284009077a4cd6794ef77d909e502510b23e69f7bc

                                                                                          SHA512

                                                                                          2c5a1665e3c3c459b9917944009b1c9027912e7876618cf584eaf9e72040494cc547aa232c925032e7d9a461e95590d1c2cce9f8b1560fcfb714bd69f731b5c9

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
                                                                                          Filesize

                                                                                          19KB

                                                                                          MD5

                                                                                          76a3f1e9a452564e0f8dce6c0ee111e8

                                                                                          SHA1

                                                                                          11c3d925cbc1a52d53584fd8606f8f713aa59114

                                                                                          SHA256

                                                                                          381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

                                                                                          SHA512

                                                                                          a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
                                                                                          Filesize

                                                                                          65KB

                                                                                          MD5

                                                                                          56d57bc655526551f217536f19195495

                                                                                          SHA1

                                                                                          28b430886d1220855a805d78dc5d6414aeee6995

                                                                                          SHA256

                                                                                          f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

                                                                                          SHA512

                                                                                          7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
                                                                                          Filesize

                                                                                          67KB

                                                                                          MD5

                                                                                          9e3f75f0eac6a6d237054f7b98301754

                                                                                          SHA1

                                                                                          80a6cb454163c3c11449e3988ad04d6ad6d2b432

                                                                                          SHA256

                                                                                          33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf

                                                                                          SHA512

                                                                                          5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
                                                                                          Filesize

                                                                                          88KB

                                                                                          MD5

                                                                                          b38fbbd0b5c8e8b4452b33d6f85df7dc

                                                                                          SHA1

                                                                                          386ba241790252df01a6a028b3238de2f995a559

                                                                                          SHA256

                                                                                          b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

                                                                                          SHA512

                                                                                          546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
                                                                                          Filesize

                                                                                          1.2MB

                                                                                          MD5

                                                                                          c71e53854f68266b9b7f2151cfcc5c32

                                                                                          SHA1

                                                                                          356fa2aa7d9a8c7585d846fadde297d33166ecd6

                                                                                          SHA256

                                                                                          ba4913f000f60e3762611198396ef0bf07204cb4381a74d83328e6369eaf39b5

                                                                                          SHA512

                                                                                          d261f7efb5490d0e9e11517d1e96d8d090bb0a64584565afe335ab9becb54f399e5eea088156c999004b771f4cabaa107256822bc1c4085194a35744d7915270

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                          Filesize

                                                                                          4KB

                                                                                          MD5

                                                                                          5ae9ceb64f4d1785a68850e742e00f94

                                                                                          SHA1

                                                                                          577542b2abb773f13ded7617f3ffd09903589bb5

                                                                                          SHA256

                                                                                          97a161279eea7cb1298a0964146c46c7e517c7450a047822572f4cfce2b85251

                                                                                          SHA512

                                                                                          6c7ee9934cc20a75724efc9282c146ffd5d9b6244d2e86f131ccdf2b525f383df096f61e1fe03c97097386f3d4b9165981f4d88861e2827b8b2b4a335ddcb3b1

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                          Filesize

                                                                                          4KB

                                                                                          MD5

                                                                                          05ac5d73e4cba8e5d8e7e25efd4e0e1b

                                                                                          SHA1

                                                                                          ad7a9f6a2b0aaf8e6055aab9d0f31fb6870a351e

                                                                                          SHA256

                                                                                          02ea1c48f8b20c30082b363bb44b3e4c23324fba04ecac9c62c2eacce2a2f040

                                                                                          SHA512

                                                                                          2f63875771802fa85f1444cd1d675baf031e6095fb9606df777f4267183c1965deecb7cc428a5cf3301b82af9d6d7fe1d853bdc86f87ec982878e302b148eb70

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                          Filesize

                                                                                          4KB

                                                                                          MD5

                                                                                          cbb03b5b8f197810c2a79118543c2bdf

                                                                                          SHA1

                                                                                          7819b497af941712a3289f8ee36923f9df56be7c

                                                                                          SHA256

                                                                                          2c1850829c23d8c87e81cf2cbae9250f41e7caf5d43aeb26593de7e1c4b4b9b4

                                                                                          SHA512

                                                                                          ee7e630a8581ed9658c283adc05ce129433b4132abbe858435530f175b465b682a776f881c1af30f726542f3968d777e2ccf329dc143d3000a9715ec5fe06444

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                          Filesize

