wannacry | hxxp://samsunglimited[.]top

Analysis

max time kernel
569s
max time network
516s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://samsunglimited.top

Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Downloads MZ/PE file

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD7BA6.tmp	WannaCry.EXE
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD7BAD.tmp	WannaCry.EXE

Executes dropped EXE 23 IoCs

pid	Process
2704	WannaCry.EXE
2168	taskdl.exe
4940	@[email protected]
3068	@[email protected]
4124	taskhsvc.exe
1028	taskdl.exe
4108	taskse.exe
4380	@[email protected]
2688	taskdl.exe
3496	taskse.exe
2852	@[email protected]
3944	taskse.exe
804	@[email protected]
4800	taskdl.exe
940	taskse.exe
1784	@[email protected]
3568	taskdl.exe
1452	taskse.exe
2676	@[email protected]
3896	taskdl.exe
4804	taskse.exe
4292	@[email protected]
2044	taskdl.exe

Loads dropped DLL 7 IoCs

pid	Process
4124	taskhsvc.exe
4124	taskhsvc.exe
4124	taskhsvc.exe
4124	taskhsvc.exe
4124	taskhsvc.exe
4124	taskhsvc.exe
4124	taskhsvc.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1708	icacls.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\jfugzgoryzqa991 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\""	reg.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
99	raw.githubusercontent.com
100	raw.githubusercontent.com
117	raw.githubusercontent.com
171	camo.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	WannaCry.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661789430879390"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1750093773-264148664-1320403265-1000\{90B0127C-310C-4E4C-8720-53C364CB99E9}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000_Classes\Local Settings	msedge.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
4552	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 308175.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 33 IoCs

pid	Process
836	msedge.exe
836	msedge.exe
4852	msedge.exe
4852	msedge.exe
1780	identity_helper.exe
1780	identity_helper.exe
728	msedge.exe
728	msedge.exe
2564	msedge.exe
2564	msedge.exe
4256	msedge.exe
4256	msedge.exe
3632	msedge.exe
3632	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
1668	msedge.exe
1668	msedge.exe
2428	msedge.exe
2428	msedge.exe
3136	msedge.exe
3136	msedge.exe
4124	taskhsvc.exe
4124	taskhsvc.exe
4124	taskhsvc.exe
4124	taskhsvc.exe
4124	taskhsvc.exe
4124	taskhsvc.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4380	@[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3348	WMIC.exe
Token: SeSecurityPrivilege	3348	WMIC.exe
Token: SeTakeOwnershipPrivilege	3348	WMIC.exe
Token: SeLoadDriverPrivilege	3348	WMIC.exe
Token: SeSystemProfilePrivilege	3348	WMIC.exe
Token: SeSystemtimePrivilege	3348	WMIC.exe
Token: SeProfSingleProcessPrivilege	3348	WMIC.exe
Token: SeIncBasePriorityPrivilege	3348	WMIC.exe
Token: SeCreatePagefilePrivilege	3348	WMIC.exe
Token: SeBackupPrivilege	3348	WMIC.exe
Token: SeRestorePrivilege	3348	WMIC.exe
Token: SeShutdownPrivilege	3348	WMIC.exe
Token: SeDebugPrivilege	3348	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3348	WMIC.exe
Token: SeRemoteShutdownPrivilege	3348	WMIC.exe
Token: SeUndockPrivilege	3348	WMIC.exe
Token: SeManageVolumePrivilege	3348	WMIC.exe
Token: 33	3348	WMIC.exe
Token: 34	3348	WMIC.exe
Token: 35	3348	WMIC.exe
Token: 36	3348	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3348	WMIC.exe
Token: SeSecurityPrivilege	3348	WMIC.exe
Token: SeTakeOwnershipPrivilege	3348	WMIC.exe
Token: SeLoadDriverPrivilege	3348	WMIC.exe
Token: SeSystemProfilePrivilege	3348	WMIC.exe
Token: SeSystemtimePrivilege	3348	WMIC.exe
Token: SeProfSingleProcessPrivilege	3348	WMIC.exe
Token: SeIncBasePriorityPrivilege	3348	WMIC.exe
Token: SeCreatePagefilePrivilege	3348	WMIC.exe
Token: SeBackupPrivilege	3348	WMIC.exe
Token: SeRestorePrivilege	3348	WMIC.exe
Token: SeShutdownPrivilege	3348	WMIC.exe
Token: SeDebugPrivilege	3348	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3348	WMIC.exe
Token: SeRemoteShutdownPrivilege	3348	WMIC.exe
Token: SeUndockPrivilege	3348	WMIC.exe
Token: SeManageVolumePrivilege	3348	WMIC.exe
Token: 33	3348	WMIC.exe
Token: 34	3348	WMIC.exe
Token: 35	3348	WMIC.exe
Token: 36	3348	WMIC.exe
Token: SeBackupPrivilege	5096	vssvc.exe
Token: SeRestorePrivilege	5096	vssvc.exe
Token: SeAuditPrivilege	5096	vssvc.exe
Token: SeTcbPrivilege	4108	taskse.exe
Token: SeTcbPrivilege	4108	taskse.exe
Token: SeTcbPrivilege	3496	taskse.exe
Token: SeTcbPrivilege	3496	taskse.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeTcbPrivilege	3944	taskse.exe
Token: SeTcbPrivilege	3944	taskse.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeCreatePagefilePrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
4940	@[email protected]
4940	@[email protected]
3068	@[email protected]
3068	@[email protected]
4380	@[email protected]
4380	@[email protected]
2852	@[email protected]
804	@[email protected]
1784	@[email protected]
2676	@[email protected]
4292	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 3476	4852	msedge.exe	85
PID 4852 wrote to memory of 3476	4852	msedge.exe	85
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 4532	4852	msedge.exe	86
PID 4852 wrote to memory of 836	4852	msedge.exe	87
PID 4852 wrote to memory of 836	4852	msedge.exe	87
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88
PID 4852 wrote to memory of 3240	4852	msedge.exe	88

