wannacry | hxxp://Getwave[.]gg

Resubmissions

02-08-2024 12:10

240802-pcbcpawgkl 4

02-08-2024 11:22

240802-ngs8ma1ana 10

Analysis

max time kernel
344s
max time network
349s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02-08-2024 11:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Getwave.gg

Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Downloads MZ/PE file

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDDEB2.tmp	WannaCry.EXE
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDDE9C.tmp	WannaCry.EXE

Executes dropped EXE 12 IoCs

pid	Process
5476	WannaCry.EXE
2320	taskdl.exe
5672	@[email protected]
3520	@[email protected]
4884	taskhsvc.exe
5564	@[email protected]
5240	taskdl.exe
4916	taskse.exe
5996	@[email protected]
5308	taskdl.exe
5788	taskse.exe
5936	@[email protected]

Loads dropped DLL 9 IoCs

pid	Process
4884	taskhsvc.exe
4884	taskhsvc.exe
4884	taskhsvc.exe
4884	taskhsvc.exe
4884	taskhsvc.exe
4884	taskhsvc.exe
4884	taskhsvc.exe
4884	taskhsvc.exe
4884	taskhsvc.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5836	icacls.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\vjmsszrdgw014 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\""	reg.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
232	camo.githubusercontent.com
234	raw.githubusercontent.com
235	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	WannaCry.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 22 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCry.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]

Checks processor information in registry 2 TTPs 36 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 16 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\.md	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\md_auto_file\shell\open\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\딛⨀谀耋\ = "md_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\md_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3774859476-2260090144-3466365324-1000\{894F28E6-15DA-4C49-BB4E-989BF41B62DA}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\md_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\.md\ = "md_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\딛⨀谀耋	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\md_auto_file\shell\open	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\md_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3774859476-2260090144-3466365324-1000_Classes\Local Settings	msedge.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
4888	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 527575.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
1080	msedge.exe
1080	msedge.exe
3204	msedge.exe
3204	msedge.exe
1252	identity_helper.exe
1252	identity_helper.exe
3640	msedge.exe
3640	msedge.exe
2860	msedge.exe
2860	msedge.exe
2120	msedge.exe
2120	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
5408	msedge.exe
5408	msedge.exe
1452	msedge.exe
1452	msedge.exe
4884	taskhsvc.exe
4884	taskhsvc.exe
4884	taskhsvc.exe
4884	taskhsvc.exe
4884	taskhsvc.exe
4884	taskhsvc.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
4152	OpenWith.exe
2120	OpenWith.exe
5864	OpenWith.exe
5564	@[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe

Suspicious use of AdjustPrivilegeToken 54 IoCs

description	pid	Process
Token: SeDebugPrivilege	1236	firefox.exe
Token: SeDebugPrivilege	1236	firefox.exe
Token: SeDebugPrivilege	1236	firefox.exe
Token: SeDebugPrivilege	6108	firefox.exe
Token: SeDebugPrivilege	6108	firefox.exe
Token: SeIncreaseQuotaPrivilege	2300	WMIC.exe
Token: SeSecurityPrivilege	2300	WMIC.exe
Token: SeTakeOwnershipPrivilege	2300	WMIC.exe
Token: SeLoadDriverPrivilege	2300	WMIC.exe
Token: SeSystemProfilePrivilege	2300	WMIC.exe
Token: SeSystemtimePrivilege	2300	WMIC.exe
Token: SeProfSingleProcessPrivilege	2300	WMIC.exe
Token: SeIncBasePriorityPrivilege	2300	WMIC.exe
Token: SeCreatePagefilePrivilege	2300	WMIC.exe
Token: SeBackupPrivilege	2300	WMIC.exe
Token: SeRestorePrivilege	2300	WMIC.exe
Token: SeShutdownPrivilege	2300	WMIC.exe
Token: SeDebugPrivilege	2300	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2300	WMIC.exe
Token: SeRemoteShutdownPrivilege	2300	WMIC.exe
Token: SeUndockPrivilege	2300	WMIC.exe
Token: SeManageVolumePrivilege	2300	WMIC.exe
Token: 33	2300	WMIC.exe
Token: 34	2300	WMIC.exe
Token: 35	2300	WMIC.exe
Token: 36	2300	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2300	WMIC.exe
Token: SeSecurityPrivilege	2300	WMIC.exe
Token: SeTakeOwnershipPrivilege	2300	WMIC.exe
Token: SeLoadDriverPrivilege	2300	WMIC.exe
Token: SeSystemProfilePrivilege	2300	WMIC.exe
Token: SeSystemtimePrivilege	2300	WMIC.exe
Token: SeProfSingleProcessPrivilege	2300	WMIC.exe
Token: SeIncBasePriorityPrivilege	2300	WMIC.exe
Token: SeCreatePagefilePrivilege	2300	WMIC.exe
Token: SeBackupPrivilege	2300	WMIC.exe
Token: SeRestorePrivilege	2300	WMIC.exe
Token: SeShutdownPrivilege	2300	WMIC.exe
Token: SeDebugPrivilege	2300	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2300	WMIC.exe
Token: SeRemoteShutdownPrivilege	2300	WMIC.exe
Token: SeUndockPrivilege	2300	WMIC.exe
Token: SeManageVolumePrivilege	2300	WMIC.exe
Token: 33	2300	WMIC.exe
Token: 34	2300	WMIC.exe
Token: 35	2300	WMIC.exe
Token: 36	2300	WMIC.exe
Token: SeBackupPrivilege	1556	vssvc.exe
Token: SeRestorePrivilege	1556	vssvc.exe
Token: SeAuditPrivilege	1556	vssvc.exe
Token: SeTcbPrivilege	4916	taskse.exe
Token: SeTcbPrivilege	4916	taskse.exe
Token: SeTcbPrivilege	5788	taskse.exe
Token: SeTcbPrivilege	5788	taskse.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
3204	msedge.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
6108	firefox.exe
6108	firefox.exe
6108	firefox.exe
6108	firefox.exe
6108	firefox.exe
6108	firefox.exe
6108	firefox.exe
6108	firefox.exe
6108	firefox.exe
6108	firefox.exe
6108	firefox.exe
6108	firefox.exe

Suspicious use of SetWindowsHookEx 53 IoCs

pid	Process
4152	OpenWith.exe
4152	OpenWith.exe
4152	OpenWith.exe
2120	OpenWith.exe
2120	OpenWith.exe
2120	OpenWith.exe
2120	OpenWith.exe
2120	OpenWith.exe
2120	OpenWith.exe
2120	OpenWith.exe
2120	OpenWith.exe
2120	OpenWith.exe
2120	OpenWith.exe
2120	OpenWith.exe
2120	OpenWith.exe
2120	OpenWith.exe
2120	OpenWith.exe
2120	OpenWith.exe
2120	OpenWith.exe
2120	OpenWith.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
5864	OpenWith.exe
6108	firefox.exe
5672	@[email protected]
3520	@[email protected]
5672	@[email protected]
3520	@[email protected]
5564	@[email protected]
5564	@[email protected]
5996	@[email protected]
5936	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3204 wrote to memory of 3652	3204	msedge.exe	84
PID 3204 wrote to memory of 3652	3204	msedge.exe	84
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1016	3204	msedge.exe	85
PID 3204 wrote to memory of 1080	3204	msedge.exe	86
PID 3204 wrote to memory of 1080	3204	msedge.exe	86
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87
PID 3204 wrote to memory of 2328	3204	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
3472	attrib.exe
4576	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Getwave.gg
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc7c2a46f8,0x7ffc7c2a4708,0x7ffc7c2a4718
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3560 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2732 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2724 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7108 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7144 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,15645176807866505535,9018676525786958206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1452
- C:\Users\Admin\Downloads\WannaCry.EXE
  "C:\Users\Admin\Downloads\WannaCry.EXE"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  PID:5476
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h .
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:3472
- - C:\Windows\SysWOW64\icacls.exe
    icacls . /grant Everyone:F /T /C /Q
    3⤵
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:5836
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2320
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 97051722598026.bat
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4852
  - - C:\Windows\SysWOW64\cscript.exe
      cscript.exe //nologo m.vbs
      4⤵
      System Location Discovery: System Language Discovery
      PID:4884
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h +s F:\$RECYCLE
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:4576
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected] co
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5672
  - - C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
      TaskData\Tor\taskhsvc.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4884
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c start /b @[email protected] vs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1512
  - - C:\Users\Admin\Downloads\@[email protected]
      @[email protected] vs
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3520
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
      - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2300
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5240
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:4916
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5996
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "vjmsszrdgw014" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3964
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "vjmsszrdgw014" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
      4⤵
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Modifies registry key
      PID:4888
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5308
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:5788
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2384

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4152

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2448

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2120
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar"
  2⤵
  PID:2200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:1236
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae2af5e0-c7c7-45de-b849-7d99f14941d0} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" gpu
      4⤵
      PID:2664
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2472 -parentBuildID 20240401114208 -prefsHandle 2456 -prefMapHandle 2452 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6f3a71f-0332-47c2-8104-1f8e57041835} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" socket
      4⤵
      Checks processor information in registry
      PID:4584
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2744 -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2920 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e021aa3-f588-4ba1-a524-b5c60d3c92b2} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
      4⤵
      PID:1892
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=896 -childID 2 -isForBrowser -prefsHandle 3844 -prefMapHandle 2860 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {015d3a3e-419c-45a7-9580-0742644c75ae} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
      4⤵
      PID:512
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4204 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4424 -prefMapHandle 4412 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb1fceb5-aacd-4198-9347-143610eaa566} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" utility
      4⤵
      Checks processor information in registry
      PID:5628
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 3 -isForBrowser -prefsHandle 5376 -prefMapHandle 5372 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62630f05-28cf-4435-9be9-f753c1de369c} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
      4⤵
      PID:5652
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5552 -prefMapHandle 5560 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1214172-c89d-4554-b020-778f42ad190d} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
      4⤵
      PID:5676
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 5 -isForBrowser -prefsHandle 5728 -prefMapHandle 5736 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70e7d8dd-eace-45da-aa1b-b795c4ede12f} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
      4⤵
      PID:5688

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\memz.by.iTzDrK_(1).rar"
1⤵
PID:5180
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\memz.by.iTzDrK_(1).rar
  2⤵
  - Checks processor information in registry
  PID:5216

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\memz.by.iTzDrK_(1).rar"
1⤵
PID:5344
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\memz.by.iTzDrK_(1).rar
  2⤵
  - Checks processor information in registry
  PID:5360