                                                                                          4KB

                                                                                          MD5

                                                                                          0232bdc77551ad78713338407c243ea3

                                                                                          SHA1

                                                                                          e969e7145832c1c40f37a4c1edb939e913db9ea9

                                                                                          SHA256

                                                                                          78ee088cccd3c52b0126b2d5acead2ca665155062f8f18a1697a837cdb819959

                                                                                          SHA512

                                                                                          4f884b58c1d17dd48881251f7e1b5c46ec6729d2933c951ac2e7eaeb3788c91136f5ccef828df325118b2ca0a0b2f2b6cd9cd56af812d4b501b243594627ae07

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          609851ad73094e76e1e165aeabd185c5

                                                                                          SHA1

                                                                                          59d021bc8380678d9ef0425cf8a7ae2759c53ce5

                                                                                          SHA256

                                                                                          31f049f33c86d6e3b0990f4e4f04744d17db3b32bdc8f3b59d2bbe31b652e07a

                                                                                          SHA512

                                                                                          92b9a71c65956d704622183cc93f459c4ea47881a23e29d93f158865b5a3efe827c73d332630ad72f30eeaa47e22a574b73ac44d2b5a1e00d04983044e373c89

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          168f6c354948dd062fba0fc9585da64e

                                                                                          SHA1

                                                                                          2dae4ef352ee2c7c4955b59a79b26a090f2ba110

                                                                                          SHA256

                                                                                          2da5af4333aa66ecc2d41588ff75b0f23198550b5cfea331e4858f0365dc2d4b

                                                                                          SHA512

                                                                                          d5c8ee766b2ca89dd6c6ca95b5e1f27a1f56dcc305b1696a3faf0eb88ae52d606e61757a9d406b4d0a7a6f2c8ceb602a7332e56194237b9dcc288c743d703deb

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                          Filesize

                                                                                          5KB

                                                                                          MD5

                                                                                          5ab2cd865709dd63f3ff9adeed30e674

                                                                                          SHA1

                                                                                          f674faf7cafdc396a0b65c22738356a39fd03e7b

                                                                                          SHA256

                                                                                          9e16e20b8d46154996df5502bb6972ddfbaa50252a54f6e1a70af6b07b01ee0e

                                                                                          SHA512

                                                                                          e6c8fec0069132fc4bb03c8bfb7f090f91e3db7d9c994a0a33653b292a21f11401965205caafa22747993a8c941e725535b2c4ae55516b90929661db83358c49

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                          Filesize

                                                                                          7KB

                                                                                          MD5

                                                                                          73e626659c95221be97254e583a0d9ff

                                                                                          SHA1

                                                                                          27d6f38d4ffa902778003ba74d41f996f3c8c1c4

                                                                                          SHA256

                                                                                          caa03d51d4ce3c823a5d3c39cd762ae11af51473562c0f24b4cf40c0b65fe8e9

                                                                                          SHA512

                                                                                          0f56c06d802915434b3338bf3c08812c2897402f618f17ab4efd6024b76accc396585f6c50b7d3e07260dbc55a94ed53a01f30c50a18b6c0309b27ed39a71cda

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                          Filesize

                                                                                          7KB

                                                                                          MD5

                                                                                          861df7d1dd35ea2031bfd660a2790044

                                                                                          SHA1

                                                                                          e53efda102282ab8e7f42721b95a0095f7e91600

                                                                                          SHA256

                                                                                          574c14d859ffec36908d283f2055008c6f108453c5fd69587471568329e3f80b

                                                                                          SHA512

                                                                                          2249c72fe7b9eba280113457fff5dbb1e3e4fe7154f7ca2f0ef611633810bd01949949cce2443cf5783a19ffe30baed2566cd53bfee33656c7619234e956a844

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                          Filesize

                                                                                          6KB

                                                                                          MD5

                                                                                          bf0bd1911cdc8a6272b4fe79b386f8e4

                                                                                          SHA1

                                                                                          ceb72e39c5cd1d8ff7d6f984ea4b3972b04d183e

                                                                                          SHA256

                                                                                          420baa6cd70e8760482eb5ae30e77ca4ce0b35a57ed66117f56fee4497e2d1b2

                                                                                          SHA512

                                                                                          d652349fe88afe12a525c63ea6ead73deb33ad2b64ed93a5ced4d4357cf65d6b38f120fb5b9f66ec382d18d52581cd8344a3242e07fbb9f4b2a3861cc3049eee

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                          Filesize