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
940	attrib.exe
832	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://samsunglimited.top
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fa4f46f8,0x7ff9fa4f4708,0x7ff9fa4f4718
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3952 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1464 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6172 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6752 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6348 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,3741311811271208518,16519629955844581328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6668 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3136
- C:\Users\Admin\Downloads\WannaCry.EXE
  "C:\Users\Admin\Downloads\WannaCry.EXE"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  PID:2704
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h .
    3⤵
    - Views/modifies file attributes
    PID:940
- - C:\Windows\SysWOW64\icacls.exe
    icacls . /grant Everyone:F /T /C /Q
    3⤵
    - Modifies file permissions
    PID:1708
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:2168
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 263381721705250.bat
    3⤵
    PID:1072
  - - C:\Windows\SysWOW64\cscript.exe
      cscript.exe //nologo m.vbs
      4⤵
      PID:3640
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h +s F:\$RECYCLE
    3⤵
    - Views/modifies file attributes
    PID:832
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected] co
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4940
  - - C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
      TaskData\Tor\taskhsvc.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:4124
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c start /b @[email protected] vs
    3⤵
    PID:4804
  - - C:\Users\Admin\Downloads\@[email protected]
      @[email protected] vs
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3068
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
        5⤵
        
        PID:1980
      - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3348
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:1028
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:4108
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Sets desktop wallpaper using registry
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:4380
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "jfugzgoryzqa991" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
    3⤵
    PID:3500
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "jfugzgoryzqa991" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:4552
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:2688
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:3496
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2852
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:3944
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:804
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:4800
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:940
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1784
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:3568
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:1452
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2676
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:3896
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:4804
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4292
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:2044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3192

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3196

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9f9e1cc40,0x7ff9f9e1cc4c,0x7ff9f9e1cc58
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,4466575807689881738,1263208493523803957,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2200,i,4466575807689881738,1263208493523803957,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,4466575807689881738,1263208493523803957,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,4466575807689881738,1263208493523803957,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3360,i,4466575807689881738,1263208493523803957,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,4466575807689881738,1263208493523803957,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4684,i,4466575807689881738,1263208493523803957,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,4466575807689881738,1263208493523803957,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4444,i,4466575807689881738,1263208493523803957,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:2068

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:4152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

Filesize
585B

MD5
4c8e91d77eaefaad4d7f3e57f812a379

SHA1
04ab7c235339c31d4c989c2749036f2bd82d0f90

SHA256
065e1269a211df87a08f343e35b14f56e583f7c8f50bc13fd65f45bc3a0bf717

SHA512
a85958d53b753b442d83b53211b0c3e2255d746f83455b73ae91e668cab401cfa506bede5f9e020c2304b9ee206b4b3a995ee235d847b2edc39acbf426468d56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8eb86da1-8a7c-454b-89eb-33808d3e0961.tmp

Filesize
185KB

MD5
90fb5019b408ca7cf63ea039afa40c6e

SHA1
ea6893667b9f2696adc23427792768b3c005b26b

SHA256
da10d648ddedb1c13132c49ce0be59d0c4ea3d29631b46b260bf8ff3db6158dd

SHA512
5797195bb6ee1f78e97a04aecc02efa31d7f09c48aada2fe161672170039a0193f90b40f53ece5f8ce52a41ca167135ea74c05a2f8272a44e72834642dcfb87b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ab04317ea4ef730bafeed10c34e31bbd

SHA1
1c8c3f9e8c1145f30fc9d2a3f965421991637d7e

SHA256
b93a57948f5c5d28b6b4a1dd3c49091820e09b72b76c0882acac2abab8c2c296

SHA512
02601d5a7af3fe1a68ef9a90d10ed6f215639805c7b7cba766e68ee9d22cfa59b56fd44d45477b78172296484049b3425877c74e232512809609108fdc9300a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
69aef09091e726b54e6e0a5b0e07f351

SHA1
6920d092babca2e7af2e4edaeca789919ace0119

SHA256
f161017972093fc0a3e8624b750bf82b72f547162fc33cccccb72f14d3747504

SHA512
37026368ae3326c9ad5c3905363122ad801674d3e8af029ec56a9123a3e68b952ae863f17f1014929fca55ee592946c2ab4ff7f9ed1ea817d5e62237caf3b7d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5f559b.TMP

Filesize
96B

MD5
c45c90c576e39141ce55232ab8646a02

SHA1
46c966963a805bdf9e6bf5a4e1a7aace300486a9

SHA256
27ed160feac4aea384574a8c3ebe8b2ce2c2676338a2acbb30ba66267e0fc808

SHA512
7c3f0a722162e4c24ec64c5c04578892573bde07f2af2d54f4f8d0be3568061c8af289755e0b789dba09645991c8972a0274e70dcf8baa16522269c3712fb257

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
cc59a86fa1a3ef80979e6b8fc8e0dc85

SHA1
d652019477c53644fc16f58a00ba9a2da549fd0c

SHA256
3e908609533ec5bb7ac5a157773b8f1bd53e1c1b8d6c8a78ec9d638d3cfdc840

SHA512
6aa82f93404e127607a4ccd7be99fceb79904344045c702be7bef74be95f19aaf1561e5e05cd6cffbb79ac8ade739a0873e4429884a2a4c414af4c60e50da1b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
034311110ecfd10c15f6a8a1b1f85878

SHA1
5b7a3cc3a8092c746fe2fa7a6e9e4bee27afb6af

SHA256
ff0f5dc19b6a145c3c4778a0e119e01d31bdedd0ae674623bd45b1dc9700c0ea

SHA512
abe621c2644e7d17af9dea31c301d8d9127e498c4ce588b0dec249fe6d8dbe6a7cc6b076a4a4f8bb22ce28459ab16361023d4b29ab2933c741ba283c4fcee32d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
a86f78be1ad9299d72b632fc7d74bddc