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5864
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Temp1_Memz-Download-v.1.0.zip\Memz-Download-v.1.0\README.md"
  2⤵
  PID:6120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Temp1_Memz-Download-v.1.0.zip\Memz-Download-v.1.0\README.md
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:6108
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23680 -prefMapSize 244694 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8abb0c8f-fc3e-41b9-a600-3601d5e61c55} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" gpu
      4⤵
      PID:4156
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20240401114208 -prefsHandle 2284 -prefMapHandle 2280 -prefsLen 23680 -prefMapSize 244694 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85319617-3e87-4939-a074-936eadcad409} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" socket
      4⤵
      Checks processor information in registry
      PID:3872
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3348 -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 3300 -prefsLen 25063 -prefMapSize 244694 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0942041-d2cd-4173-ab1b-25d67906285d} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" tab
      4⤵
      PID:3732
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3212 -childID 2 -isForBrowser -prefsHandle 3732 -prefMapHandle 2852 -prefsLen 29412 -prefMapSize 244694 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9327480d-9ead-4483-b871-70e5b21a8d76} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" tab
      4⤵
      PID:5920
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4264 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4232 -prefMapHandle 4236 -prefsLen 29412 -prefMapSize 244694 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaf53d05-5bc4-4836-ba08-caabc6d36201} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" utility
      4⤵
      Checks processor information in registry
      PID:5296
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5116 -childID 3 -isForBrowser -prefsHandle 5072 -prefMapHandle 5028 -prefsLen 27320 -prefMapSize 244694 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20fd353d-608b-4364-903f-a035fc78bb7a} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" tab
      4⤵
      PID:1180
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5292 -childID 4 -isForBrowser -prefsHandle 5124 -prefMapHandle 5240 -prefsLen 27320 -prefMapSize 244694 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd625609-3c02-4268-b7df-5fd68b25ab56} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" tab
      4⤵
      PID:4204
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 5 -isForBrowser -prefsHandle 5456 -prefMapHandle 5464 -prefsLen 27320 -prefMapSize 244694 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a116b99-f406-4c20-ba14-32cfab7c47de} 6108 "\\.\pipe\gecko-crash-server-pipe.6108" tab
      4⤵
      PID:1788

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x4f4
1⤵
PID:4788

C:\Users\Admin\Desktop\@[email protected]
"C:\Users\Admin\Desktop\@[email protected]"
1⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5564

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

Filesize
585B

MD5
5d5b321f08b2f251d6bc191e24a0eea4

SHA1
63f5c6142968ba56d144d1482dbdcfcfe782e449

SHA256
f38f7f359c8b009da3e32ddd88ecdcb4a26f1c51acf1b5c5bac2d3ed0480ec88

SHA512
c9e4828098034b190b2e68e8419edbe99a0797055e7e2f6bb33a1fcc723b1bace909fce9c44af809c7ab9d336c078080226b853a3232af8a71ac29dc54f732e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f424846d13eef75a8065348e647b5c3a

SHA1
be8a5c387e75f166f933402aca3f6e6f2129e4cf

SHA256
40be99629f284d8f3b43c24811b93d372757306f37adbaa90e785ff2604f52cf

SHA512
ffb2097c52a3baf18361348787dcb92cd10da54a25d85600184b0182d50f08420d91ac031141871868602ca788cd0eac66e302e8ecce220b2f707f8741e3d178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c3a0da38ed31721bf66a6e7519f300a

SHA1
db05166b0c96c42e4f89402f1eecb0ce00c5ff7a

SHA256
e13bc70f7eee42221ce6f2ebe017538484dbc6ec1059450cae7c579dcb8e6199

SHA512
c38a4e591360ae323d9be207ce2af8375ce3797bd16c3da2b8ed96c480d64fd1fd3062b1cd178f7be2f01477b68fa3404c021903c51abaecc90881f96bec76f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\07cfed92-210c-4174-949e-54fd88dca4e6.tmp

Filesize
1KB

MD5
068d080dbf0b6196b254b71866ddbfd9

SHA1
3fcba279df95045ac22b619b00a01468d242bb11

SHA256
6d373ecb0c59b8687d5c834a45c862779ba1cc1579bafc1dc1d83177c14188ee

SHA512
cab992ff21566bae25a17076a976544f7bd2692f25de24323c64c07b55e6019b9b44d591f2f9d9cd7a50f053ae0eaa69f7d5a3c30ed7c723979cd88f91d56d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
38KB

MD5
44bc25dc7602b93e14fdffee905863de

SHA1
30b05f80ca3c9923658ce154f6f5bbfc25d162c7

SHA256
3098bf4e631000287beb91ac141f09f074c627acb7fc001405f86f600441f700

SHA512
324dc4c58c3640cd05acdf453f5abfce2ecfeca9a0b1d20e871138f1c6b7308a0c2ac3bf22d4a8571dea9f1221a43e17bd66889a542612623057818d9fb5cdd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
41KB

MD5
5b6eb9202abfde97e3d691a835509902

SHA1
515f8ea6e88d5bde68808f1d14e3571bc04d94e7

SHA256
f9ab282aea02569f9e73aba576cd517a7fefba7d90b935fc571397e710b15dab

SHA512
309f32e918aefdb51c218d57ac37714d90653dbcc4317597c1e3df67a8375b5cd7aed9dec97eeae248b29c03bb46318216a3384971357bfb4dfbc294e7f5f9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
1.2MB

MD5
74c0a9aceda2547c4b5554c0425b17ba

SHA1
d5d2355e5919dcf704192787f4b2fbb63b649b0f

SHA256
3b9e3adb939801b9ada1ce67afc7decef4538c016c78113697b89a35a295dd8d

SHA512
e178dce4a59cf184bcca3523e687092f4edc2a3c7af4eddf1ca1965ca06347eadf8901f851260264c14fa052331b2d1aeef2a6b9048b87758617285c9650b479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
25KB

MD5
b7acbc2406a7f663f4fbe535b112d734

SHA1
602ffdcae76ca3911638870f244d16ee4522a11c

SHA256
5d3df9af4acbf8773676af0ea887e966bb0f8dcccc6f4f9040d9b6884d3ba51f

SHA512
6b20ee9771a2b9234bcb4ced194b1fe58fae7ae75a3815b740b0b72a9b2a58be77b1ed20b919ea8a9675eb8f708a1b4df37ed8c013549bb85e44118f1362350e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
27KB

MD5
d55af88c49b9910a897f95047cd82313

SHA1
9d671c7b9309ef08a2f418b0638f6ebb45941fd4

SHA256
091c3cdba6c7b013bb176f8207befc643b73790519161bc6e7118e6e84d51c4d

SHA512
f39f46410e3d98db6169405b959803cee7a17fdebe05f3c423ddb0fed342f922bfb2ad8585ca748203007d773b4b0636a715e2cb368bfe73a9a5b26dddae95a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
21KB

MD5
017975d305729c957b42440bb7cec4be

SHA1
4ecd64ae942d7994b18210b09e72b9a12c6ad7e3

SHA256
6c9f3f5cc1dfabd4377baced6215ed916ebeca530d76f5afebc7b18f3a6a8668

SHA512
216fb759fd6b7c18e738bf2eda55d316713d54a61fe7c925ef7d1dd82381d214a37bee7f3fdc9ca65c74585decf1a23441eddd6278decc9f4a178ae5252473ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
37KB

MD5
b55ea81a7b6f5e1657c7535e62f30414

SHA1
bf805e3e1b6235f0c6841890d1840216db0cc9a7

SHA256
aa8cbe99245455317fbef1b94bf3395666473a709fc008f21bb0444727ac13ff

SHA512
1b1ce12a2120bf0e587d89d1474791c8385cad118f7c2b791f07792e1a790444faa8bfdab38316a0e7deb40c45cfe7a91ee6b8b62d0f326d3e76103e4b4e7c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
37KB

MD5
14c460a1feda08e672355847ea03d569

SHA1
f1e46ac6abd71ebbcdd798455483c560a1980091

SHA256
d1161f067875a5f686c1732a442f340142c6a03244f4dd0bc0f967596f6cbe3f

SHA512
cfd6e743986ae5074e73264ee1f311fc00a987bdabeeafbf55f5dd6ef0794ccc393507be9dc7e38181f2f10897c300edc297976acd3fb72da2bf560ec260af91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
24KB

MD5
3f78316b5485dea877ff986c00eb6b0d

SHA1
0ce8623b7e34098655883d3674b4265bd73bbb64

SHA256
0ef4b35cafab7842d4aa4eab3e9fb270d8d89011125c08d49c5260c3cc246929

SHA512
1056a68735f58a8b6795f28407fd03e645d2fa09bf6fc73d47f6db09e4ea57704a70094a6b70daeaee4b2c747e648958a1b569bdb489636c7cdd2ce01b2eac12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
17KB

MD5
7d10a6106e8f9e85ae68e310ca2b8433

SHA1
32046f676521ae8b100c0ef88e5e19e1cc49cfe9

SHA256
0c00f8f0acc2ac3079edbb2fcef864743e5ad79da49241f6f28cca83984f7204

SHA512
78bac570118c28fad9bbe3ab261668743ceb81a0229c9bb2267db4228bd9eab1bac1bb07185347cd3fb80a6af62e15e587278a577f215020368399be897864b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
57KB

MD5
6477b004369b3c1e2c12c86ce18c5a7a

SHA1
a08ce1638c9f70f8a93a06cfddf54cd33c29edf6

SHA256
eaddd5d0315f4be8339b7049cf264b95173ab3250c2d26e5879d227aeaa0a4c8

SHA512
0bb4a948d8fe48215793ccecbf522cdda6506a08ffb2614b4cb5449be5fd79ac8a11c57d3c140a1ae97a1ade8a28722834c8dd29bc95629a0937ed08f1f1c64c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
19KB

MD5
6cde00d4c70f65945125b46ffb494046

SHA1
d86ea8b9520beaa539c88febbaa73c14783106b0

SHA256
ff91dfca2f1749052b460ebc05256cc222dc8ef7408aa515661bffcf65b20f88

SHA512
9a423e5f783c1f08085577fccd454b9be7952636710c95b98b99795b4fd790c3bf1d8bb22fc39288521890d0038ba5e157f57bb7d9ea0e745544c2db5ef6b2ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
137KB

MD5
e947e95a0fd8df1e8c8eb7cae1f96f09

SHA1
22f36705b4a47f05fae77201e936a5c65cb05bfa

SHA256
14fd0b00467eea3d8b863e4aceb343135fa64e8a3b4098d58765199a9d2062a1

SHA512
24b9a4b0b5ffd6ae11ea6cc76d88da96cd0579254dcd463e1bc5ddd99d9850773ae861594ad053d4d07882d4970267aa3789940a4eba63c0543588cd9b293dd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
22KB

MD5
9ec8ba204f6c45d71c998a0ce1dd714e

SHA1
e6790bc2fc03148c9d9cc1b3a91f4c5df3d8295c

SHA256
a4daad6848500cbb261729ecded45a13e2f102d666cff8a0e2bf5991ea5e5c9a

SHA512
d30fe0c1f7589354e7b228a5ca4e522e198c6e7ed30186c54025e991c7dc9a324e1cfd243ed2009aed863c01c3b341ec88bd74aca019e13ad52f8dc2ff3c6ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
17KB

MD5
c3977651aa3a378116d4c5544dc4b269

SHA1
84c0e02519472ce025cd3fda3105c58650d720de

SHA256
5592f7fd017a07ba950bb7a592073138d6a708608caf2f2bc92938cdaf04a6ca

SHA512
88c2985cfb6938524ffb0f72575f08debd1a84f48f73f194b0ed5d1e35c5b82f0cae755edc996830c08b55d6dd14d2f7053a38a2640a19d0e932a8a9067bffd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
83a71d1ca232ab940ff417e1d4074bfd