                                                                                          6KB

                                                                                          MD5

                                                                                          4656b8c7327b549d397d31c56ed4dea8

                                                                                          SHA1

                                                                                          a6dfa589092e693b60ce5f68794a5d96d7fa2205

                                                                                          SHA256

                                                                                          a217539dbad61d8174c3331dc4917c360c06f6806a8ee396dbe9cb87eed92b62

                                                                                          SHA512

                                                                                          2bd0b69d7add014d3b3d0bf5601a9310eab146776b695022c3b143fac4e34704f72394faada571c2232fa6061328c6e11154c772b102f77b0796389a474511b3

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                          Filesize

                                                                                          7KB

                                                                                          MD5

                                                                                          4a134a8132e2a3e542b85d535fe04f24

                                                                                          SHA1

                                                                                          1f2a7ed4146d452de7f1d146b9a2613bf8a3e4dc

                                                                                          SHA256

                                                                                          33dec6735aeba23547ecb1bd1b608194aca9ae9c582f345d2c1e2ab354b54f38

                                                                                          SHA512

                                                                                          47d397ff4b4ba9c962800ff58487e1223945c9d7fd4fc7eb2d742cc3fc617f2153251facb58a36e7634480c6f16b3265fd7838301481589626a286da89c3135b

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                          Filesize

                                                                                          7KB

                                                                                          MD5

                                                                                          fae134525c466e1b519cf3869d83e920

                                                                                          SHA1

                                                                                          fa73b7097c74549e0ceafc053866132f3b6990d8

                                                                                          SHA256

                                                                                          a3c872178e031eac4926dd33330565f66fa91f86ce62b82a72cae6be8dd97c0f

                                                                                          SHA512

                                                                                          c81a074a2b233b40d7dbe703d74c20b4f3594c7aebc27c6d2e8dcb6f8006433240f31e3de968c8a7067ce7c2d95667ebf65ce3a6f94615060a26fd29b8575e64

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          48c66dbdc485d62238f9ea271a24bbeb

                                                                                          SHA1

                                                                                          148a64c8715237a3e0ee6c6900cc5474ed2c37d5

                                                                                          SHA256

                                                                                          d79074b44c9d30bd71bc7542976c5e410f60de39527e7d10206409cdb764d4ce

                                                                                          SHA512

                                                                                          0bde31b011629c10f3daeea48a54d85258dcb123a5690dba6a51a6a3ffa358854def973f5f23a2a8517710ca1ab2807628d7ab6e29accda194adad1b12ce49cc

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          3c28cd5f6eedbc43b3c2f16e1cafd15f

                                                                                          SHA1

                                                                                          05fc493f9aa05595ddef95ef93251eaf6e42179f

                                                                                          SHA256

                                                                                          d375a78f685a1fd247f3940b1e66f11f97c5173a6a9bfcf1515e566e97a07f1d

                                                                                          SHA512

                                                                                          43fab8569ccb4c04c054dbef0eab8774aa01e8eb228b5e19ae2faffa87b7c64a024404d6fba82227661b17dfef7838607841c050619f6ad028c47f7ab62bbd54

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          2442e4f13090958db0cbf025345e88e6

                                                                                          SHA1

                                                                                          7dfcb61333eaa8396d0b9c11969e01d1f18df9a6

                                                                                          SHA256

                                                                                          7792f37a17a9beba7a227139733de2cb586d8c2ce27dcf2f3800f6720db49777

                                                                                          SHA512

                                                                                          b6c72f1c303d327b95dd7d4bec08108edfa9a45b292e4ded5d45495d38c5cb84c5396647e788fc6ca642c9e34db345f40cb87d4b8d11ff18036311abd4b7499b

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          f64fa7d96e52e3ddba34cb24c8ba3948

                                                                                          SHA1

                                                                                          aa1fa37d0c5f77cf4375e6cda1815140bcd8a872

                                                                                          SHA256

                                                                                          5dcd41ee91e3c436047cb236ecc1c2f873db0c6f4c695f1659360b341269359e

                                                                                          SHA512

                                                                                          6d1adcb69edff7d43127ef14f417e59e4ae415e5b0f5169a6177c09222b002cb6d97b86ff9c0a1bc67a48640b091eb2235765ff8e666d81e536e26b05c0b076c

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          f35ec0650b1ff829629a140f6bf8b4f9