SHA1
d0094a4c4cd1c3d9f73ae271774189279e143ba0

SHA256
c1b78a68a7207fe6a94124296c26489dd32fbd02c02b5a785c0740fdab027bc1

SHA512
7b817f0fb09cfc4f598347eb219e950039ee95b0bd60953811168078a9d3f0984f6be82ff2fb75b7ec754e836efa8838eb68dbde14a3221db3348a900666ba55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
1f06c486e01f946767c8488802b1d687

SHA1
14c14779ecc6cd52f051a24530a48b6c3757fb0b

SHA256
fa9d286877f20eb0e46264dcf61c43410cd2041f486a0fc40d5f5cd2e1142197

SHA512
42535b616b81571ea7563f41647fc97a4d51ec4381003adb0f518ea72847bc0a26688df29f3085934dedc7a94f7efb53d39454e9ece8fcc3b2d42af0b79716ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7cbafae42695dcdef53c9ee77426a1f3

SHA1
189661c0c11d8e596aecc3da730e95993e43c45d

SHA256
7f4ba5b9b38e72064f2d5124662397c0c369c9e4655b04ff108bc14348ea7b8d

SHA512
9ec5273c276814e0731db5075eccd9f5208193dc90f2bc61942a953d93dacaa483335b0e53e26d1aaf576a8ee7a37f81510f584c93967561e6a6f9e86c587194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
efc5f704eb172ea11a676b618ce1a7b0

SHA1
e5f4f2ce1d36c1725ab5aace0734d38eb75efb6c

SHA256
28a759d17a1de0d94d4c20d410d816917b1b07b74d9489c70f318c18294f9dd6

SHA512
990165c5fafc5f244a788008d6104a337855d9016103035088359088990b74d2f39cac00570bcae36198fb18c28439275d5709d66e7c5e5dcdecc50ee50ccfa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
10baae7f8c421f11f42a1f6df73b1548

SHA1
953169cbcccba04eda262368a6c392bde59551f3

SHA256
cf6be4f222b3a34ad69221e09c373fbf8425ba43fc31765c75acf49f3a61f08b

SHA512
03c9cf9a8039139c492a8b4e439d01ab021ea39f768452f376a0f57c823199c241e6e209b01bad869bf0fb087a4490578a2f23dc1a772cafcada7fd2d431b244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
072518e25845e28390dde898bd0753f3

SHA1
27997cc42929493e342b9785ccf1dd3bfff8ad9f

SHA256
0ef7e052cb95856cd6f422421340c2f2224d4e1557fa795243276aec55ffe005

SHA512
9eed631e3d03bb837b05c15ec2ee142ee5646416d3e64077215191f278053d628c4e05923ff6157d2fb7ff8291945e4c866b56095a4041ff059d7bb2fcabb3da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
8a5e5645afcc5864f6d72dd066964ea9

SHA1
fd96745f8747f9b3db16e12bba7001d85e4477f9

SHA256
66c5d41e3968886c65673ae206f8dacfecfc56e186c61b2164e4a0d50388faff

SHA512
d529e1fe343c75e9bfab9a4c26c035b951db5aa96d548b7e78aea421086140bf44507c24c391b7f555a7cb68cae1429a88f52bb2898efbcb924e06fe471094cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
41KB

MD5
78b45f66500680832e342e6fb8f0c7a0

SHA1
457528aace12ab0b6487a490d7b8a6adb13dc8f0

SHA256
5cb9b5d3fb0be382aa00936369c7589c938a438c3942c9883072dee465458c00

SHA512
6c1aad5408b7c02a828596f5030fdd310b78b79dffdf3b3dd997aa26802b55026bc18d7fff44a0e3fadef8087b43964262a9894fd4fc06de1b229bbc6d3b2b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
931d16be2adb03f2d5df4d249405d6e6

SHA1
7b7076fb55367b6c0b34667b54540aa722e2f55f

SHA256
b6aa0f7290e59637a70586303507208aca637b63f77b5ce1795dfe9b6a248ff3

SHA512
41d44eafc7ade079fc52553bc792dace0c3ed6ee0c30430b876b159868010b8676c5302790d49bed75fa7daa158d4285e236a4be3d13f51ff244c68ca6a479ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
37KB

MD5
f379276efec34127fed6f06101a024d3

SHA1
279e8e9dc86c622343e5bba17043d893c9224086

SHA256
1f92cc266344c34ab3ba73fd7107c0b7d53de896e47f3683c9e7ea4b1e74b8cf

SHA512
a87e994179341eedf39393fd4b7a57e8ac341f43bcd846c3bc16da9632921c08566be9ccb1b3afc0a1b9a9152c6a1339bff584401aaeb7f1cff7a36af66db5a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
21KB

MD5
1d360b4556cb737bc22f87dc83cdec12

SHA1
2401ae1c316e52652ec9a309d5db2e0801ec4bd1

SHA256
5bc8f420585a110767d782fc3bc079c38cbbde4cae27e7c9ee0f4316e2c75805

SHA512
305d885a19fd8fbfbd7b9c13de9461dc07392ecf1a351388c60bdbf51862ed3d7ab995b578f884de4702388d332a5a8b6b8204cf4519ffbf303642b401dd3562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
37KB

MD5
f9a90d58144602c12373f3a51ae11c3e

SHA1
50930fadc719a0cf689f480f053fe55eaab64817

SHA256
477adbd55274ba5f7057f114fd4c4908fe46d7f486c7cd6dfe452a80ff0b7c82

SHA512
0f06561a943bdafdc0f6355ce4a5dd2a3daa348d621ac8c0d95632d5bf0458b4068803af0f3e9819496ed750299a63e6eea88c53bd2816c757a0e4c721d7e4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
25KB

MD5
6f0d8c2d86b40b21934ff819a3961667

SHA1
2e411280d2191d0f9732fe01ebc522aa87363b34

SHA256
8ef59cad09decea1d3b42a9ddd4a9b25a6c7d7bdac03d0621b4bef1448276c88

SHA512
b9406b8e4f3ca0fb1a45d3ce677d12a84c83c9c1039be109b0002c4a42435d68107cacaec2e07474b7e9d48e6e00df1734e33d1b18d6aac7a604ea6500e01024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
20KB