SHA1
14311c53d5c7aae9a272b85e810a9c77006da0eb

SHA256
67dcb504eb75b23be01c7284d649b5088f1137230b60a2ff6c337826b440ff02

SHA512
9f965f8539d99667458a088ef42477e6081d9424f294719f864a0edbed4da63a01d0f5e8892e3c469c372a86ffac9fa1d117bfe6e6e2f2aa5c77b582a81308cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\09d79a179a16b061_0

Filesize
4.8MB

MD5
7be025d56047c32b42c9f3b29c5b0386

SHA1
b907f43cca589ddcae8bd0cd8b5dd1691150a440

SHA256
13e0334d2821e2e564e5a712d8415060d4a5a66e0bcc65d9f5c649dffd37483e

SHA512
e2bed4aab77227ebad5bd31fe1afbcbde5c3f6ccfa2f6df60f23833b511ee6f45677e7fdb17f4245256eea49143c7ca9949373f4495cf4e8a18e47c9438ccf10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
a8d6164b314ea2844cdebf072d6bc53b

SHA1
4b8a80bcd364615b550af2eaa0fdfdb172f7bdea

SHA256
1399c2294b1a182999a834e86d4e6ec8aa26778cdefbc39bc47583f3441eda9d

SHA512
f0fbd58ab03f8ac8a33881f57e599fe45f344c2fe58e68134f46b11204f3a60952280e7ec9aa9d79efe67ad9316e2befec86b2511efe7f4be6690174d7eb6b8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
37fc32f3400a542020888415b501e212

SHA1
5e681466529cca95b300f0d4de1b613b197706ec

SHA256
e7da259a218643a586c8c2afdc47c8c5588dce741c054c7b7128d32010a35d10

SHA512
09a3370d3a782c08b9a672797e047837e994c985cbba2cc2c8b803f2170021f93dcc0148f2477b4d43cd563d6727bfa27b6675c01724be12712c852eb272b518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0

Filesize
1KB

MD5
de785247a601a406c21713b706d2bbb4

SHA1
f7cf33b4b3713adc05a002c87db93a96b3afd305

SHA256
5e6e54cec1b6587ee616f84f1869d250b96a94a844d363df4dceb48eb353b7c8

SHA512
9b9bf449a6e577f629af8ebbe649bf675210c10f68c5528356bdc5f283c3b3400b732bb504f43276401787ba6646323a00ded23b74ffb576eb8248572f78cdca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0

Filesize
3KB

MD5
4726925bbce0a0db757e1f1dbdb92354

SHA1
fe218f68be8fc5e9b7b9df3411c72416c8cc7b19

SHA256
c1182917e7436bae4ea846e124edbc748ae9aabce20bd6a6f4340ae8e72c2bd1

SHA512
bcf382ad12254b415d11a4ec7aab59120be18aa33dcabfd0ea70bf27e83a8948f3efec0de312f3546439c9201d36b32ba0ce298ca5129d7a1d1b431b4bea8430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\21f51c239dd10a40_0

Filesize
289KB

MD5
062b5da8c60686966891fb70c3cebeeb

SHA1
e8fcba605910dd3459f7e7f00e3a6623c7e2fd68

SHA256
f58f62480533e1ba3788c03ae938858fe4d28b20b8c76a4bb0ed985403235c2c

SHA512
420f7b7176eb4051264cd4c975a8a46d68b817fa5b85f4518f5d280bf6ee14eaa8589975d11243c92da2da2c2c8758e0ae660b1b2f368b73d7e9e4ef38f36779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
4102209634e02eaf9f5df46e5f6e26f1

SHA1
5fae3ad98abd4fb626e70a3d2dda417be0c94d28

SHA256
e283fbbb0e8bacc03aca96a395fc374d5a1640caed748b269fd96bfb6ed3f25f

SHA512
dac9e5fc86d92dcce71ad8f7948f52cf85f5db6c2fb0efe11e29903829c5ae5a8a8ba2ae565dec90f60468d0c5ee7b2c124fbbca2a5b3f27cf77b5d4127c29fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2b0f1f57b276bf39_0

Filesize
6KB

MD5
5b4eb77795246c78e6a076ae5c1cd6cd

SHA1
2325e338e16d0986b42388e0f38ccf52dd76e0a1

SHA256
4a84b725681d97496c108e94ee0a0dbcd13b9d3d08291ab40299b2ef76fc3d5d

SHA512
37934d4059c7b62d90e9421af982b36a4d7356cd1ef353ed6d3996d2635427aba9026c0dedcca29023533862160ec7cfbda5013920b7928aa42091c77f037d6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3557d97bacb52931_0

Filesize
29KB

MD5
ad46ee209677f7a23497e4d399ec6add

SHA1
558ce57f821313e4554a612a0b1b344883ea6ebb

SHA256
6760834c83adb0cc5d0fa65f8df4f746d85238ddae340db59865fc207d044abb

SHA512
9fa02c903e93d0703fc25c7a115774d4d44d34a843f60c0612229f358749c42a5947f582861ea83f6ac29073e208d71d2ce0ab6eac224c484ed40e762f1f9167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f02c4494b1a18ff_0

Filesize
2KB

MD5
727941c68060168a53b18db4fb970728

SHA1
4a5ab4ee15640ec8e6763a3a297230f171109151

SHA256
471b2d3443ce59e563b04cb5938f45188278f307490aa3d27b6286f4c9d8c091

SHA512
9b5384ba4716a39ccd71119004a2ec8a38fc1c4388aac81e782297e9d1b3561b4f5c29927013220b085e467b51fcfa4cd3b370e70827c063b29f47642c6ffc54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

Filesize
1KB

MD5
dc0290faa61d1cf70468a277ae721935

SHA1
1406cc021b414c922408671c55da581753a5e39c

SHA256
9bf2c7ababffe4881c8b4760e31b19a29eb3b28c7e9f41ddb6c0492866459430

SHA512
ab5ce5ccf827ea30bacc6f4357f3a1486e05032e736a7d10b35b4e7d8cca4165aa9fcf976ba694396d4347d00386c005dc619a14f340e5f7cb6da2368abdf5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
712ef4d64ab5f1155ebc72243b7d607d

SHA1
6d3a547df11af4bd6d3eed0db6f857b641801e8b

SHA256
ca85d1ff237a8871f59ceb0de5ad1d4b744b5e23905271b728715bff4619f422

SHA512
ff5ebbd624c5414333b129398f4833d5675abcd0a91aaee2ae0125bf6b68cf526a859868fb209318939cbea58f5afc2307f1aef8a349907ea1557dbb754c308a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

Filesize
262B

MD5
c47a712b3b61c8b987b7cfd705e6333b

SHA1
cf8692a115552864cabd10cfe89c396e8c28f4a2

SHA256
f60f9a52048d570363f7c4ecd1ae11a207f2d10f1a2b587903e3aef8f34092ab

SHA512
acb2fc298f3df7424d5069395e22166daeaa5378e720c8ea2420836c2fdcd097729595bb3f34865cde16014b89a3a6961695b3ecfb051a89f68bab66854267e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

Filesize
1KB

MD5
396c84b798bd711577924e6d23c8894a

SHA1
3782920d37d2cf7966c6cd425b6d5e7d75a3497b

SHA256
a7637224846a852f1f8666e52d65a4676a73b1ffad54493304265fe350850cab

SHA512
3669862e830cf03f515b87f780023a7619c4cd3f4852126d2fbeaf904a53732f6dbaa80ff99d6167d344160a91e8d6b40393eac7b1827fb31a24fc0e42eff302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
639256ae20a428fa1f70cd3441b435d0

SHA1
b7029e2a81719f1dc28dcc7b780ae48650c729f8

SHA256
b1431c31c8b56817b58bdbb914c1c5cb7745129e5f04a62bd2790119372ad6f2

SHA512
e7ad9086089d857f7a07fa4b03909ce33c0d37b94dbc8f4c2f6a7f1b5660d50cfd9dfc79943777a5462d82ee8b99492c15f04104304fcd6ba1b011e9e82a01c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53e580371de8f7a7_0

Filesize
262B

MD5
11a0f770faad0be179372524bd852992

SHA1
8a4256d8c836d1a920978d4c44d05185d3a907e4

SHA256
a788b4db2db1bf30543c27b2518ed7fdb493f9b93f4b4973660b69383d8fc8cb

SHA512
cc5851dcdae4443180f62fb678fe210bbf16d139ae022e98186ae97fae535bbd0edb0934796cb08f68aa7415ee8864bf88a564225904f0e70d4263b21166abcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54621936eea23565_0

Filesize
7KB

MD5
f437d04531a81efa376d04309f372e4f

SHA1
d5de833b7966e577970ab6da305ae9119039ea50

SHA256
d0514af64420b170c6af7893627e9015726cde21871c865554fb21b538c09b8b

SHA512
90e07e3d606f15f0a8fc35eb082555303ce3a5d74109478974f868af841e8515cfc05d8c487b02e7110ee0d862c430c97ffde97514f39f0e3d8deef1e2ffe114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\580fd9376c2d4a3e_0

Filesize
5KB

MD5
8f9b3bef190661a4cdca422c9740962d

SHA1
11885a9375d9cb83736b1eb9576344acf8c5d902

SHA256
2e24cc9be74139e72990316ed325b2aceea7bacdb2743038b626bc6fa99f1d33

SHA512
5b7a3c20fced612becb96e45e740585f5e78f30bf280ec1e96a01389f0d864e467f5054d5d5a1191fb0df508f12a1edc9593935f905dd97c6138b6d53879bdbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0

Filesize
4KB

MD5
6f7bab668d133b768bb3d55d15a48248

SHA1
8c650c2a192f9224435a06127d0bfad17873130d

SHA256
7f994b233c62f2b0a2f52ab55f16b0b7bf4b2783af5411006e9304b72723adcc

SHA512
61005933d0e78da11c1983a06c80fd1745ca9bf351855183bcfe3e6af8867cd80e2061ab71848a1cf49ab9dcad62f7bbe938031a138c7275e1d3a31ddfccb7fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b2f11f3f15a5775_0

Filesize
3KB

MD5
3a3693f1c7bf0824cefb24349b4306ac

SHA1
4e582e711d3ec7787bba827874448ee4f74f2b92

SHA256
5345e1961fa2d967bf6183d311d9860c71a9532c8a671625ce2dccde471c949e

SHA512
685337a47beced3d54368eb93a7e3b7da2f19ee7602016cb6ecf27d8ac53e0e1a8733d4c302ca9eac272c487a65cc0d1ad1bb7e69a14262fa98ac8a6d258eb8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
8a4bc644961545d3e163b68a3d08a8ed

SHA1
85ff1a0f64d358b2bbfc095c21524537f3871e68

SHA256
9bc62e4f736f9d394c865e1a8b0ce05b64b45410c6514ee6ef93758a752257ab

SHA512
b458d6d5b5c8a9a7fc221da1f70fa85560ac2e52e6031b4ef123508fc7d85e0826a606738c2c5bf0c11e18b40d266c6afe421774a414d03a8597f1076eed48ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