                                                                                          SHA1

                                                                                          d69456389464854740559c423546d01017ada272

                                                                                          SHA256

                                                                                          d2e805d6de094477c0d3a78422b791023d40c2d4187d62401a93bd814031c119

                                                                                          SHA512

                                                                                          565b9e9df44deb5ccd0295bca07ac3706a576a47b6c5671eae8f878596fa9c8642ffa7c8ac51433ae7e409e2b471084065735a13f09f5aea04552d55a108b20c

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          d4da534038e65d678b460901392faf6d

                                                                                          SHA1

                                                                                          7af4ad4b05dfe39ea5873fc1d846b4a733d81918

                                                                                          SHA256

                                                                                          34fbd0f3d2993e37b65baec68dcb41977f46bb76e792e8a402a9afa7ea8389e8

                                                                                          SHA512

                                                                                          a2a73e7d1dcccd27daf11d730ee86c1b7e4f7672aea37905d0c09761a1dc8b035ea020ae1c1a587c46e609639918ae33018145402a93bbbedb7f30f9878e3d16

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          e0328bb9caf580ce2fc119c53f2c2cb9

                                                                                          SHA1

                                                                                          13e0d854286aa70136b971c2efeacfad11803afa

                                                                                          SHA256

                                                                                          811b73bc5613d450ef509899216a9d95ee32cd63dacf4ad39ad39a6cc3580536

                                                                                          SHA512

                                                                                          c93cf1fc62284eeb47f0357db7f33ca63e7537cad79187ac8de546f8e3e8be648575f4800973253027c3ccc91a5711713bc069d5b79787c4e250239644674a7b

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          fecff3eb1b73a0e33a2fce2181ab46d2

                                                                                          SHA1

                                                                                          932d4bb165d15f6bca97f1e393b0e543b96d6dc0

                                                                                          SHA256

                                                                                          9f714d51d64bf61223fc2742a797039f8916fc770d9acbf787e0aa40f76dcf19

                                                                                          SHA512

                                                                                          874f110d3279ef5ed644b4fd688dff4934fb1883e90e9233e5bc3cd43eeb51058ce4197e9993635596c7a7b034d5b437804e6f4ffd200f1a828d18c558870efd

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          35ae6d56b04d339a6ae89e19bf83328b

                                                                                          SHA1

                                                                                          910af5d644eba1f54cf44f8e6a067798874c4ec1

                                                                                          SHA256

                                                                                          70dcfbec6d2c8a50028147699bd670ba7e19b6d80c99ae83360956fc93347815

                                                                                          SHA512

                                                                                          a58d02137c1186e5a90641a6364e922fcf1f7c9dd4d23a1bd4f8da512b05be8a432a1f9d78922dc935405a759a742502ea9fa3e4545c600c4094deb50cb7ba97

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          1bc37bef6ab2fbeacd0dfc2e8ab64e06

                                                                                          SHA1

                                                                                          2b2500876ebb9236cf4382533f89ca3f009879c5

                                                                                          SHA256

                                                                                          e0916cb2042cbe3df8945105b11a5cdf02771b1d2916c89a181018a32de9a51c

                                                                                          SHA512

                                                                                          72a05f89e4c6b4cb4e66e4bcae8ea04a1ef5b47001fcd2ad14be582786bdbf29252fc33fae3e57e92f9d5833c8595be339ee70eb05f269a3c18f852a750fb0cb

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          c28768174a70e9606319dc308ed00a05

                                                                                          SHA1

                                                                                          ab00ebda1124c81a146cc5d0f74e93e6a9bad35f

                                                                                          SHA256

                                                                                          b0a373f219dbc9d3a627e3b2c00e725d7012af7c6de42bd4803efa8ef335285d

                                                                                          SHA512

                                                                                          468e7f960ccb1c2ccd1dfb3010290115a219c9371af3290472f329b5b1f2a947e8f0c484d753828fa40a11fc681158bf0ba9dd014431b0e49c22181e90c640c3

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          5e88082b28ff0ec2f6a80295dedbfd3f

                                                                                          SHA1

                                                                                          7bc673ba7e76a68ded32fb58a6f8e521e3ff0938

                                                                                          SHA256

                                                                                          f18e959f0b4bed29a4870774b188414285c1f4c3527fcac7e60273dc2bd9645c

                                                                                          SHA512

                                                                                          524b0cffb347fb49cab16b1d4d4369a1dcb0c4619758619c41d6212af0ba5159cad17f7afb3ceae8db362d23ec8f6caec859a3a6000f7cde0d8c4b3af51ff808