MD5
0f3de113dc536643a187f641efae47f4

SHA1
729e48891d13fb7581697f5fee8175f60519615e

SHA256
9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

SHA512
8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
17KB

MD5
d7580dce32412dc9d53e8911beeac7e4

SHA1
fb93b2d7546f30ded645e40c4ad2ae962bced731

SHA256
136b2c40697b50198694dcf1ccae005f9a5dcd15b3d67bb48745df477a49df06

SHA512
2440ddd41e5d17fae4ff5e261d2d4694937f27d94292f1424c398585471f71cd20131f2babdf3332176ca2aa191bde920aeadb15705843fed3d4183fbfbe6e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
19KB

MD5
681b3fc333cae54ab17c3dc34a8cf707

SHA1
071db9942e4b9906a67f1af7541bb039e6816cc0

SHA256
e6b305df0502b1cbc3d021ee9458ae110695004559ddb1604c86ddb5fc8dd8b3

SHA512
0d4609fc0bd421d8ca30847ce83e2b594169226b13e6aac75ab0b31e0268139ffe406eb277c5511f09cb7809d5d848393ada19d57a319c15ed295b7f033fcde9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
57KB

MD5
0c9e3a7c52fcf25e3d9c01f48335d318

SHA1
89e68457fbadaace6a842db139171a6ac111800a

SHA256
642e6f5a9e403ecfaa678ec716e9dcc9ffe6071e2515f5eba0e2fd601d0796eb

SHA512
9287ff7adbd7580f7d738f9fa9b6e0e74a51edf79c3a0590102713c7551a732ed4ccf9f02247c8e7ace4cb6569c9d4bdc77e5b1e7ebf0ca786e2ae965efaa684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
53KB

MD5
8fcb818bc23425964d10ac53464bf075

SHA1
396f40d25a7d38eed9730d97177cd0362f5af5d7

SHA256
8b56333cda4211c50ada778d598348b8a846d557ed9117d8b265e004db31e9f7

SHA512
6ec7588257bd1261f9b2876c3aa57fba2b6bdc33a2a68830c8d8d539f449c552cf6923a5e8afb5e665d12cad253a10d68ad665d9eb74ff8250c6daf2f61e6da8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
23KB

MD5
725e1be4ba45c58e9d87825f0e149a9a

SHA1
118ff3550886039fa98cd59b22a059aeef251340

SHA256
d8c47a66d5c0c1a9f935f93f8706a8a6fc716f7138dd18f0d3787396a21d1422

SHA512
cad9f0e9037211f48bc5c2cf8caa6443597b012a35ac6a925dbcb87a5323806f917acd2a327038129b8e1f4629f64f49c59233e02db03bd25afa707a3ebf6b36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
132KB

MD5
01088b35a7144b96e1c65db9ecf5aeab

SHA1
3d5b4a4fafdc3867adca4a4a640d6296bba06f82

SHA256
66616d0b8be2030b1f40d1da2a80bdf930172335226111b7965a4480bb584f1f

SHA512
bf639e6539792c3ebab0ddb646b795a1cb14e4359fe97726db69ba2e082debdb920c15d5eb96a552613ead61ee4320de0331c02aaba3f14dd83956cc7affba89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
22KB

MD5
015dfbcf0c986f99bc0c1d6ab9fc162e

SHA1
6dff455e6dcdec9ee55ca25edb5f8edd1803f3f1

SHA256
291c3acf9855517f481cf0d64ba43f4e085381d857589ed5fc75905c82133951

SHA512
1d34e7bd775cc7b70371a579de085824a0eee0c6ae81dda89d51500c51eb0163987055a2dbcbd9ea191ee8b35ee0cfe4813bde076bfa5df0428ba7e043a6522a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
239KB

MD5
3ad6374a3558149d09d74e6af72344e3

SHA1
e7be9f22578027fc0b6ddb94c09b245ee8ce1620

SHA256
86a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff

SHA512
21c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
4aadd820dcc3203129827d3fd44c2faa

SHA1
4c4be3230b91280697bd110c9960f4acbccc1e97

SHA256
682ee1e8e1615d6fe81eaf4eba30b75cdabb1228f9caf46175f1a69199c5d9bf

SHA512
ad4e3e2ae1d867bc8f6a533f25f8747f0cd161199b6a86509646876aba42c465f3622a86298f093cc2819073e75c00f2447234321894ce54982a359d0c94fdc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
1f141aa38285a3d68b011d6392499126

SHA1
061d688d6bcd35d6c32bb08216233e3d8772b5a0

SHA256
6889a11e0f1c1d266f1b5da47cbc7a65e985838398b867add372e7f817c2e559

SHA512
91bf194ced234facc078fe21a6378b429728250d1bb3a9955ecd9cc76bf7d92b8a0cb0cec2879f204f4a5beeeec2b354e2165a2dab65d67cffe4b7db8b0b6a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
674e853c3b70d6fc5487b7d4d5f56015

SHA1
238c5189738673e43612d0e7f44a006bda9e51d1

SHA256
66073b54b5a2ce009bd30deae39e9d3a582120737fcae35ce215d293419f18cd

SHA512
e8f0a16fa97903c9ce56ad5458bf320b641058dea8ce6df44999747516633fe2d1c9d5df67f6d9d659a85cd7d151c5a8d69e27f53229f0e4222135d1e2e1d38b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
796B

MD5
0d6bdf216fd3a3737148fc3f6df9486d

SHA1
e623f90fcad1a6fa5a6a7b0916e877a63e7f25df

SHA256
466f598d8b96c3fc8f3d456f3207abf3446ef798785d5c13a9585f2a34ec490b

SHA512
8205656a2ec23be1144f2ae370d545d51a1e1ca856f73a33996d7a122ead56ef1c89c89ac615a6da98c6c68b142c360a41dd0342445a5b50be3ad2738f5813c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
36a086e38bfda351af9263e28dfc22b1