Filesize
9KB

MD5
8d6d87a4adb93f44cc393517c4565a05

SHA1
04bfcafc5a4e47f0e64812e82e9043168506ad3b

SHA256
ef6e8a012d70392501017a9fdb71c91f60f4bf5add64b9b19df565bfd8f6edb0

SHA512
1af55d70ef922808c6022821fd1a0b38dc5e7671f9f15a9d87de971c016c304d23711f90fcd832f213daeb649ebf4f837a4ced79298e71f2c07f233b00d91dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83d6d3a772bbc707_0

Filesize
6KB

MD5
39e9fa8c8ee6ada8c9e16bb734dbfd6f

SHA1
aff90daebae562859a9ef215dfacec05ca1a2634

SHA256
efd442da6644f3984af5f6fd59d80c2752c22f77f2e673086033759c0e00c7d9

SHA512
3c309449b9ff187b5633c420c87d6333ccbcba2b091b02567837b89e8e7cdee3e8ec6450404b69390ad1d543f4c2e02e0d4694448c493825cf3f775afd5209ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

Filesize
6KB

MD5
881bce03e9858cb907b670a3189ce5b7

SHA1
d9a15e6141b6cf71cf8bdc8c78ef91f42b249324

SHA256
dedbe3c7c6afb976796aa906d7ff37595250d52af121b95d455503f0a6275335

SHA512
898ba2dd227cec5a2fd87ceb47a22d6e26ffc1e6881d340dc81a7ec8f9529d751381e3395ecd1b6781b5a1030328282180bd7c4065f0bad2214cbfb828cd4451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
2d72e7b1e95cced2c31843c4a7645561

SHA1
de4c2a47916a731048db3df0f18ce9dc8e473f3a

SHA256
580576f1415a1980eab5a09195816aaf6a2f49928fb02cd3dc8c7459dcddd7dd

SHA512
7af4b9c96fe2fad676a88fb875f94f060a7acfa2f0d603824c3fda67ed6ed5e79ba202581d0b50d78744cddbe29986577815a6a2b5a494133a48d4065950d44a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9aee5cd509922cea_0

Filesize
1KB

MD5
3e70d0897b0e5e64b4a6ca80866c2363

SHA1
e7b264c7c0c2d37399b19b1342f0bff926dd68e7

SHA256
ca69effab9ed0022ab40cb335c55360c01ef15be3de1d9d86a72a5fc0716d14d

SHA512
025b3fb8fe82402489b6f4846f54c193295f143c358817ef64de4c79798e75124373183b391ae1825d6c04ed1588bde6a3a6053e60de850dc9f716862aa02e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

Filesize
47KB

MD5
d4f0ca356f0e80b148284b240cb1c394

SHA1
47f720ed28fbef85f0116bd1eee29c8de7b10dac

SHA256
a8779435ef65bef020890e2d4ddb7a604e3d299a9bad26f658fa7cf49800b7fa

SHA512
ddd6307d86092a8a11137c9dd2803d4a85f89e0c1bc67f9a20950aa965861c35ff2236547598d18a577dbe10bc35e9e5f087f879fe50c5e7f803de8e9e04f8ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

Filesize
9KB

MD5
9facfd2614249a91ec984e4e396562c5

SHA1
3373c4f46e3e0960eddf4d5502cc9331a54a3883

SHA256
dfe815d4a8bd6d065e923f37735cd0f31034209b9ae9eb693e50d3004feb25f1

SHA512
7b12230d90c5502361ea4161d14aadefdd6e97cbedf8a9b8ffeba43a98af45064605d24db3ec176799926fa40a066ea15873575c75be7835989f0a9d120e6310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a614899219c1f2bb_0

Filesize
26KB

MD5
259df2dfa17d19b415115b4935cf19c6

SHA1
0c515c4b8c0f4bf4595e802f59c7f810708c7e6c

SHA256
d9bce2ca2f36a09c9634a59f05c56b9a5294a31795c65768377c659def8c9c35

SHA512
71b858f6d63f992fb60b80c8ffeb860371c2b4ce640e00f7df33e7dfb511026d3ea5a1e9f9202116ecff28bfece7bded38dbeed1543da9e2b6dbb759ca12f560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6537dab24e365f9_0

Filesize
2KB

MD5
94d155fe7d20cf5f4b0ca242d3904e00

SHA1
f59e9fdb017a26f713b47144bf5df2c19935c59b

SHA256
4b4642de202cb6f8881522d71a2e59b750682d25f1960bc54237c33cef871083

SHA512
0ef8e23cbd19ea892512b43b7d9d1da4f7e1144e54dfafcd05e480f0fdbedcb5b7770e08cc0934440d099083fbc94788ea5d5ec5ad1b3652a73163ca6d85dca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a78f01bc3669fda3_0

Filesize
174KB

MD5
b39825acdb79f88be0d3e4e7eca76630

SHA1
8a9eed3c8d6b3d9c3fc5c982b3ed4c576e7969b3

SHA256
204a1a65e604577d477cc52996cd399af02a769fd9de5fc4339c6dc8b6e9139a

SHA512
502a889f0f2681489ec1d56454df2dcc3132220dcf42f192a3b8c8b6f2aa8ca5f2bc5bffb48d5e53acaee6c0db03ce0a14413a4d17903009ace04cab0ab36902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20c296787a3f88_0

Filesize
2KB

MD5
d8acadf1e44266df1857bd88b2867f9b

SHA1
0deb3cc1c85e7f052f051f4752a571d2e811230c

SHA256
32ab9a550b9fe02f3e4a45450c3336f0ab4b3d88024a0b29f9347105fee02b2e

SHA512
7cc83dd43b12d7d8d83535fee7fc7ce42eb71c070506d2570c9d043fae672f6bd98e7896e441ceaaefbe73416911b92c86320759281b9989ddbdad641ed777bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
1KB

MD5
a65ac37e53b225dd153ba558ac2896c2

SHA1
8686d8954335bac125484ff7ecd2dce7a9d8dcc4

SHA256
48641da3877a43b0a93aededa386e64ffdae9554076755326244bd9d458adc0e

SHA512
d47f5526a7d27e838840f27bf0529da4ee1a5618eaafd644b45b89fd6bca16e58f34017f85ae65f81955eec4688270fa9ee90a4f7a381555e7a16c0911d36a17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

Filesize
2KB

MD5
4a8bb5b55bcfbeb856e53d416d8e429f

SHA1
f75abd2a62c4c343595b15b67123ab82c02821a5

SHA256
4915290475ba7d41871fb0a3a4e8eb0c73cb9a674c5a7bf814ed58675368bf06

SHA512
67bd30fe244e817e330fd5de7546bc763b206239ead05b7f590eb2b261a9c50dff2b0e858c0e7ff60895af743abe9eba2cdecec6f2401d6a480982d9d623ef85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

Filesize
5KB

MD5
689e955c07c6b484dcf85cc13efe9451

SHA1
2e53c2bd49ce2276149a77a6d2f22195c51db465

SHA256
061a694ebdf62c5ad5eab7083169fb3146f11ab5801ffee218d082d8f3565dce

SHA512
c76f57ffddb9dbc4d2a10ea2179aa4ed2a8ca20ead2d1a23c8649fedd9979eeabba69f80594509037b9dcbf192c01d5f98e8b4888a2f6b5f07a5706868c531dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2a2ea4987d45e0f_0

Filesize
3KB

MD5
c9db2b0c39af28684bdc5cab4dc3a5ea

SHA1
60679d1dca77dde9e092566f887a4b48f70fe508

SHA256
7a2660429117b2070130112781a8ca2b112b1c1748e6027efc8a581b3a12e5db

SHA512
b1fa2ca388d26187415b6a169077c7e12d8512a2bad74563728fcf1ae940fe76262e7f744e14667aaef92b73c782e50e8a08673d346747c554280f903c0dbd4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b55d03180926b54a_0

Filesize
286B

MD5
e32b3ec87294cdb4d91ab71a768c77bd

SHA1
7d9f22c767b0dd7b2f3cb6fc4494186b180bdeca

SHA256
e1aefa0d81773fa44db97802156586a340e70093a7d01f38ed75859155dcecf4

SHA512
7efceffaa8f653dd3c54c2394526fb388bbc19930374accbc7a512426d3eaae2aa02b9c43c4c59c19b93127a928504a9cac65594232bc538f13f95b852d1943f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfd9b5c29c5c8524_0

Filesize
1KB

MD5
8c1290b90785fc97e3f1f8dd80a2b7d6

SHA1
0e23828e3cfba25655f9c9dc5432315318632e4d

SHA256
98f7a55c122f168d6813be4f0d87cc1ee8fda5b2c46ac6a1996b4af911e76928

SHA512
ef9113459721e55a7faffb44b08044939d6ecac7f8422c11c1307a53756313cadf0c746cbc6db9f913d6b684b690248dbe677cfa04ad8872f3068eaa8c45e090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c5d633e0040ccaff_0

Filesize
22KB

MD5
392afe5bb96b2e35f24383e8727ef9f3

SHA1
4a6c3edea7186fe7118ad9728acd0dab03d08c1b

SHA256
0d3ae6762e58ae6b1165a524ffce8b22888eec7469340e4f7e9dd90c6b9c69fc

SHA512
5c2ada9a0a0e1374484bd0d397336c9cf58e54198034dedbec4def23a93b4871b3253628c4dd59fe221865abc8f47c07672081b070d1cebe463edd0c52ad92f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cbd83c2e90693c9c_0

Filesize
2KB

MD5
6bccc20ee680723681ec31a9283acd43

SHA1
c68a67cc62a6806ad98f4bed0a0c8751f56be41c

SHA256
b81a0b9e79d38a7b20aced13f08fbe956b862fdcfa03fb18819c124265404b75

SHA512
6e74d3ffce7fc0c05b1c56db815d6b22098dd17ec391882bd537b9526cbea2001aae2a78ec97cbb7c65c4ab97a637ed2eca552eeeab8b09f9bef8808d5901812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

Filesize
2KB

MD5
18e2e4f8a4f750b93ec716f7ca7dcf2b

SHA1
d0dfd7496054453e52a7937bfc935c36669a6b1e

SHA256
8b0c785571dbc63a6f919f19108f05aef238b149166d3ef221f6b583b5649096

SHA512
04bd2cbc9de4ffd23b82b8a8c402d45bbf8511e8bca8fda459d686e4e29e385197d023e4f1bdb1d5a3f8a4aa3fa0793c95e94cc25d9a7317b68a9f91e35e59e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

Filesize
262B

MD5
23ff6e7d67f95ed0f1c945dcc1c07949

SHA1
9fdba9a624e5ba5157763483c5dce186491a3c40

SHA256
f8f2359eb3643f4fb8ca883e46be531b8854d8835f3b45d271fdeedbe121bcbd

SHA512
39c55e2785fef51d6da39c431573c4f93fe67191ccab9cac791fe83b52b6ed1f66961d7d1ba755e70efd09754f528a357a152f0e23d4c101725832841f45611f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
4e89f129604cb10603c65c32c81c3a0f