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          4a933c7452703383636637fb653906fc

                                                                                          SHA1

                                                                                          6b1fa857ffa1edb35e26424d871f8fc07b01549d

                                                                                          SHA256

                                                                                          bade3b30ea05a6f5b9eecab4a5da4dcb469c57e856ea5f858341c502f59e0297

                                                                                          SHA512

                                                                                          7e85768bb63cb3c9402cb7a6fe61e5f2051e0d87920cd214b1d679345bd328b9fac2d650fdfebbf3896f17f44347810703e661251b750e2bdc940808e815ce89

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58292e.TMP
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          c585c0d2040442aa47c965cd5a91d315

                                                                                          SHA1

                                                                                          de068e9d811f8b7305b5c73367b9238b9e5d4274

                                                                                          SHA256

                                                                                          2150280b86778c27de45a84f86d4736d4d38f543e2b38fa9d0e773fea06e0407

                                                                                          SHA512

                                                                                          0589412a5068009d2a6b75a7ce808c6412008d746fa462da4cea562340cfd6d8d450bd369ed560d5983f5183ca15809b040a29308dd6616a218e33b7d76d9cfd

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                          Filesize

                                                                                          16B

                                                                                          MD5

                                                                                          46295cac801e5d4857d09837238a6394

                                                                                          SHA1

                                                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                          SHA256

                                                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                          SHA512

                                                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                          Filesize

                                                                                          16B

                                                                                          MD5

                                                                                          206702161f94c5cd39fadd03f4014d98

                                                                                          SHA1

                                                                                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                          SHA256

                                                                                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                          SHA512

                                                                                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          fbd5416be5ccf9011fc7974a981ab551

                                                                                          SHA1

                                                                                          bf7e0c0331d15ed1b1f2a82aaff5eaa1cf0750df

                                                                                          SHA256

                                                                                          202c9c37855fe2999f3176ac92e534eaa7800bf7c5b3ca492c4230fa313c0211

                                                                                          SHA512

                                                                                          aef9920a3d877127ebbad2aa9a6eaccc4530221185b943499e1f3b5ce75c1e242e8e9d8dcc73e2038a8724e2a0525869eddfd6a14e9a1f8c559733dd64dc4c2b

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          ad38a03fa0914625a99e1068bcfd4aea

                                                                                          SHA1

                                                                                          6ba98b1a8f0581ec6c8e2a61cf126ae21f0094e3

                                                                                          SHA256

                                                                                          3fe5af12fa330f9aa2cfa694ababa7df4d77796e4971ab6b1c4a2771bf6ae262

                                                                                          SHA512

                                                                                          50f349855c6f44f7161dae9b40b09315855aaa357a230fbba2efb7239a39682dd0d2af8318eaf317aaf8f89bae416983dc105e2bf7a25c7911c8c77e10d9e42f

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          890a7876e2752aa00d64dc666fb16512

                                                                                          SHA1

                                                                                          3d3dccdabcd9aa5b16b4bfefb42ca63eb39175d6

                                                                                          SHA256

                                                                                          7070125c5cad099f3bb9e5786cbbc6094a2b20afab869789e065b353db1df394

                                                                                          SHA512

                                                                                          2fcb6135c08e3c9033a599b7c81f22bea27b231109666b0ecd265a9c149e09f2fc7f2ab46611c23370bc32da442b8ec65bbbab073cdf825623143e952bb61a16

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          43b31a5ca1be1764f138c29c3aaecb79

                                                                                          SHA1

                                                                                          df12c173c65048a09033bfe40309339f96f92c97

                                                                                          SHA256

                                                                                          096dee7692c3740c8460219fbc16988422f2feda95292371be35abe25a8ccbc2

                                                                                          SHA512

                                                                                          aa629735ae38f642b234441d7c40b5cc8465219ee405865324c78c05935e5df96f95144620b0c0501a3cec95d808ddaa1de559a7d2ef5a5b55f51b1344f6e547

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          a5dc164ff0be63d1fede1e473e74f5e4

                                                                                          SHA1

                                                                                          1d134a0de9400aa0f1e8ae1a03cc0e2abcd1aaf6

                                                                                          SHA256

                                                                                          bc0f368a955e2f074bd5332bd0bd40a9b2067f348540739874d25fb66472e861

                                                                                          SHA512

                                                                                          045375711a0bbcbf3f2343fbd6d75fbb7916fcde50cc3106f36e58cfca8d954ee7c9ebf10584b8bf561d9cd761c1b1159569cd446918b1b1861979889fcaea6c