SHA1
568949f7436fcb47e475f1be40c8ceda58d23135

SHA256
f6fc2a63bea082e6fe86effb00a27afe1ecfcba64f777bfe04affc8cdca05f26

SHA512
4cc928862e28e665aeaca76e01f3d3d5b7410c56c344c77e5587ea2bf1ec8acbb86aebd191eceb43c70ee706fd71f62498845a3e0fa8dd541ab79ccc29edea10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b24d7f199d19053d2efbe5eb1ce1f710

SHA1
f152af63240d7465ad9c916e071ce9e07e27798e

SHA256
63581d28cc3afd494ba31b2cec5b19b304723787bef30c52b471f489296b7dff

SHA512
faa763403b99aaec12b3ca8fc77ab63bf6d5cd123ef1e7de13f7c950aaa2f7856de7e4c6c6a203bd962a5a8eb12f188752943c8a599798e77f6f2f1be8d1d7cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f2bb77f655a017ff99cb83239d597d6d

SHA1
93ba23967925e0872c6f1af39a525aace40131a6

SHA256
c896c520129e102578335248fcea20f1b97aa05ffc1db585fa13a5ac4883cbb5

SHA512
c05887da2633c0855756a765ff409f504b3efd4d575ad2acf147d563f051c4062526d697144aaee3b919e902fd12bae74304dcab9a867ef3669bcf482f47c1a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
835afe5041cd851d97f2cea4690cb59c

SHA1
b00a5dc11a1a02130b73e480902c4a01e3e63a38

SHA256
ca98e036b755066033c56f42b09196a4f0a3cfb520e48f74b286c8f3837b5e29

SHA512
db73238c483825f57979abe05479d3ecf81c0d0d8df8f1eeda90efeb554a906c300455dd74399179ec4b2af61e67d221f5fe250711dad4be0158675f1ddaa0c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cf1eabfde3c15dddc15cf7757ab84952

SHA1
5cecb7b749d38025343afc25a37a7c2a693bde37

SHA256
8505b85024f94ec627d0b888281bc8d180774ef851f8abfb94cd5065fb51272b

SHA512
9fc009d55556b688efeba70f19cc78632e4ff138dc1acd919a44547943410ec8d7116cb41ca542e6df43ba8f3a585806b230656ca378851ba9c66ea511cc9fa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0a37aeb7f83b6540f63460eb74da063d

SHA1
c2632332b8c25765ffb82a7644561b9a0a1a38c8

SHA256
357f7851faf3d918883828a69ee140103c86569e7aa365b661e466aad95cb313

SHA512
01435ebde0c9bf20a9593419df4201825364f711b192a78b145b1af40815baeeffb09e3f5022b8064e58bb8c79209f699398c830a11050878d50d5acf24f25a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b78d7f0b0e20c2a601c46ae9b68eabd1

SHA1
8bff390e8649b5020d57f88956f1f89a187338f9

SHA256
af2a5d8b1fcc43cb70ecc67adc942a114cbdcdf8b8dfd5be75dcd23c83671783

SHA512
3cec8bc3e634c1d8a39604c8d81e52bdc52f68daa6fd3f644b41a49567d487e935c5029223750cd2c313b3f231c9cf561456da981246ed9c2d1ab51ed410b5d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
998d57bffc35654d74db6e9692ec9863

SHA1
fd9e5ea71359bd90761608e38f25525ae98d93ca

SHA256
7b51aa0b9cd210da992bfa73e464422164d42e6d08a30e5e520a2f88933f625e

SHA512
e1ca23416329f18b16ca018aeb528724ab4d62bfca500305a9632cfd6ffbddbb88248965514a3317ddace56621094d87b71f6d111da0bea9e2435c28a2a96e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fcf399c69bfd7294cce5095ca67e42bd

SHA1
7fdc1d4edede3c5952e920e382909812bc7c7c7b

SHA256
9c71c3e124c010949cec9c3bfc3b8f0926f208b71ece366ae97afdfca0e0cfd9

SHA512
8403b9baa2ba21308abce96e4667385cd2ead79eed5068cd50fd8fa8da78257ad44a5c54f5714ee14e91bbd372e4abd353c8fe1e92e72b2d14d513139af2d7eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
48099d0d9170f33274e884c5f508f1de

SHA1
b6e0948550ae550a6fde23862d298d5345c33370

SHA256
56775430c0e6cfd785cead6a6c134424693f7d7894437e58307a2146193dc9fc

SHA512
e516e9e4d1054ba6bf3d44ab24001eaf9d951aa64ba23b226ea125d2f89f3fc602c608ab5468a4bed0c2472f7be24d711e7874f43d8028f30c8ac79a8f6fd8a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
958496712febd12f8dadcf618003345f

SHA1
23d34e5c6035717837ffd744d6bf4a8611f310db

SHA256
8ca2af0b83e41102eada572c3711faee96983d79c7482c68e723eaef401e5c42

SHA512
b65588b9b925796b630f4f0e89b052c2fa8a8f9365cb5e4108abb76e6a2954eb2242be6f555bc1e18a04f780f18cd9666c5ec60ccc5801f84202b125d0c0a591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6cd32e5e7441ff817a2c5c4c707a94e9

SHA1
2ec111b0bd9767d5bdb9faadb81d50ca7a84d90f

SHA256
f948ba6e46a4f2b8c696a94c6f9fc9059b5a7bb186e1f86fa0fac7072ef8b3e6

SHA512
a03f28968fb6e94a55e9a651c043c4cb8701195cdf7eb85d952e27187d5ec62e2e8cc88ef22c389ec138be07d7fbb73354394f041c8b6588bd9e96f0a1c461ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f53498a9939c9e89c6d63180919ec204