SHA1
7947a8bbddc4fac79f65c4e40bf528bd33236c53

SHA256
7061d9edc5be8b1c90c91bf223a1c4ed7310436ba73e323bd0ca1935b95c739b

SHA512
e81d66319a0ccbd35d7f83533c764f34aefcde9525fb67e09d32b65e86833fd3f63694da2213bc71b6461e8ef8d534b83c2cc69b056f67ada4ad3b5058d2a5d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daca09b4eb185a45_0

Filesize
6KB

MD5
b192a261aeacfab5952a807a25a011c1

SHA1
6b22190cec8f7fe7f7a8c1903fae590713cca069

SHA256
5746dfed9f4b29d0c06dc89e53235f06aa304678abbd5958f65c3e028d380539

SHA512
bedfff8550ac1174dccd616221c5d9d63331de4fd8b44d66555472239a5b81454c1291fd86d0e1988fc7a7f5b13ab9a04080c2006d657a4a28835d9acd693571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
2KB

MD5
2e9110c6277614bb28fba7f418108b13

SHA1
139b4e62de50078aabb26dc60616b2d61840c519

SHA256
3901566adac7441e789552b24d8087ff4c918625e58bf511bbac1f1841a3269f

SHA512
6f07a189f8b4d3adf117e4fc0201bea34e9b09f0f5e6265266432c91d545695d5a70ca7b25f1a07e7d4148a191929be64bd97f397c209d0bc42eb05e894d845a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\de21d3b2eef456db_0

Filesize
433KB

MD5
2b1ba2ac00d5840a19bf99f4e405ef05

SHA1
3630f7432ea79adb1ca0de319adba2dd8048ce01

SHA256
eb6af1b750c1cc960ffcb42aeecc6d96a5166b5962d342c5a3a9b91a4455ade9

SHA512
52b7fc53dbcf8a534b7e8ed69f3dc591880c522ea4fb4b87c528d865896bde2415967168d4eb765322a4d305ad74dae4ac5bc076968e77e2dff6db853a1a9595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e504183595893c5c_0

Filesize
4KB

MD5
78f7ee35829d7bc8b2c65f83ce09f9cc

SHA1
5be7f68be1b131e71a06f1f222d04dbd0e1d624d

SHA256
c81a2f987dc9a1a98c7f75702a6f3c67464c8f95bd7240129d4bd89e0bf09b7c

SHA512
81d6ac286fa133e23d3a4a8443460f6b06266069a1a90fb49bcc045a6b29118bbc3383d35d3a531d9cb0e5d0c9ac0ac35d724d59d85ebabffb4cf3538838bd35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
40fcb9d4056f0062d89d4daf9dd2170f

SHA1
b287c284e8e6f6164f524fbfa6c40de2383c15b5

SHA256
c8436e731c8130a8bd03cf006cabd844663ccd73e47e976f3e3e4dc1c0241d6c

SHA512
e65215530a712091c2175deb8b0265ae3d39d4860a39c4345ff15b66a2c79f67befcdca91e8185beedd39f877db4f4716f00cb2936e3b12ed8e274ba3cca35a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8f6640eef188435_0

Filesize
3KB

MD5
75fd7d6c448e8ccea93f079d10c4dbb2

SHA1
802718fda5b2443af3f34ec483bc5a8c3b5d077d

SHA256
190a4b18cd4ec96aad30391f35ac097641e128000a0f37a77c1ca6fd439fa3fc

SHA512
4bf190efca032ba91e8efe3dd773897bbf69a39eede90f2d298ed5d7f4fa55b4f9e7a66c006e668866e260a652636518bf4a98c0f24d6edfe633ab8a70fe676d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9ce51a331903892_0

Filesize
5KB

MD5
840f0a0c89ef6d4ad1d8e179f71c1a05

SHA1
67d0fbaee12bb0f07571815d9eaa3596caef6261

SHA256
584c2a3d705a8e3a88ea55f358a4c1bc925d606af437f517ebfe1ce75f2b4591

SHA512
089f7fd7acc57470f6c80e437d9b5f6964db3261ac7b7cdbeecf2fb357461ae0033062e43eb89519b42a17d77a8b2f16d08f5613495dd310ab12a94ea8952807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0

Filesize
6KB

MD5
38104c2949fec5f133a50e69e56504e1

SHA1
66c1b24db469fbaf4f35957182a3dae744e058bb

SHA256
f2f3cc78ca9c3ffb8e5bbab76cb4b4ba8be379e252df66f6a040461105bd4cfd

SHA512
b37c059fc7ff47d7ec570dc37a6882b12bc892deea0b9feea7a71f2b051b7cab2bd759a125da2e2853f576cc22e1779ecfacc4cff1a9f55b05b59968aea9e5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

Filesize
2KB

MD5
ab3f1b709cf5fda6bdac5440fbb41f53

SHA1
3712b5998ffeae0e2b0f871bd2a296d1bad2ab8a

SHA256
1dc36dd5da3279968bfa3ac63c60ec16701e7c08f72d5f0d55f7ac7357a8d7fd

SHA512
1a68745d3ed8e7ed7c117ee91f81a258770bda2178f1d1153d44498cb589a4142df16420bf0e6a1213114baf4aa363390b59420a5b4e1aecabe8f40a5179f5c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
7e0273959fd59959b80dc55a68e878b8

SHA1
992699ededf111bf0a4aecd127d37427f27560e5

SHA256
107448c4248f231fb0ff71e5a3b1d489d1c8fd84fa33c3ca62d0c43447ebe9b1

SHA512
400454b33a294eef6368b41d36a4b33656b50a394bc72d933bfc54e58c9f84715da678dd4b6ccfae9284e464e07852217202f24dfc9d1331373569b43564b576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f5a84e076a086d05_0

Filesize
175KB

MD5
85f20822941071f695e806b58b3b8aa3

SHA1
d73396d705456ccdea2a8802330fe50c9744415f

SHA256
7ea155df9fe7ffa70080d61134f6e8cba5d056274685199ca3a2da6b0c8214d4

SHA512
79a15f3a913e5ffac5f844bad29215a2af4e19ac285570238336248c3f72b4efa3085d3d878b554cb6f8abf9bd98a1d721179ec01b278ebc217706eaa982ae42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
272e8e950d077d24a154b228141c511f

SHA1
ca6923cc20fa0c45e394708f38a25adc94033071

SHA256
40eae7e072d6cc5ccddc2f44102c13fded4704518aff5efdb536d56d263185c1

SHA512
5725976df3e0bde3fee59a387916e5e3afa5ff9722f0f9c270be4215db3b462c52b58f86db912c6d073003c4e672e3008ce5f8bc7d3f5859f9fb424ba28f4baf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2abe23eb598fe0c68815d89fff41bd90

SHA1
9859ac3d2ad9fd053fac65d04e1b6a0191ff7d02

SHA256
48f91f2670cf6aa1a7c0c65ca6858e1bdd7d4cab378cb5bc510519fbd3115960

SHA512
364847af8ed35e84283ba4246de1eef7db84008f50f7ccc5a1b94cf570333486d560f079bbbd63f00e941e44294ea621d01b510ab2a0e1ebbedac49ebe999ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
ae70052f4c640230d96f40d1f4e0ef55

SHA1
348e13e4b48c85d545f72adda0cd5567e30f9332

SHA256
320abd03a8f99d3a3c3f7ec4f551c58c7a2e14c6a4e58cf1e64578ad05b6bfcc

SHA512
e1a1f83b3cec2bbdd5af63375e91b30526eb2cb425f170956b9c93332db138b2c1dab422cf4a111a6073ac0d617f6a9ebe335601f04704f2406a6500f1bb3860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
773a0992600cbbf5962b1b2d84cb4f7e

SHA1
1aef331a5bdacc24cc6d488b8ba13792c3d4d1b1

SHA256
feae83482d06235f21c224e775f7a153de5fb11a46ca815f88df852aff2e53ed

SHA512
401ae9d119de0a895baadf30a6eb0aec0371322d6ef9011b0f19858f8d1750a0078e975a08ca9b4ca915a338dccc0090a61b2d2a43c3b7f19125d6290c1cbe09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
923B

MD5
47abb57c0a8d9dd9f0c173b76f65024c

SHA1
67a6665ad63d70b78c43a9bd6b44406ca5f714b1

SHA256
0dd38955ce5205a48afb6139fa0c48156b88ddfa537ab6f5837b21b3594490ce

SHA512
18f1fd7981a373470686a349aeae1875372eb65c41bbe5170cc8d40e8b86f4a2c99e0c5d6abe70bd4f0124fe035ee1d56bf4c20781ab0d587bf0a8b6c6afd752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5b4777dc65f325f9f479f5e7dbf08ee1

SHA1
6fce130f32b8a3d5547815d7013263742ca4ea15

SHA256
3dc834f6d308cefcc00469dda0fcf1296db6cd8ba5043c9237a521f31b13550c

SHA512
c42dce720a1766a56dbc3004c1cb9ac0b1f2ecb61c96d40356fd7652ca35ad3fb874cd6be256270254699bf73ad30b64bf9f81a2ab91a5dd5c56a60362f0d9a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
88195d08e36c54cbf39c33746579c4a0

SHA1
f25d811719ebeeb6f9a425841d8576cfb0abb621

SHA256
0a3eef772b9419d290181c1779c06fe42b5c2cc865f158b13b3f2446921f52b1

SHA512
74976bdb7d7b810cd7e55217e62f9c9d29e10f736a1d1b6f6e3fb0dc40772b1e7e4034f6caa20b775ddb49748f54cdcbcf2c5de983af1d310924552f4a27cf37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b5e5ea1cb1adbf8374002a9436f2a795

SHA1
a7349f7411f18c07298a032cc9522922d2b93aef

SHA256
0cc7b07109f6632d96a258fc190ef17a39acfa029b37be808d1bc780d330a6a7

SHA512
bc5dceae3b8a73e211c7d8a892db001665c2411aae4d2ce2abf6f239ed0cfe5561c2d96cdf4330a719b89e4a8ba565f1ca5fd7c80402af3f20f75fce0a92243f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00c136cd85b2f447fcef54e4823fe14a

SHA1
33f8060f193f8b383f175e18b9458d78b985630a

SHA256
ec5161843d4bd73640fddc181aa416fb1b39e43932ad0a46cadfba76612c14ed

SHA512
33cd86e0c3b97d3fbaa3e6b962b587b4135a60bdf85ea4882fcd2b30997b0adcb34e8baa46c12f0acd3c9a5bb51ea84a9386093173d1e1ac3cc1ad64b2fa3e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
dab44d11a651f57fc67d2392ef4d91b3

SHA1
b6361ee99a13b8f1070286f1fda118f27570e393

SHA256
adcecc8d13822dfa21074b753504d3f2b9eb23d605667d5e4502f4d05e6b6a36

SHA512
31eee59e9a3596a55cc014017bdce5921a0b2d37fb7d5cbbd40a2cb243422871c7feb3bc815ec541ab15ffc901336b8b9a11580e7087e3c0ffd2fb8c0bebda93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fe715074d4f169401246e83328833378