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          8b2c4eebde4363fe6ead2fbd4e229f02

                                                                                          SHA1

                                                                                          de1347f26d0f2a471c00da9d8d5b7b49b5e01230

                                                                                          SHA256

                                                                                          0978be55c0a8161ccbc3960cb3c0897fcfabd09917ec519efd2fb6b75b7aef1b

                                                                                          SHA512

                                                                                          d79681417b3039f06ffc8cc5305061492ccdb19f481b838681ee6e573f34cbb33e88b69ec7aea7c7aee636201659ec878280a479d7668f029ddd1a0fbe5db63e

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          74cf0175cfa2e8ca4d0420df5c522371

                                                                                          SHA1

                                                                                          39ea7edb2c83074ffb86e20a9d01404272538540

                                                                                          SHA256

                                                                                          89f906c05ff6c8f8eb09373b4d52f5ad9457c3d5750c55575d36f03d4e252c10

                                                                                          SHA512

                                                                                          9f01b2fb4026232021d6c05360d44c1ba24f6d083193e4061d516b2d94540b02ec3db3cec7c359477a2b36458859ccce1ad94bd5f7358bf409a280bfdfc8376e

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          0cf7175bc0650524c4d5b0fb1d0b73d7

                                                                                          SHA1

                                                                                          b287a96df7feb20b3b05f10642acc0e5387cba29

                                                                                          SHA256

                                                                                          f8f71525a3cce8e12922dbc0b4ec3a2b5216c92c3b960b22295ed2178d25b38d

                                                                                          SHA512

                                                                                          4880c0ef1f4f1617872ccc71aff200371306f1c4284b3b8574c44f2d3eae4b46b45c3baab87158a158d9b1629f3061b5ed0dde282c5b741da6c99e5ec7d3453e

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          f14d35e09a6dc5894408e3e4d2b71cdc

                                                                                          SHA1

                                                                                          df29ec121d401c6894fa1abd4ccc73b164b2beff

                                                                                          SHA256

                                                                                          8880a0b04af6e95fed9d68f98585fa976416a373ced4706c535bb37a8820d984

                                                                                          SHA512

                                                                                          e5ec58fc970dafb685f6990b213447e9fb4e40a14c25a79567f619d68be5b05061ef736110026d389c343573e30fe134d0de442b53593af54dd29b3c446d306c

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          41f62efff38a9b0557e99b64771c82f6

                                                                                          SHA1

                                                                                          6645c784761332151ecd67117935a06d54f7e202

                                                                                          SHA256

                                                                                          2caf7f293bf4c39090340fa5b10d3d68b55545fa9af6b2249f9a203b3af2a4c2

                                                                                          SHA512

                                                                                          e567b0aab4d6406d7d7211d82173b2243fb3c37f56a9efa912cf6b8b59e1dde5441ec9ed1a14334f055ed4649afe300ada2309c4d7188c26fb11f75b966ea61a

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SettingsCache.txt
                                                                                          Filesize

                                                                                          846KB

                                                                                          MD5

                                                                                          766f5efd9efca73b6dfd0fb3d648639f

                                                                                          SHA1

                                                                                          71928a29c3affb9715d92542ef4cf3472e7931fe

                                                                                          SHA256

                                                                                          9111e9a5093f97e15510bf3d3dc36fd4a736981215f79540454ce86893993fdc

                                                                                          SHA512

                                                                                          1d4bb423d9cc9037f6974a389ff304e5b9fbd4bfd013a09d4ceeff3fd2a87ad81fe84b2ee880023984978391daf11540f353d391f35a4236b241ccced13a3434

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\!Please Read Me!.txt
                                                                                          Filesize

                                                                                          797B

                                                                                          MD5

                                                                                          afa18cf4aa2660392111763fb93a8c3d

                                                                                          SHA1

                                                                                          c219a3654a5f41ce535a09f2a188a464c3f5baf5

                                                                                          SHA256

                                                                                          227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0

                                                                                          SHA512

                                                                                          4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\Mabezat.exe:Zone.Identifier
                                                                                          Filesize

                                                                                          26B

                                                                                          MD5

                                                                                          fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                          SHA1

                                                                                          d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                          SHA256

                                                                                          eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                          SHA512

                                                                                          aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 340938.crdownload
                                                                                          Filesize