SHA1
9f751605378e4b8a0a99b2c9187576c50139632f

SHA256
a55841570de9bce2fdff44299409baa03f456f64d3dc1b2e8e8cfd82cfc0533f

SHA512
f32518a2f203fabce7fb3bb9dca73ff84f5a24b6e46794863d65cc3215595dd2583f6b41c3ef42eb0cb4004020cbad46fac93dbebec21b42d54efa2c5b184f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f40835246d1cec9212a19347cbe98d45

SHA1
1a99ecafd3a63b1eabe1a9194770a83db53a7bc4

SHA256
4b091278eeb36bdb3762bad33cc5d45e2e262fcb88f9ef8008e22b7a226deac4

SHA512
123ec534a890f8d583c538f3ed61f41ec7eb9f046b17a117ae91b90db0734e6af26317e264fa0be2a5316f2dcaf4509e2f50a7f49c551158f758f7971e6fa77e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
14abbc25ad0b81db923921a6146cab68

SHA1
b26e10d317a72a80c83262dc05cf1920eb252b9e

SHA256
3afbfde7f53283e473db90b4e6052d6c048f2248134aee73fc20e3c64d0961c2

SHA512
4e717588d7cd359dbc893bc08f7b6bbe2f43d9c9e4c6c3b4fb15fa4879aa0838887f0b0c41d590d16c955917005134497b5137ac553c8f42153774953fba7ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5df0aa87484ec20d11903f6d6ab3989d

SHA1
9d379449e1acb35fa12ca0acac80e9e5f69a1188

SHA256
87e19109eeb71962d60e51618d4f73568aaedd215360a2f72426998bb819ff45

SHA512
4ca10e9f33412fc606c252e0674b96a64b070f21c38e63aa2ee02664a588f3bccb1ed36ca7898464731b922fafedeeeb4b7e8f7f8d3d4fd9e6b5e29cea6217bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
31619bca4e91d0a46962de624c6405b2

SHA1
31eaa7243114066f86d46ba3d46fbac80786b77d

SHA256
a2581216144d6c30c53d4f8d9d7093f8dc5115c355f19b6a1b0615e7a5edd416

SHA512
891691e4f740cc18fb387eb467f4f65e72416015cc1be6a5235f5d3d3b61d1b9e7b94e3029f8ce01c98e8a5cffab253d1707f351730342d3fed595b1cbb06182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
27b84f96d7de0b71d924300523c18ba2

SHA1
d6eb8a198415602df9cc6446b5aa8ae40bed27e2

SHA256
dd6f1540df55860e9723e1919de0726699b6d38e816e65e825538a3976bce826

SHA512
7891856ff658a120e0e53f5560561a0f36f168f2198b527e9234002467f0efbd2112c7168d1e94cb5201d8ff116de458224cb3d40f88eb4c30f28748219b9523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9c1296e5e14915ac699aae0124d71590

SHA1
e98ad5001927c714ae6c5c8274bd730b5c309406

SHA256
1129822dcf781e3d83d53d17f87c24526cc8f172b77ae3047a460a693974324d

SHA512
4cbbe57886e904e2356bc1df223bb09ebc8866ffaa7ea554fb9753b6f870e3e24a5896b264a769a6fad09a190e11caa9aa3cd805857909998e812855c695c66c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
19323698d1568aff3de229f487f8130b

SHA1
61de0cfb49f98ffa2af96850e8c2cdfd173af7a5

SHA256
4a00c46deeb403eae54356b4af63c1051d30854cd7d1fb599314f1768921eb33

SHA512
a8c0e89eb12c37bd4ce5308a861a08c8257908017e7b3116f8407c5a26583eda99a8970f69167b8790955aa87df245206c9a79327283a7126ea1f09c0f2af743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f8fefda346fbf41c51af4d3b50834083

SHA1
a875da409029184044b500f6c5682c05716cef57

SHA256
8fb6c59b1102864a4a0af123fbdb2816950923ad96e3c8da117beba2a703d83d

SHA512
24aa5a74e7ee2d4ddff1c4b6cd3a5a93a73eb8ead9df923d5b0be80f27f9896e517d2ef17dcb80fc6e654bac5fe5d5cb4c8d2dddb5029098ac3e61d7fea9483c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e403d0182257ad10dbe48b1f516d2246

SHA1
4e508d3a03e8582a2f4464f4aba84e9151fc5e3e

SHA256
67d5f2524670db59c55a3a3c8ae936235653915083b006b48fa83c3f4b1ecf63

SHA512
5b5022034e527213c741493d352827d03a126e816cd0bc6b324add6f0b5de2cef94d5e1e71cce9dd504eda34ce9091aac1e415197641966ccc1bc6d2609a9819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
266512e1edd6e9d08f7589417ca4c8c3

SHA1
3e55722c8d5843902fce64649b15c26263de8f00

SHA256
007709e73a4dfd341280598bd555338f2282b959ad2108cfdd441db3d2e56172

SHA512
3d59e0107bcb0951a02eaaa4b32c573d8288da830f593dbcde0aba7458806cb3b43da258ca40148aeb41b386a87d641666d0585010b76f6887e024794857ccce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fc54346aa05ed0909d52c2d302f653fa

SHA1
b7a3f6ae2a2d6560cc1fdb0026b9cde37a6989a2

SHA256
35d1e8ec22c41a20ff2038183cfc88b932dad821f2fa1fef8b24fb5f97f34695

SHA512
fe7497daa408bd7e723c0777e6d5e92da1d19fbfd204b481ac451bf30d4df15c477f1679cc8447f14deab7ee6fcde3a602a44fb3e468db6b87276ece286432e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c362d87793389f080f7cbd17d8ad79e8

SHA1
d34579958015b6b82471f36d32e67601c3881e15

SHA256
87812f059773d60b4c319b39e084893de65178d8bef86b5bbc3ca2a81cc6f9e1

SHA512
381b988c16b723434eebf6c03cc01be1e52c1388e46b609ddfdd5ec21cd3c4766dcd29f24c8950cc15bd45a09bd2e2a4abde96da48ef28522cabf1a9a0bf168d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9ef973227e263e3fea073d1ed7e63fcf