SHA1
af32070fadd8ef558214d2c15416981ff5dc8ab5

SHA256
5df416b7342fa05a25b5ead0ebd55a5794464efd2b259c70f93e281c8526ec4d

SHA512
f0656749cf4a86b5aec7d04b7c9ecf492f445aeebf69ff97d78d8c3cce6f2d890b269f45bdf46962efe5384d6b18f901a7830b91f9ffdb8fe6162c4a0d6e770a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6545c5247435632c9e0bc12eb10dbf41

SHA1
2dd93e3ac5c133007414e2562e5c246f7a2d9bfa

SHA256
01295d098cf54b2bbee0d02db4cd3ab58d7bdcddaab2ba1510485675bf36a246

SHA512
4adca9dba1db2406dc1ffa678691417f047fe3e9958257981f796ff15a6089218cc89bcb8e6b6f03bb0d19b2418cc2586e62f09fd57c1382ae34b2ac1a3019f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c5dd7636c5fa37b6b0a459328d2cd3a9

SHA1
0daa18c28fbd5b084b577a864423a82909f4d589

SHA256
2329b9ae026f62d18a688137a38ed775c8e17cdacb3d18d90d26232726aea3ec

SHA512
48599eae286ed04a20a8a05188b050f1eb8b4636564bc5758127190b9bb02434fba49ac53e12ae1733aa4b7e64ae8bdc7e5f59abd3397f801bde72dfb2c45e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c6c20e6864910941dfb951c5305333f4

SHA1
d1423afd1499c330deab54a24822d98100419ab7

SHA256
5fba5b81c073d2bdd5816fd8eb81a4558e8a93c342a5894590288d5bd6d034bb

SHA512
116acfdcbaeccea6104b23794916b0a85db5fadd5cca96f0e4dff0aa56af8e9aec0be8c707d2acae1bbdaeec5b1ba86ee4d38ad15ba2a491a92499da29441c41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8343d651a8dbc0aaaace3b06c9d2a927

SHA1
c314b1eb05e542bcfee7ec371774f5e989b49214

SHA256
c249e0fc7a7636e921b0e091adb74c610ded5bfb3088bf3c05ea3315f810d05a

SHA512
fdd79c47a0ea7d08ffe5c3c50329c51f02d5b0d8192cdb197e15af4fc0699d637d82118a72c5301a5bd24ceb062581de5cc0c292102dd30db0dc68521d72dcd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
35ae158c211e755711259f9a39becf1c

SHA1
c87b4716ba15aa4a69225937da3209937a8596d0

SHA256
ab8787cd22ae64d7756b75b5db7cd9437ed775faa6393db5740b527026637e90

SHA512
ab454fdcfc87e767100406a7564fe9800a3d1690fb20943abf2aefe3c0c4f56be9e9edf7b1628ab271769bff3a2041ef9cb80dc6554890abcc0ea548d05580a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bd2d7936de9e6547315de7a5a15b83be

SHA1
c46c8c8a28872cb1c6a1409fd2a46eb62980f7fa

SHA256
59a35399ef4ca9bf053c8a1e2ebe26501cd0d9dd7c44808e540fb1afee2adf9d

SHA512
3bd382a93f6203605293eb6ef88250edd8753b6db520dc33a4d617c965005e929c887c9222f96c45e380e808163ac2342727270b9cb2661458fdb5563205c479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ae41826a5da1ce433f5e02fde1b8507e

SHA1
8c95d6882bf5d933e94d4c3e12f914849c135a96

SHA256
94bbe2b33b4992a04db0c016ff539222e5890c3d15d7ab6863cec215c8865da0

SHA512
cdf5d2cf7108ff8d3fde5e6b769b00d225b2efb60433c7a1896ddbd62e53d3ec895e36d2083215f467261ada16d1ca4f765ba9c472c73d4a4cff81a9daebdbcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f19b793bc5e1c40bf9c94069681a247

SHA1
0ab958fb2d8e194fcf9f8661b7178f7bf13c00bf

SHA256
675c3f472ce7678b5dc51eed2421a20235538b4d3a9cf88be92f6b5effb781a5

SHA512
10e744a7ff66e0c12ee7edd2963eda37ede8ab520f6b61c0eaa6ff3a1d195c2b6cd6333fce11e3cfe8273ae43a7d76eb0ae8508c8e0aabdd461f171cfb91b0c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2aa085be7bf4ffccf334032250346bf7

SHA1
97b84eaeba9f667d5b536e8414c3313175f68f15

SHA256
f7196da442dfcee0071b082d085ab0ce8c988080c37ecc1ef5d5b6c432350116

SHA512
72f7e1280314f519e4b7a2944a522f694d9a14bcde1d49b5ed265026eeefb22f1e3a9c9262826d799524b57ec3cea71d0e4656cbc68e38e2d16a96aa1df9cba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
635ef58fadc15b01601882cc4379d79f

SHA1
4581f2ac93d821860a558dbd6a3f485e8f65ff47

SHA256
87d1363f978aee5b93542f8a0af43e1d2e6bfb8b6b78c56ec01aed34fa36defe

SHA512
6e9ea0ec139220195514e855d880d9cf1cb13fb0ff6190375fd1c0541d7b4fddc7ee520f6d7c4a2b42c9286239201000ef695fa7336bd56c5f2b2960fc5d16f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5b2152668d9544633805a0e84df8773a

SHA1
833d1b0580e9c23df94d0137b68bb2f81f55eb74

SHA256
dc317737f5413aee1b5636ebc5f01024a7e77786e72969cd0ecb06d8fa438514

SHA512
0ad4a4075c41bc82dfb264d0464c889df10a12b8a8a1bb40d7885e7e4346f7e975fb1985c97ebcaaf14646ae2e335adb2fd2f0e478538cbf996986f110c2f77f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44d85d3d7d4abb1f602373bc8099bc50

SHA1
0719bab41f9a0564de19e8462f99b3d7899b7802

SHA256
099c35cbf96a80f269be68b99dc8fb55fa134d8dc950d4713259e8593210a2ee

SHA512
273865e3d60c6ed552cba99b35775eccfd742bbad019099fe8bfe417a5b07140164e2795912e1ac0df33b6e42a877c2bc15a94ae28e87912a8c0b43248529e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f266bfbd286a1681f283372f44acdf86

SHA1
2d4bd346e78aaf77ababe488ac25084f4e3a2d2d

SHA256
70bc740542c90c494ba111ead6dd29f144a22b22e1fbb082e93e571805779758

SHA512
fe6fd522ff7fcb04c59e18d20bd11d5e3a926fe93b8b6342ada46e46cba3eecc6753573020e463b142998c618f6c42d1f61020db28ed8956e2f7b609400ebb15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2f0c7bbdb857a88db579e97fa7f92655

SHA1
00fa60df848235fa1a2f119da905974ee0effab2

SHA256
02a7c8c97e758f07c5010fa7e4b1b0ceea9e205b7f2c050d26762fd8574a7351

SHA512
ebc2fa4db3a1c2d8e8b629a017a57f70b748c6f1a4f8f1b0fccbcecac030646ab6c8ff7d79f65bfa3fc90018c634ceba00ec4a1eff11e022a28ca9bcb6f6330f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
cacde536ae4a76d8d915d33321f8bbff

SHA1
b1499dbc84f64e41e3db5013f97696be7344121a

SHA256
8457c250c2c488342a443e01fae985ec430eaf2c692108d834600d4e56306253

SHA512
f2fbe5720f38a9fe14dceb622fcecef67b343a62eb95574b1edb37a1b8db9aedbf07948079efb478b35c7d2c70f5a31645c1a916711ddbca99e4e5a924d9b54f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2ad24f3a5efdafde4be99c562f5db921

SHA1
91cfee1185cb4998db26ac9919a85ce4462cee38

SHA256
548777b307da8933acd22a7463f3d5e9cb1af6f2d955e4ff0498639a399de4b9

SHA512
dcacf918f3186c7368e52dacc9513ad81740bf3cd6410c03dff28879453ff55966af58fe3ef986c6ffb3f5ae8d26838912045320e7aeb6681ec8ee6a642c8e28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ade708cc137c19218ff577a6e286cf86

SHA1
799c941cd08c28e46e50d25e8a44eab15b1956a1

SHA256
c9c16326750dd6cf19b7b251b0df2b32bdc2a8d4ee437f7e2a91fbf46b379e2a

SHA512
515875d9689d54a3eb9c848f73b7c815c13c5c143e2e459efc8fb4ea984f1ec421c45084712f82880f50c8519f245848bbdedcfc1da5836d81f89542e4ca141a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587809.TMP

Filesize
538B

MD5
f480bbaea8fbf1725a29d0aacb5c0284

SHA1
49f64018dd5728f3097245cd9ed4a0a7f7b789e6

SHA256
53d5b7dd695fc93c49ac9f5dab6bf1bb1c155a3caa1390027ba58b1d2953976a

SHA512
2ac59d98f2453923a6994287bef5dc9d25fe64412288287d96042ce82de85a4f80ff6a93dc61c8a26339c5cb6d13c4e64db963774d60f88ac7dac36a4dbba2d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ba213aef-5d78-44ff-ab9e-c9e20e40e1d1.tmp

Filesize
8KB

MD5
c0510f28b708f10eda65822421bc16dd

SHA1
edd5f93022468893305e2db148ba4c2543e98c2f

SHA256
b4401acb31d1d408c267762569d0d30e17110a569d9416efb8a76c1f74eb6522

SHA512
e066a809d814bbf5e44a9e2afef3fb6f37a28c52d22d9419cdc893846899433532e3a0a58e7a115a6ab5214ddf53e440b4b19ca55a8784a3da7267bfd544288a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b2d10c86c3876008b70ebf3d15a61c60

SHA1
2526b037e487828efd7089330f16110ceea7336e

SHA256
42fd45996456885289b5849c85fe39c807fcb024d8ec6f1c9220a382c05f8df6

SHA512
d493a1322a5effe6502744d639053279520de33e1f988c323fb299c233e4edb1fbe9edafb37c1f523126c153ee65ef5d6a2062d39bdb834ee78958892ec078e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c23e4baf71b7976d3cf07826a38cd59b

SHA1
f96df31e6102e91d554b072a10368b5d0179bcf5

SHA256
64fc4489975700e7d62f6d745e9e4606437bf1733adaa5aef93d336c252f53c1

SHA512
39b31eabca6dac0b8d2b6b02cf8f43ff70f86b4108bb62d8fa9e049b067f1cde5fd20dfddffd2fb438e03959b63def40c8f1d53547a355bff6e5b8ed473d5664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8f2fcb86c7e2939c2ac15193a058605a

SHA1
d029b12a6cf3a54e8015df937a6c2ed99477f668

SHA256
13f96a2937c0c676a751f9927638f6c0274e2bff8cbc344a59ffffb92698034a

SHA512
ededca7f5447e652910755b8b38121c4201883cd55f48cfae589518ab5630fb579cf688d9120ea6e8aaf57ae866bd64ce7994f28935228ddd22c35359752e6bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6fdb518ff5b0302d0c2046161c1a8252