                                                                                          73KB

                                                                                          MD5

                                                                                          37e887b7a048ddb9013c8d2a26d5b740

                                                                                          SHA1

                                                                                          713b4678c05a76dbd22e6f8d738c9ef655e70226

                                                                                          SHA256

                                                                                          24c0638ff7571c7f4df5bcddd50bc478195823e934481fa3ee96eb1d1c4b4a1b

                                                                                          SHA512

                                                                                          99f74eb00c6f6d1cbecb4d88e1056222e236cb85cf2a421243b63cd481939d3c4693e08edde743722d3320c27573fbcc99bf749ff72b857831e4b6667374b8af

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 405020.crdownload
                                                                                          Filesize

                                                                                          219KB

                                                                                          MD5

                                                                                          d5c12fcfeebbe63f74026601cd7f39b2

                                                                                          SHA1

                                                                                          50281de9abb1bec1b6a1f13ccd3ce3493dee8850

                                                                                          SHA256

                                                                                          9db7ef2d1495dba921f3084b05d95e418a16f4c5e8de93738abef2479ad5b0da

                                                                                          SHA512

                                                                                          132d8c08f40a578c1dc6ac029bf2a61535087ce949ff84dbec8577505c4462358a1d9ef6cd3f58078fdcae5261d7a87348a701c28ce2357f17ecc2bc9da15b4e

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 461378.crdownload
                                                                                          Filesize

                                                                                          141KB

                                                                                          MD5

                                                                                          de8d08a3018dfe8fd04ed525d30bb612

                                                                                          SHA1

                                                                                          a65d97c20e777d04fb4f3c465b82e8c456edba24

                                                                                          SHA256

                                                                                          2ae0c4a5f1fedf964e2f8a486bf0ee5d1816aac30c889458a9ac113d13b50ceb

                                                                                          SHA512

                                                                                          cc4bbf71024732addda3a30a511ce33ce41cbed2d507dfc7391e8367ddf9a5c4906a57bf8310e3f6535646f6d365835c7e49b95584d1114faf2738dcb1eb451a

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 461378.crdownload:SmartScreen
                                                                                          Filesize

                                                                                          7B

                                                                                          MD5

                                                                                          4047530ecbc0170039e76fe1657bdb01

                                                                                          SHA1

                                                                                          32db7d5e662ebccdd1d71de285f907e3a1c68ac5

                                                                                          SHA256

                                                                                          82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

                                                                                          SHA512

                                                                                          8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 525862.crdownload
                                                                                          Filesize

                                                                                          32KB

                                                                                          MD5

                                                                                          eb9324121994e5e41f1738b5af8944b1

                                                                                          SHA1

                                                                                          aa63c521b64602fa9c3a73dadd412fdaf181b690

                                                                                          SHA256

                                                                                          2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

                                                                                          SHA512

                                                                                          7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 635859.crdownload
                                                                                          Filesize

                                                                                          520KB

                                                                                          MD5

                                                                                          bd76fc01deed43cd6e368a1f860d44ed

                                                                                          SHA1

                                                                                          a2e241e9af346714e93c0600f160d05c95839768

                                                                                          SHA256

                                                                                          e04c85cd4bffa1f5465ff62c9baf0b29b7b2faddf7362789013fbac8c90268bf

                                                                                          SHA512

                                                                                          d0ebe108f5baf156ecd9e1bf41e23a76b043fcaac78ff5761fdca2740b71241bd827e861ada957891fbc426b3d7baa87d10724765c45e25f25aa7bd6d31ab4ec

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 71461.crdownload
                                                                                          Filesize

                                                                                          4KB

                                                                                          MD5

                                                                                          93ceffafe7bb69ec3f9b4a90908ece46

                                                                                          SHA1

                                                                                          14c85fa8930f8bfbe1f9102a10f4b03d24a16d02

                                                                                          SHA256

                                                                                          b87b48dcbf779b06c6ca6491cd31328cf840578d29a6327b7a44f9043ce1eb07

                                                                                          SHA512

                                                                                          c1cb5f15e2487f42d57ae0fa340e29c677fe24b44c945615ef617d77c2737ce4227d5a571547714973d263ed0a69c8893b6c51e89409261cdbedff612339d144

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 842397.crdownload
                                                                                          Filesize

                                                                                          224KB

                                                                                          MD5

                                                                                          5c7fb0927db37372da25f270708103a2

                                                                                          SHA1

                                                                                          120ed9279d85cbfa56e5b7779ffa7162074f7a29

                                                                                          SHA256

                                                                                          be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

                                                                                          SHA512

                                                                                          a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier
                                                                                          Filesize