SHA1
75fe03e8ccaa324b008a2b0ff343f09194344292

SHA256
fd3fb64cae68d576ba6dc168a53f39de96e6a37ea56445a57e22fd117ab9707f

SHA512
df5d38d117f7bdd1aa46f768ab59563dfa87eb8bd67806630fef5f8f053266cefc1f236f7540887967504708f6b3bb29a56cec6d15e6c96cfbba904b6ca00bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587b46.TMP

Filesize
538B

MD5
9d7fba541ac3a6109eab86b2f8c9895e

SHA1
ca641060a69341d7aaeb34749e699538626e6299

SHA256
3f923acd4eab7d850680aa7341474fc2f7a09f72c28b06c24f74152a283e49b3

SHA512
25d8be4a32dbfb606a3bfb2d23ae801734c9a16416064ee1b726bc5550a623402d5102c31c816ed41ba2ad07fa239ea9c6004cc5641b290c7374617584184499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5a08c76f04b8e4214e0be492d0aca25e

SHA1
2b3b323a38296a586c5435c4b64568e163e9ee9f

SHA256
a04991a15be3a3b070de3745210ad04ca09ed3855df239edf81f5980e8dbcb3e

SHA512
1d1a7be5ae7adff5c7aef5989f26553fe4f5ff404d83b5bd09ca3d39f619bf320c74e08d03afe8abc7c18e154b2d7704dbda23a8e796cf8169ab2fcd20ac1e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fcacc8f7ae6e20fafacf6e1351e9e39f

SHA1
2e929b9cd206a5913d8ed8421b1565f637cfe802

SHA256
aa286cf0f6eb09029ecb4ced0d0e793e3d92704439ed5100f50893d6a5d514f2

SHA512
fd2cc5f838fdda2476e9d620e7163ed9b8017d7736e6cf4edfbd397f805f44a39edbe78b8dbae487997e814c11a20bf69e0c06e3287a9307bc9b23964e102b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
51c0f7f31fc119502c2abe441751ba7c

SHA1
ee61458a5dbbb06e3870b86022b282b117487414

SHA256
bf4e63a20b5b1946ca1adbd626ad4c6f25ae97295eeeccbf5516218ffd1acde0

SHA512
e5cb3dd96d2ea1011529197ca83972ce6c42c00c6c7fccd666d4210af8941ac69a452bf1d24ef4a666027e0c2fbc977989a318adbced608ff201c52f69d49815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5fe847a2e16adbb88beaab8cd84edfdd

SHA1
519c1308d4926fd41a93f4d7c8ac263865508d47

SHA256
b6cfd027c237759a26cfbafef3f999e4a06606329d0c3005962d7b77388f0d7c

SHA512
30707f5894bd673cb91d554039dcde6bfcb2be1583dafd18b3cbce8c8ac798b03713e6cf6cef501dde14b2da7e2e4eae2da7a3ad3067cbde1b1e7380ee185d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
351040aec2c6d6adbc4d258f7daa7ff6

SHA1
ef84ce1c401a93ad43166b538423fec4c452a284

SHA256
6f38bfc6fd08909c86d0305e41a800b2c4d54411181e3838ad9180e267fabb0b

SHA512
713089587ec2115f1203bd78fb97be7e2c430368a84cfa315d50635de9339943d3b16d6c1d459dd8b2fb61f9d82f2d9b05419e1c822bc31f5c2c0aaf8a9acdbf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
9b0f2b45855d8effb796f9ed0de7a78e

SHA1
c67c1d6c4532ce51a97a07516e60d91c88ba1e71

SHA256
e71c960d8a5e722c1723fab7b9580bc6522e68b2c2e83b0bdd8b3259a3afeaf6

SHA512
57079494a324da623d2ad84370058eccf7dcb57f3eb272a3fd648cdc7d020227089bf180ec6276124290d33fca5447c6f0747d5414068ab763343ef627abc56a

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-certs.tmp

Filesize
18KB

MD5
96bdbe38545a68c8b83e275217bc07b9

SHA1
73f7eb8dd9dc94cbbf877aeeb980af0b079734c3

SHA256
a640402420f1ac110fbfb47c67f4e9a45a32adc0b0363d56242708575eb1465f

SHA512
862645b548b4e73b033cfde15282e017a549f06e8d1d0209a5685d7d10da8e6bc91cafbdd9f1d40f3b06e3da7996d016d64add678a1da8d151011e7bbc65ae23

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
5.9MB

MD5
86937cb726f7d13cc7b81425101d7629

SHA1
de531614d0c0a21c56c0804f72650e1e5cacbaa0

SHA256
2f31bcaddbde63e4498fb6afa5069dd1b4cdffd610ad94ba0ed8236f588e8be8

SHA512
e87aa487d99ff0f9cf25aab733db76f9563a2859f6069a3c2d0bd87ae9bdbbc6f6ca050e45479094f127ddfb61831528bb05d0c3442d1e250f095302b15ae2bb

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
933B

MD5
7a2726bb6e6a79fb1d092b7f2b688af0

SHA1
b3effadce8b76aee8cd6ce2eccbb8701797468a2

SHA256
840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5

SHA512
4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\Ransomware.Cryptowall.zip

Filesize
100KB

MD5
8710ea46c2db18965a3f13c5fb7c5be8

SHA1
24978c79b5b4b3796adceffe06a3a39b33dda41d

SHA256
60d574055ae164cc32df9e5c9402deefa9d07e5034328d7b41457d35b7312a0e

SHA512
c71de7a60e7edeedbdd7843a868b6f5a95f2718f0f35d274cf85951ee565ef3ba1e087881f12aeede686ce6d016f3fd533b7ef21d878a03d2455acc161abf583

Download Submit
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 308175.crdownload

Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Users\Admin\Downloads\b.wnry