SHA1
a9bf9158e2164e95d2fc3f6e34976719a2bc99ec

SHA256
3325eebd4e11617058939ca289e8bb9b3c787558e40413048760827f5eae0213

SHA512
f36a1127cd7e55caaf9806cd05a032760aa6a7083ac60aec1f9c8d4866066547e70d891bffe00a7a33ee0241bb6d93c0ba9d920b5f9920180aa2bb636f8fb9b1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
f13c09a7e7d012fbb4a7c9f28ee2c785

SHA1
5429e867e0013d6b4738e486bffcfd4a412aa080

SHA256
71496569e3ee404b3f5bfeccc9dbf643dcc63737ca7ec133a89389e7c03ccc18

SHA512
04a6701a3b6d7aaa00a7e72f073bfe62cb0bc2b5a33b023110432e2d444b58b9018a656a37d6c4b40c35550f906310f23dfa79a370e57e38c7106a04d48efed3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\activity-stream.discovery_stream.json.tmp

Filesize
19KB

MD5
3710dcc23bad0f30d9fd4dac5558d04e

SHA1
db1e18dbe48608f2b704f403dffd91ff8a759cb4

SHA256
194d49e39c86e76e14ef9b32decc6c2b888189ee4f1a8e39a258c4ec92119f04

SHA512
135bb66fe8733e74d6b8b4ea2fa799b44fd772321ed82232e2c57687a39cf4e03b616705f3f5775981af8e93fa2ddce897b4983bdc2eca5e3f8a874b3a6b3631

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
c73a0fca1935122342398874be5305da

SHA1
a72153104d905ee1ee812afc3825ca482364a784

SHA256
e99d9dbd59d3f68c1e8cfde974f153d4698f371f1102ca36f407bb87f991edf5

SHA512
4811edb546b7816fc8420887df236df1523eff4b214f353f7e3acffbdedd10699cc8474aec81fd0993fdaaee0a6c3ae3a5e0bbc62ae3c4c050763b29b48c49fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
2ffbabf2ad30a6509b491c1d4c53ad63

SHA1
5c08ad772fbbb36b72b9db4b41f7e8b2cbb61e6e

SHA256
ef48cf4a11da611063e35c179fba2ea762af9bb858e433d219e104fbf0a0dd98

SHA512
7b446576106e2898441d583ce8b2a998acbe3b4201c820ba5c559c505683b54ae47b2b1c5d72fcd4360469eb14c4982375bb2dc8f0291b77e7ebbd73a0e315db

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
5b622f50b17d39a721350f5077a4efa7

SHA1
c278a79ae653177e9ecfd0d773b70d2d59fdacd0

SHA256
71f24ac39172d56586abd176ff8ff17644414debb6bbcde74527537dfbf3938a

SHA512
0bef643a231e0f421b3b8f493991b60643393c0d4232fb72d2b8244c4f5445d3f95d49afdd2e66d624abac8edbbaad58b3fe2626d60a0d1c0e0bdce48320999d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\startupCache\scriptCache-child.bin

Filesize
486KB

MD5
182245e2424abb1498c41041be3c7716

SHA1
324e21d1e74adbb55071c9df79892aece754fbeb

SHA256
42ff48fd0bc943147ca7ab52d3b46d1beeef06aaec775c33e302effdda976506

SHA512
f28def2b4ce4b8e5ca627904589717d3d5f9643b90cddcb979475c02d25a97cc30818e0c36184c8d83c3b74624a2e3f0745dddca67a0e7c37314baa86ebfb885

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\startupCache\scriptCache.bin

Filesize
8.9MB

MD5
691caad2e42b620e97a8dce4aa41ad61

SHA1
3fb0cc870d17d5cac7987cda5257082496e0452c

SHA256
37a234fdce9b1be57340f249c6ea62c56f72651a5275f5826acab1c660ee736f

SHA512
7c04fb8f353cfe64bed25d38ac00968d527493c367f4b72ce2fef45ebb6c796f6becfec9a3e65d1639be88fd299726c088e5fd99792e720a1dd9f90a44a7e2f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
e767a0b24debbd9bcdefff103bd27730

SHA1
439d5437c114e7e73af434431f9e1e2f4e3e5448

SHA256
526963b909f34c63971c75dbbfd6669fca085382781da1b6bddf913d3e764311

SHA512
8eb8d913fecd4f5e9adc15313b0fe847725d991454dc1472898a75127fd9fde0438f2c526ead3b564b14d1af9a250f9431265eaf1db6359a5f48edbd27371e3d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
9f03df23ff4d13ec07d8a4edc91679dc

SHA1
8fdf8df1718579354970b63eff69434f8eba8791

SHA256
3a75af0d45b64d6e97a5dfef70346d65fcc7039d316405c8599f3ef0cd28c80c

SHA512
6a884ec72c8b3b901e8e53c7848eacf76c3f0777167de94b8ff6b737a6dac7f430afcf7628a36ea41b04b6f01e9e90eb0cfe9ee59899069946da44078cb2a463

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a9bdc4a337ac52003dbc715a30698614

SHA1
aeb08dc630e5383cdea27a9368b9007407920ae7

SHA256
0e880268e192390190a0c129412930ea2e170a77424a34c6136e047295a942d8

SHA512
f5d21dba103a2e35187675d411bf4d77f73416f96315efd58df00b0bd47763e3af3d0ea2882bac833f4b47e7df103b269078ffa38d931cd06ac8345fea737590

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
58ce05c7372c81c9191abbd6f1744af3

SHA1
0ba9b00484c02cb9b69613c61a29e319726090a7

SHA256
c8f7a2371c8c06033376b44ee60924d4be9c7871c99cc9cb4468a65770bafeae

SHA512
6e6cc3efc8ab5e63ce2ad9c4cc35de236e685c8e450c5274004ad597ea423d3f3cf6da6010468ce23eb3033fa1b0f6dd923cd39e502e7626288a4f8b231bf212

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
9f4309b9a87346420e5ccbea798f10c1

SHA1
61a69deffe699f939bceb08f157f03c4c1bb7649

SHA256
12c45d503f9ee8af312d037cf6609b049ded8dff7773100312ac0898a71eb811

SHA512
fe3488312b5dfab8b198c3df95fccb57b8fae760ee6e18b3b086880e07cf0f306ad7021ffbef64d7d2199110425ffd3df1b65c9a3388d9971ec16a4e6b9159f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\AlternateServices.bin

Filesize
6KB

MD5
cf3e11424cb4a72076ade6c16b311977

SHA1
9acb6acc516eac207f1cf19ebc8f22556be2934d

SHA256
9256aa012ada25aecfc31bd414bd964350a5fe626baa8edaea40d6dcb8370e34

SHA512
473f4a52e4457e34f02133ba858ab35990eceeb36f920cfa7c862e68263a3e7cdd56d690f560c79bdb75c6fcb54e52d0dc0f2f83deea3d214403bdbbc7967f34

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\SiteSecurityServiceState.bin

Filesize
858B

MD5
68ae449a66564d9282ae299c76955bb3

SHA1
0aade33975fa71cecf8740c68f6ed4276f6a0053

SHA256
2893fd0a11e60fe7914e281fb4acebc313b9b3ab89374fd352954eb5e43370ad

SHA512
d5f123cbb7ce0034598e4a6d5e43ab2db2c482d555eda2af1ded8200980aea31d2d0d606ce9f3d19c1bafaa741f3e23cc3b5a0278dbf889d00748b0e33419535

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b41ed219e2c8dac47f2701562d092621

SHA1
90d507eae3ec943a121dbe5a080412e40470b54f

SHA256
cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f

SHA512
5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\db\data.safe.bin

Filesize
17KB

MD5
d4f974772c6fbda29ecd6f560e411da9

SHA1
a1cd0325d7e76061512e77c4d3e14f93ab8fb3b4

SHA256
ccd67b59a083acb94eae577e5f6c63aa91d690361772ceffba9ae698d971b989

SHA512
a26d6f03bd413d44d620bc3760794369bdae01ea2797df5edd47bcdc3e4b4ed84b11a884a3031ba692ed1fce17bef28a0d5576b1fb3c19c0955756adc221eb84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
5fc0111cc15140157355b6d0c8d5116c

SHA1
7c0ab73daa72d54c904cf5e322c8e2a32c2321e7

SHA256
7c2f01934767c88bd854f0527c72d46542b49f4207789f4f297bf7aa7273c98a

SHA512
d540b7a2c78d15401575ab8697956d31c509372985ec8b482e6c0acc429e947ca263a5cc0c641628a739995f9738fc7c64dc1b2be64b714abf7365c42e69d7e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
17KB

MD5
e60042c51b8ab516ff0f33c408608d23

SHA1
be20dffb56f2db099f4725fdda5ce6f8b84eba13

SHA256
356ffd68ae4af2f7fb4a9d76b64d35ceddf367d6f49b3d43dd2e249ec8e458c4

SHA512
9553c5ed6484045c4a2ae4beb54c2656d0f0a79baccb62ced19526e49ef29d9b951ae5c3554be2749c5f29a0605de61e052325704b4d2f680135166e67533d0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
17KB

MD5
682fba4ece9f24e682780180f27b95f0

SHA1
968e3fbc07d0dd0834d2982f632b10d8328ff341

SHA256
d36f0afbc2c860d191b7ce8bcc407f033dfee22a46d338cccc1535f2811107e4

SHA512
d067ab7ba63504863bfa076d647c17d5b87ab86032cc02d46d3b19b7fc5ee8efada4f619ee97e0a7841b66fc6f3147a6cebebbfe5af071c79f0ad3880da78e02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
88f2162a656b5f352b185be78b85874c

SHA1
9e1ddad74718bb8d3d42eda765fe2434f6a8c027

SHA256
d221fa01f10bf0bfd9f92d1129dc7108c30e7acb3af2066f0c59e73de7686df8

SHA512
ecb6d02f96405c935b540b13102d73de1197e639a88b117693da7356c40acd92ddee8e2bb43ee5b76a8fb2361b3b04b8feadebd763bc290d4487ce50633d8998

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\events\events

Filesize
104B

MD5
defbf00981795a992d85fe5a8925f8af

SHA1
796910412264ffafc35a3402f2fc1d24236a7752

SHA256
db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d

SHA512
d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\pending_pings\39b7c550-46c9-4da1-88d6-43c6955f4c60

Filesize
982B

MD5
1dd5d2f5095fb4ba6f6757fd100658d7

SHA1
23ced47045be556004a08644da9017ae64fece90

SHA256
d3d7743daaf75141c106b3da6dbefdd14041de0f3c94aad7ca947bbc7390a573

SHA512
8ef45f397567963a435fc2a0944bf7a0c460a5dbe118c79706aa472dd41af16f15ea106ee2768641a34fad1cdd04828c0c38f9026b1e1d334751460f87df98f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\pending_pings\3f8e059d-1164-48e9-beff-dcbca5a3299e