                                                                                          55B

                                                                                          MD5

                                                                                          0f98a5550abe0fb880568b1480c96a1c

                                                                                          SHA1

                                                                                          d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                                          SHA256

                                                                                          2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                                          SHA512

                                                                                          dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\u.wry
                                                                                          Filesize

                                                                                          236KB

                                                                                          MD5

                                                                                          cf1416074cd7791ab80a18f9e7e219d9

                                                                                          SHA1

                                                                                          276d2ec82c518d887a8a3608e51c56fa28716ded

                                                                                          SHA256

                                                                                          78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

                                                                                          SHA512

                                                                                          0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

                                                                                          Download Submit

                                                                                        • memory/756-546-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                          Filesize

                                                                                          272KB

                                                                                          Download

                                                                                        • memory/756-538-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                          Filesize

                                                                                          272KB

                                                                                          Download

                                                                                        • memory/1348-920-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                                          Filesize

                                                                                          340KB

                                                                                          Download

                                                                                        • memory/1348-934-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                                          Filesize

                                                                                          340KB

                                                                                          Download

                                                                                        • memory/1348-921-0x0000000002050000-0x0000000002086000-memory.dmp

                                                                                          Filesize

                                                                                          216KB

                                                                                          Download

                                                                                        • memory/2448-990-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-1038-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-2524-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-2616-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-2618-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-916-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-1067-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-2638-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-2641-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-917-0x0000000000650000-0x0000000000652000-memory.dmp

                                                                                          Filesize

                                                                                          8KB

                                                                                          Download

                                                                                        • memory/2448-2644-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-918-0x0000000000510000-0x0000000000534000-memory.dmp

                                                                                          Filesize

                                                                                          144KB

                                                                                          Download

                                                                                        • memory/2448-2648-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-933-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-2651-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-939-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-2654-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-960-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-2658-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-1027-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-2661-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-2562-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-2664-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-2673-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/2448-2669-0x0000000000400000-0x0000000000483000-memory.dmp

                                                                                          Filesize

                                                                                          524KB

                                                                                          Download

                                                                                        • memory/3320-605-0x0000000001000000-0x0000000001026000-memory.dmp

                                                                                          Filesize

                                                                                          152KB

                                                                                          Download

                                                                                        • memory/3512-545-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                          Filesize

                                                                                          272KB

                                                                                          Download

                                                                                        • memory/4156-1088-0x0000000010000000-0x0000000010012000-memory.dmp

                                                                                          Filesize

                                                                                          72KB

                                                                                          Download

                                                                                        • memory/4156-2667-0x0000000000400000-0x0000000000438000-memory.dmp

                                                                                          Filesize

                                                                                          224KB

                                                                                          Download

                                                                                        • memory/5020-2653-0x0000000000400000-0x000000000043C000-memory.dmp

                                                                                          Filesize

                                                                                          240KB

                                                                                          Download

                                                                                        • memory/5020-2657-0x0000000000400000-0x000000000043C000-memory.dmp

                                                                                          Filesize

                                                                                          240KB

                                                                                          Download

                                                                                        • memory/5020-2668-0x0000000000400000-0x000000000043C000-memory.dmp

                                                                                          Filesize

                                                                                          240KB

                                                                                          Download

                                                                                        • memory/5020-2650-0x0000000000400000-0x000000000043C000-memory.dmp

                                                                                          Filesize

                                                                                          240KB

                                                                                          Download

                                                                                        • memory/5020-2646-0x0000000000400000-0x000000000043C000-memory.dmp

                                                                                          Filesize

                                                                                          240KB

                                                                                          Download

                                                                                        • memory/5020-2643-0x0000000000400000-0x000000000043C000-memory.dmp

                                                                                          Filesize

                                                                                          240KB

                                                                                          Download

                                                                                        • memory/5020-2660-0x0000000000400000-0x000000000043C000-memory.dmp

                                                                                          Filesize

                                                                                          240KB

                                                                                          Download

                                                                                        • memory/5020-2663-0x0000000000400000-0x000000000043C000-memory.dmp

                                                                                          Filesize

                                                                                          240KB

                                                                                          Download

                                                                                        • memory/5020-2672-0x0000000000400000-0x000000000043C000-memory.dmp

                                                                                          Filesize

                                                                                          240KB

                                                                                          Download