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\Downloads\c.wnry

Filesize
780B

MD5
8124a611153cd3aceb85a7ac58eaa25d

SHA1
c1d5cd8774261d810dca9b6a8e478d01cd4995d6

SHA256
0ceb451c1dbefaa8231eeb462e8ce639863eb5b8ae4fa63a353eb6e86173119e

SHA512
b9c8dfb5d58c95628528cc729d2394367c5e205328645ca6ef78a3552d9ad9f824ae20611a43a6e01daaffeffdc9094f80d772620c731e4192eb0835b8ed0f17

Download Submit
C:\Users\Admin\Downloads\msg\m_bulgarian.wnry

Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\Downloads\msg\m_chinese (simplified).wnry

Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\Downloads\msg\m_chinese (traditional).wnry

Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\Downloads\msg\m_croatian.wnry

Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\Downloads\msg\m_czech.wnry

Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\Downloads\msg\m_danish.wnry

Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\Downloads\msg\m_dutch.wnry

Filesize
36KB

MD5
7a8d499407c6a647c03c4471a67eaad7

SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

Download Submit
C:\Users\Admin\Downloads\msg\m_english.wnry

Filesize
36KB

MD5
fe68c2dc0d2419b38f44d83f2fcf232e

SHA1
6c6e49949957215aa2f3dfb72207d249adf36283

SHA256
26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

SHA512
941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

Download Submit
C:\Users\Admin\Downloads\msg\m_filipino.wnry

Filesize
36KB

MD5
08b9e69b57e4c9b966664f8e1c27ab09

SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa

SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

Download Submit
C:\Users\Admin\Downloads\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Downloads\msg\m_french.wnry

Filesize
37KB

MD5
4e57113a6bf6b88fdd32782a4a381274

SHA1
0fccbc91f0f94453d91670c6794f71348711061d

SHA256
9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

SHA512
4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

Download Submit
C:\Users\Admin\Downloads\msg\m_german.wnry

Filesize
36KB

MD5
3d59bbb5553fe03a89f817819540f469

SHA1
26781d4b06ff704800b463d0f1fca3afd923a9fe

SHA256
2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

SHA512
95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

Download Submit
C:\Users\Admin\Downloads\msg\m_greek.wnry

Filesize
47KB

MD5
fb4e8718fea95bb7479727fde80cb424

SHA1
1088c7653cba385fe994e9ae34a6595898f20aeb

SHA256
e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

SHA512
24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

Download Submit
C:\Users\Admin\Downloads\msg\m_indonesian.wnry

Filesize
36KB

MD5
3788f91c694dfc48e12417ce93356b0f

SHA1
eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

SHA256
23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

SHA512
b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

Download Submit
C:\Users\Admin\Downloads\msg\m_italian.wnry

Filesize
36KB

MD5
30a200f78498990095b36f574b6e8690

SHA1
c4b1b3c087bd12b063e98bca464cd05f3f7b7882

SHA256
49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07

SHA512
c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

Download Submit
C:\Users\Admin\Downloads\msg\m_japanese.wnry

Filesize
79KB

MD5
b77e1221f7ecd0b5d696cb66cda1609e

SHA1
51eb7a254a33d05edf188ded653005dc82de8a46

SHA256
7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

SHA512
f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

Download Submit
C:\Users\Admin\Downloads\msg\m_korean.wnry

Filesize
89KB

MD5
6735cb43fe44832b061eeb3f5956b099

SHA1
d636daf64d524f81367ea92fdafa3726c909bee1

SHA256
552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0

SHA512
60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

Download Submit
memory/2704-1767-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/4124-3494-0x0000000074300000-0x000000007451C000-memory.dmp

Filesize
2.1MB

Download
memory/4124-3360-0x0000000074300000-0x000000007451C000-memory.dmp

Filesize
2.1MB

Download
memory/4124-3480-0x0000000074300000-0x000000007451C000-memory.dmp

Filesize
2.1MB

Download
memory/4124-3382-0x0000000074520000-0x0000000074542000-memory.dmp

Filesize
136KB

Download
memory/4124-3488-0x00000000006F0000-0x00000000009EE000-memory.dmp

Filesize
3.0MB

Download
memory/4124-3380-0x00000000745E0000-0x0000000074657000-memory.dmp

Filesize
476KB

Download
memory/4124-3378-0x0000000074680000-0x0000000074702000-memory.dmp

Filesize
520KB

Download
memory/4124-3527-0x00000000006F0000-0x00000000009EE000-memory.dmp

Filesize
3.0MB

Download
memory/4124-3363-0x00000000006F0000-0x00000000009EE000-memory.dmp

Filesize
3.0MB

Download
memory/4124-3362-0x0000000074520000-0x0000000074542000-memory.dmp

Filesize
136KB

Download
memory/4124-3361-0x0000000074550000-0x00000000745D2000-memory.dmp

Filesize
520KB

Download
memory/4124-3474-0x00000000006F0000-0x00000000009EE000-memory.dmp

Filesize
3.0MB

Download
memory/4124-3359-0x0000000074680000-0x0000000074702000-memory.dmp

Filesize
520KB

Download
memory/4124-3465-0x00000000006F0000-0x00000000009EE000-memory.dmp

Filesize
3.0MB

Download
memory/4124-3428-0x0000000074300000-0x000000007451C000-memory.dmp

Filesize
2.1MB

Download
memory/4124-3422-0x00000000006F0000-0x00000000009EE000-memory.dmp

Filesize
3.0MB

Download
memory/4124-3409-0x00000000006F0000-0x00000000009EE000-memory.dmp

Filesize
3.0MB

Download
memory/4124-3381-0x0000000074550000-0x00000000745D2000-memory.dmp

Filesize
520KB

Download
memory/4124-3388-0x00000000006F0000-0x00000000009EE000-memory.dmp

Filesize
3.0MB

Download
memory/4124-3383-0x0000000074300000-0x000000007451C000-memory.dmp

Filesize
2.1MB

Download
memory/4124-3377-0x00000000006F0000-0x00000000009EE000-memory.dmp

Filesize
3.0MB

Download
memory/4124-3379-0x0000000074660000-0x000000007467C000-memory.dmp

Filesize
112KB

Download