Filesize
659B

MD5
0e5e697ae3076705c0f50a15589a9aae

SHA1
035a74b28ddf8b2f507933e75c89128966cb59ea

SHA256
6d84c552250c5bf86ff844cd6b81f298b66b78bf52d3ddf29cdafa4dc3a15807

SHA512
29900b801968e336527ef2bfd47c5338ee226224942c9e60d8f1ad4a1ffd0d4ab1066816f2e09dfec337ed884c388093b066e051fb8d14ab6e878cd144b5c580

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\pending_pings\45c26faf-69f1-46f5-96f3-84302bf15bb3

Filesize
671B

MD5
bf7269391d7221d40319a78b817d40ad

SHA1
1d910f34c54f52d29e526e4cf8afc93ca21b4a45

SHA256
21516b277142fde2342027796595f4703ef1dfc34d7fb5fcd849e47dfba67b05

SHA512
00525b603e7bb9c5cc38b999094477cad383aa90da3f38a3c87c5c17072d2d68d0022c806b57b9fab32bb36d4666bb97da848427d8afaf333f2efb573e21a2aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\pending_pings\8617e1ee-0452-4212-be0d-afb469966455

Filesize
905B

MD5
bff4038c30f2a318105283753900b9d0

SHA1
343db6272582345c75d3b699dc2442f6b8f6e135

SHA256
d5f24e0c87529b46bfc0c93468d8f2deafca7d698fca26e23fcc54cfc490e23a

SHA512
3b29c12636dacb2150b640ae4b66abe36ac0521672b7ad8919039f39f91418e51067a1a92fea33b329fc46293661761e1b89ede61a19df04ba15de7ab43c0a07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\datareporting\glean\pending_pings\96704d6d-23a4-4759-9ac6-315179f14ee0

Filesize
27KB

MD5
2ed0d80cc8aa5e425db85e284478943b

SHA1
a8cf0a048dc15dd421859c5a4e175d0b757dee38

SHA256
0ec8cc342bfa60ba7fbb316a7952565a8c67d74636a6899298ef1ee6b4855b2a

SHA512
f89a694ea7ba8b9962ebe421a0da8177a87f5f746b265552b1444cd469cab7a21432507d716b12863b17eb1720e013a3fec4132d2f10dba2764de2ea933d1e46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\places.sqlite

Filesize
5.0MB

MD5
f7fc953644c8bc47cc19f1858ddd54fd

SHA1
c4b21bd9bc2962a85860c7749c6258406a573551

SHA256
17999e7449fa270cd8b68a428a8a457373af7184788a107b81c2c8dca1716692

SHA512
fb94f209a174c6b23e017e33f2b578c95355726c7228ad51740667e49c7c2dcbaf1617192f4277c929e8c1aa20225540b8e2b2f1cd162db54bb6c6994c282c02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\prefs-1.js

Filesize
11KB

MD5
f077f94f4900192fd5b038e131b6ae96

SHA1
4bf2521dde35faa503a4e45b500f386ddf518763

SHA256
9225feb03856f09c4bfde4606d90d6c8c893709e57688cd1e3fd63829f4fface

SHA512
782c8dc99b3f431b3c44610536f9f9899925c8f332046944ff5dcbd182eb2aded732f391f52ac11da57a8d70b903346220a07c0690381ff71b9486ecdf87195e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\prefs-1.js

Filesize
11KB

MD5
a1c9cce58eba92860acf8120bc8eefa8

SHA1
59cc33b7e3eb5749c5ebb7094159b35276512b1f

SHA256
433e08c456552938c45e09b6778d1a2c802b6482e1b399f54441533f555efed5

SHA512
371603e3f499342619fe92ff055d0c406d8a5325c6f62b212e416ebae8e380a62ac94e7a7a8c15e3d5796e658981670dc0aa55a5b1a2f5f2f5f2c1ad4e67df05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\prefs.js

Filesize
10KB

MD5
09311e314b8605c1ddd0f7c8919dd428

SHA1
36e685591d2d9ac7ddf451363eb37b7f452161df

SHA256
e91c074e6e42487e2c60dfead6b6504e73191ccd4637155d3c8b87c230ed1a6b

SHA512
c5ce23e1ccc996024532cbbda27eccd8bc57fc6093f01cad917e75c9064f3044ef94bbc7eb8b0db1c977e31a2c4caf961e343925885cc2af2cd4afd303e1236b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\prefs.js

Filesize
11KB

MD5
9dbde3d38675bd043114baf9d19e570e

SHA1
fc184ac31c4e0190a8d3c6be40f3c4f57e86b047

SHA256
274f69506127fb0de7b94162d3a9785b0ccd05c23abf6ad6f2fd572e5cfd7a91

SHA512
e985a8fce2eaa2d3a385dae50e07f2418be5a48c2b309e1199b8fd888edcb3433ee00bfd31f5eb63bde722059f7e6c169f0c27d7f95325604a42380660ff9daa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\protections.sqlite

Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
2bbbd1441febd50c47d81b86156cd378

SHA1
cff51227f6d44e4fe2f2b26b663b8dc3694af040

SHA256
daa530322ead4728578f4a9c6f2b69148e74211e85c601d025ac183dccbaab76

SHA512
b614e72cc553176db7a0b319f68e5ca7eb1faf45c8c7abbebb2fb553a1fdbc7176d55c888add3c77db336dafb3bedbb71f9534c662ca70cdad691fee7903710c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
1dd6420833c9e01e9d470496b397581e

SHA1
037fe79e80cdc6b9bd17a7b7aa4f85719179d198

SHA256
81660462beb256ed7a61cf1f8be98ddd78e2b545dea974be1480908068640465

SHA512
d1e6f5ba3804fa2c86585b7058ea827a3eaa7ce18b34bcff594e8dcdaddad06f5500036131368b105b97adaaaa05b9c9d168f80de95774f65112d747c8f1fa28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\v4jvcrlg.default-release\xulstore.json

Filesize
342B

MD5
49f654e1ae328a347d69a907fe9bcef0

SHA1
ea34fb5fecf40026f2fab193cb470e78357581f3

SHA256
ad5e986296c80e20c6a42b272b4bfc1900e6f0b1e0f6bac4162e0a00e67dcd9b

SHA512
7dc6c9eaf34634301e57b6d17ce76a87682bcbbd9594aa88d767ae3f8bef9fa2e21cf7e12b68d13649d33e1b90bb36bcf0303bce350f6001efaa47ad1ceda06a

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
5.5MB

MD5
d80c8a9879fcea3353a549b900acdf5f

SHA1
30a0b380fa40a44a33a1195c1f43ebbbc4c37c90

SHA256
567deaca0367a638d28f1aed7b0dbb39f6854a34ef5a5699dad9a7bdf9ef9807

SHA512
a3c9efab8b27ac849aa4db5d2b3d52bc66d1d0c78911440062bf0ca49429df9a4c16508eb1bafa518001e07374a55c1df35c071c7f1226f07ec43fb10d299b0a

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
933B

MD5
f97d2e6f8d820dbd3b66f21137de4f09

SHA1
596799b75b5d60aa9cd45646f68e9c0bd06df252

SHA256
0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a

SHA512
efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip

Filesize
12KB

MD5
8ce8fc61248ec439225bdd3a71ad4be9

SHA1
881d4c3f400b74fdde172df440a2eddb22eb90f6

SHA256
15ef265d305f4a1eac11fc0e65515b94b115cf6cbb498597125fa3a8a1af44f5

SHA512
fe66db34bde67304091281872510354c8381f2d1cf053b91dcd2ff16839e6e58969b2c4cb8f70544f5ddef2e7898af18aaaacb074fb2d51883687034ec18cdd9

Download Submit
C:\Users\Admin\Downloads\Memz-Download-v.1.0.zip

Filesize
388B

MD5
76d0a1d84cca5c2404c1799556106891

SHA1
378a662c54fffccc1f2bc3cc72dcbb66e27c2779

SHA256
23b8378ff4073b47a9542c744e506ac2fde0cffba27a5ae8140f3856c9ddb6bf

SHA512
7931c992d09301f22b8c5dc861e35d4e98432f79d2ea48be07e24366ab6302ba8bd2fc85fc8e8af889da46f1588d33419c41afa8f4d46b60ed1d6d50531e3f4c

Download Submit
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 527575.crdownload

Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar

Filesize
17KB

MD5
352c9d71fa5ab9e8771ce9e1937d88e9

SHA1
7ef6ee09896dd5867cff056c58b889bb33706913

SHA256
3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61

SHA512
6c133aa0c0834bf3dbb3a4fb7ff163e3b17ae2500782d6bba72812b4e703fb3a4f939a799eeb17436ea24f225386479d3aa3b81fdf35975c4f104914f895ff23

Download Submit
C:\Users\Admin\Downloads\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
memory/4884-4148-0x0000000073E00000-0x0000000073E22000-memory.dmp

Filesize
136KB

Download
memory/4884-4146-0x0000000073EC0000-0x0000000073F42000-memory.dmp

Filesize
520KB

Download
memory/4884-4270-0x00000000000C0000-0x00000000003BE000-memory.dmp

Filesize
3.0MB

Download
memory/4884-4120-0x0000000073E30000-0x0000000073EB2000-memory.dmp

Filesize
520KB

Download
memory/4884-4144-0x00000000000C0000-0x00000000003BE000-memory.dmp

Filesize
3.0MB

Download
memory/4884-4150-0x0000000073B60000-0x0000000073BD7000-memory.dmp

Filesize
476KB

Download
memory/4884-4149-0x0000000073BE0000-0x0000000073DFC000-memory.dmp

Filesize
2.1MB

Download
memory/4884-4122-0x00000000000C0000-0x00000000003BE000-memory.dmp

Filesize
3.0MB

Download
memory/4884-4147-0x0000000073E30000-0x0000000073EB2000-memory.dmp

Filesize
520KB

Download
memory/4884-4119-0x0000000073BE0000-0x0000000073DFC000-memory.dmp

Filesize
2.1MB

Download
memory/4884-4145-0x0000000073F50000-0x0000000073F6C000-memory.dmp

Filesize
112KB

Download
memory/4884-4153-0x00000000000C0000-0x00000000003BE000-memory.dmp

Filesize
3.0MB

Download
memory/4884-4169-0x00000000000C0000-0x00000000003BE000-memory.dmp

Filesize
3.0MB

Download
memory/4884-4174-0x0000000073BE0000-0x0000000073DFC000-memory.dmp

Filesize
2.1MB

Download
memory/4884-4121-0x0000000073E00000-0x0000000073E22000-memory.dmp

Filesize
136KB

Download
memory/4884-4195-0x00000000000C0000-0x00000000003BE000-memory.dmp

Filesize
3.0MB

Download
memory/4884-4200-0x0000000073BE0000-0x0000000073DFC000-memory.dmp

Filesize
2.1MB

Download
memory/4884-4118-0x0000000073EC0000-0x0000000073F42000-memory.dmp

Filesize
520KB

Download
memory/4884-4258-0x00000000000C0000-0x00000000003BE000-memory.dmp

Filesize
3.0MB

Download
memory/5476-2668-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download